Paul Duvall PaulDuvall

## rotate-secrets-rds.yml
  MyDBInstance:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: 20
      DBInstanceClass: db.t2.micro
      Engine: mysql
      MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref MyRDSInstanceRotationSecret, ':SecretString:username}}' ]]
      MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref MyRDSInstanceRotationSecret, ':SecretString:password}}' ]]
      BackupRetentionPeriod: 0
      DBInstanceIdentifier: 'rotation-instance'

## rotate-secrets-launch-stack.sh
cd ~/environment
aws s3 mb s3://ceoa-3-$(aws sts get-caller-identity --output text --query 'Account')
git clone https://github.com/PaulDuvall/aws-encryption-workshop.git
cd aws-encryption-workshop/lesson3-develop

zip ceoa-3-examples.zip *.*
aws s3 sync /home/ec2-user/environment/aws-encryption-workshop/lesson3-develop s3://ceoa-3-$(aws sts get-caller-identity --output text --query 'Account')

aws cloudformation create-stack --stack-name rds-secrets-rotation --disable-rollback --template-body file:///home/ec2-user/environment/aws-encryption-workshop/lesson3-develop/ceoa-3-rotation-1-pipeline.yml --parameters ParameterKey=EmailAddress,ParameterValue=fake-email@fake-fake-fake-email.com ParameterKey=CodeCommitS3Bucket,ParameterValue=ceoa-3-$(aws sts get-caller-identity --output text --query 'Account') ParameterKey=CodeCommitS3Key,ParameterValue=ceoa-3-examples.zip --capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND --disable-rollback

## get-azs-per-region.py
import boto3

ec2 = boto3.client('ec2')

# Retrieves all regions/endpoints that work with EC2
aws_regions = ec2.describe_regions()

# Get a list of regions and then instantiate a new ec2 client for each region in order to get list of AZs for the region
for region in aws_regions['Regions']:
    my_region_name = region['RegionName']

## gist:2d688224680ed81172912e6d1a9e0cb8
  CodePipelineParameter:
    Type: "AWS::SSM::Parameter"
    Properties:
      Name: "CodePipelineStack"
      Type: "String"
      Value:
        Ref: CodePipelineStack
      Description: "Name of the CodePipeline generated in this CloudFormation template."


## pipeline.yml
  CodeBuildWebsite:
    Type: AWS::CodeBuild::Project
    DependsOn: CodeBuildRole
    Properties:
      Name:
        Ref: AWS::StackName
      Description: Build application
      ServiceRole:
        Fn::GetAtt:
        - CodeBuildRole

## ecs-pipeline-zerojenkins.json
{
  "Description":"Automate provisioning of ECS using CodeBuild with CodePipeline, and CodeCommit. **WARNING** This template creates one or more Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.",
  "AWSTemplateFormatVersion":"2010-09-09",
  "Parameters":{
    "Owner":{
      "Description":"Enter Team or Individual Name Responsible for the Stack.",
      "Type":"String",
      "Default":"FirstName LastName"
    },
    "Project":{
	MyDBInstance:
	Type: AWS::RDS::DBInstance
	Properties:
	AllocatedStorage: 20
	DBInstanceClass: db.t2.micro
	Engine: mysql
	MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref MyRDSInstanceRotationSecret, ':SecretString:username}}' ]]
	MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref MyRDSInstanceRotationSecret, ':SecretString:password}}' ]]
	BackupRetentionPeriod: 0
	DBInstanceIdentifier: 'rotation-instance'
	cd ~/environment
	aws s3 mb s3://ceoa-3-$(aws sts get-caller-identity --output text --query 'Account')
	git clone https://github.com/PaulDuvall/aws-encryption-workshop.git
	cd aws-encryption-workshop/lesson3-develop

	zip ceoa-3-examples.zip .
	aws s3 sync /home/ec2-user/environment/aws-encryption-workshop/lesson3-develop s3://ceoa-3-$(aws sts get-caller-identity --output text --query 'Account')

	aws cloudformation create-stack --stack-name rds-secrets-rotation --disable-rollback --template-body file:///home/ec2-user/environment/aws-encryption-workshop/lesson3-develop/ceoa-3-rotation-1-pipeline.yml --parameters ParameterKey=EmailAddress,ParameterValue=fake-email@fake-fake-fake-email.com ParameterKey=CodeCommitS3Bucket,ParameterValue=ceoa-3-$(aws sts get-caller-identity --output text --query 'Account') ParameterKey=CodeCommitS3Key,ParameterValue=ceoa-3-examples.zip --capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND --disable-rollback
	import boto3

	ec2 = boto3.client('ec2')

	# Retrieves all regions/endpoints that work with EC2
	aws_regions = ec2.describe_regions()

	# Get a list of regions and then instantiate a new ec2 client for each region in order to get list of AZs for the region
	for region in aws_regions['Regions']:
	my_region_name = region['RegionName']
	CodePipelineParameter:
	Type: "AWS::SSM::Parameter"
	Properties:
	Name: "CodePipelineStack"
	Type: "String"
	Value:
	Ref: CodePipelineStack
	Description: "Name of the CodePipeline generated in this CloudFormation template."
	CodeBuildWebsite:
	Type: AWS::CodeBuild::Project
	DependsOn: CodeBuildRole
	Properties:
	Name:
	Ref: AWS::StackName
	Description: Build application
	ServiceRole:
	Fn::GetAtt:
	- CodeBuildRole
	{
	"Description":"Automate provisioning of ECS using CodeBuild with CodePipeline, and CodeCommit. WARNING This template creates one or more Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.",
	"AWSTemplateFormatVersion":"2010-09-09",
	"Parameters":{
	"Owner":{
	"Description":"Enter Team or Individual Name Responsible for the Stack.",
	"Type":"String",
	"Default":"FirstName LastName"
	},
	"Project":{