Skip to content

01 common tools demo

Jump to bottom
Paul Duvall edited this page Jan 6, 2021 · 50 revisions

AWS Cloud9

Launch a Cloud9 Environment

  1. Go to the AWS Cloud9 console and select Create environment.
  2. Enter a Name and Description (such as #csoa- and your intitials).
  3. Select Next step.
  4. Select Create a new instance for environment (EC2).
  5. Select t2.micro.
  6. Leave the Cost-saving setting at the After 30-minute (default).
  7. Select Next step.
  8. Review best practices and select Create environment.
  9. Once your Cloud environment has been launched, open a new terminal in Cloud9.

Configure Cloud9 to Disable Temporary managed credentials

  1. From your Cloud9 environment, go to Preferences (the gear icon).
  2. Scroll and choose AWS Settings.
  3. Deselect the toggle for AWS Managed temporary credentials.
  4. Sign in to the IAM console.
  5. In the navigation bar, choose Roles.
  6. Choose Create role.
  7. On the Select type of trusted entity page, with AWS service already chosen, for Choose the service that will use this role, choose EC2.
  8. For Select your use case, choose EC2.
  9. Choose Next: Permissions.
  10. On the Attach permissions policies page, in the list of policies, select the box next to AdministratorAccess, and then choose Next: Review.
  11. On the Review page, for Role Name, type a name for the role (for example csoa-cloud9-instance-role).
  12. Choose Create Role.
  13. Sign in to the Amazon EC2 console.
  14. In the navigation bar, be sure the region selector displays the AWS Region that matches the one for your environment.
  15. Choose the Running Instances link or, in the navigation pane, expand Instances, and then choose Instances.
  16. In the list of instances, choose the instance with the Name that includes your environment name.
  17. Choose Actions, Security, Modify IAM Role.
  18. On the Modify IAM Role page, for IAM role, choose the name of the role you identified or that you created in the previous procedure, and then choose Save.

Update your AWS CLI

Cloud9

  1. Open a new terminal tab in your Cloud9 environment.
  2. Run the following commands:
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Type the following to ensure that aws-cli/2.1x is installed.

aws --version

For more information, see Installing, updating, and uninstalling the AWS CLI version 2 on Linux.

Provision Deployment Pipeline for Preventative Checks

Sync the files with your S3 bucket

From your AWS Cloud9 terminal, type the following to setup your directory structure:

mkdir ~/environment/csoa-1
aws s3 mb s3://csoa-1-$(aws sts get-caller-identity --output text --query 'Account')
cd ~/environment/csoa-1

Create empty source files:

touch buildspec.yml
touch csoa-1-cfn-nag-pipeline.yml
touch volume-encrypted.yml
touch volume.yml
  1. Copy the contents from buildspec.yml to your local buildspec.yml file in Cloud9 and save it.
  2. Copy the contents from volume.yml to your local volume.yml file in Cloud9 and save it.
  3. Copy the contents from volume-encrypted.yml to your local volume-encrypted.yml file in Cloud9 and save it.
  4. Copy the source contents from the csoa-1-cfn-nag-pipeline.yml file and save it to your local file in your Cloud9 environment called csoa-1-cfn-nag-pipeline.yml. This CloudFormation template provisions a deployment pipeline that runs preventive checks via cfn_nag.

Launch the CloudFormation stack from the CLI

cd ~/environment/csoa-1
zip csoa-1-examples.zip *.*
aws s3 sync ~/environment/csoa-1 s3://csoa-1-$(aws sts get-caller-identity --output text --query 'Account')

From your Cloud9 terminal, type the following (replacing you@example.com):

aws cloudformation create-stack --stack-name csoa-1-cfn-nag-pipeline --template-body file:///home/ec2-user/environment/csoa-1/csoa-1-cfn-nag-pipeline.yml --parameters ParameterKey=EmailAddress,ParameterValue=you@example.com ParameterKey=CodeCommitS3Bucket,ParameterValue=csoa-1-$(aws sts get-caller-identity --output text --query 'Account') ParameterKey=CodeCommitS3Key,ParameterValue=csoa-1-examples.zip --capabilities CAPABILITY_NAMED_IAM --disable-rollback

It takes about 2 minutes to launch the pipeline and related resources in your AWS account.

Check the status

From your Cloud9 terminal, type the following: aws cloudformation describe-stacks --stack-name csoa-1-cfn-nag-pipeline View the CodeCommit repo

Launch Pipeline

  1. Go to the CloudFormation console to see the stack being launched.
  2. Once the CloudFormation stack is successful, select the checkbox next to the stack and click the Outputs tab.
  3. From Outputs, click on the PipelineUrl output to open the pipeline in AWS CodePipeline

Fix the build

  1. Go to the CodeCommit repo.
  2. Open buildspec.yml and change from volume.yml to volume-encrypted.yml and commit the changes.
  3. Go back to the pipeline you created and watch the change.

View the Source Files

  • In your Cloud9 environment, go to the csoa-1 directory and open each of the files to review the contents.

Delete CloudFormation Stack

  • Once finished reviewing, delete the CloudFormation stack with the command below.
aws cloudformation delete-stack --stack-name csoa-1-cfn-nag-pipeline

Resources

Clone this wiki locally