Christopher Johnston chrisj-au
chrisj-au
/ Jenkinsfile
Last active
December 23, 2020 06:28
— forked from gazoakley/Jenkinsfile
Jenkinsfile for running Terraform
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pipeline { | |
| agent any | |
| parameters { | |
| string(name: 'environment', defaultValue: 'default', description: 'Workspace/environment file to use for deployment') | |
| string(name: 'version', defaultValue: '', description: 'Version variable to pass to Terraform') | |
| booleanParam(name: 'autoApprove', defaultValue: false, description: 'Automatically run apply after generating plan?') | |
| } | |
| environment { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "RequireMicroInstanceType", | |
| "Effect": "Deny", | |
| "Action": "ec2:RunInstances", | |
| "Resource": "arn:aws:ec2:*:*:instance/*", | |
| "Condition": { | |
| "StringNotEquals": { |
chrisj-au
/ CFN-CloudWatch.yaml
Created
December 3, 2020 01:04
CloudWatch Metric, Alarm and Event for SNS and Kinesis Firehose
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Example Lambda error tracking using CloudWatch (SNS and Kinesis Firehose targets) | |
| ## Here SNS is for email notification while Firehose is for relaying to Splunk | |
| ## This template is cut and paste from a working template but is untested, it is likely to contain errors. | |
| ## Assumes secret manager for HEC token & parameter store for splunk url | |
| Parameters: | |
| LambdaName: | |
| Type: String | |
| Description: Lambda Name | |
| CreateAlarmSNS: |
chrisj-au
/ Jenkins-DeployECS
Last active
November 27, 2020 01:33
Jenkins pipelines for deploying image to ECS via CodeDeploy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Front end to UAT and Prod deploy pipelines (unifies parameters etc) | |
| def git = new org.arq.git() | |
| def GITHUB_CREDS = 'ghCredentials' | |
| def AWS_CLUSTER_PREFIX = "ecs-" // Prefix Environment | |
| def AWS_REGION = "ap-southeast-2" | |
| def AWS_ROLE = "JenkinsRole" | |
| def AWS_PROD_ACC = [ |
chrisj-au
/ PY-GitHubWebHookToS3.py
Last active
December 3, 2020 01:25
Lambda to save Github webhook payload to s3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Handle payload from GitHub and write to S3 (for future consumption by Splunk) | |
| # - validates payload using key supplied at webhook creation | |
| # - only supports 'branch and tag' webhook from GitHub | |
| # - requires api gateway | |
| # - uses Parameter store to retrieve environment specific details | |
| # - adds details to the payload (ishotfix) | |
| # Could use a re-write especially if being used as an example because the code is fairly shoddy! | |
| import os |
chrisj-au
/ CFN-CodePipelineApprovalAudit.yaml
Last active
November 27, 2020 00:35
Provide auditing on CodePipeline approval gate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CodePipeline does not record gate approval outside of CloudTrail. Includes Lambda to write to S3. Not fully self contained, missing parameters, conditions. | |
| Resources: | |
| PipelineApprovalTrackingBucket: | |
| Type: AWS::S3::Bucket | |
| Condition: ShouldCreateAudit | |
| Properties: | |
| AccessControl: Private | |
| BucketName: |
chrisj-au
/ CFN-ParametersMappingsConditions.yaml
Created
November 27, 2020 00:28
Parameter handling in CloudFormation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Reminder of how to do some basic parameter handling in CFN - not syntatically correct (conditions don't match params etc) just a dump of way to handle things | |
| Parameters: | |
| ProjectName: | |
| Type: String | |
| Default: cicd-terraform | |
| AllowedPattern: [a-zA-Z][a-zA-Z0-9-]* | |
| MinLength: 3 | |
| MaxLength: 64 | |
| Description: Adhere to S3 naming standard; must begin with a letter and contain only alphanumeric characters or hyphens. |
chrisj-au
/ CFN-LambdaErrorNotify.yaml
Last active
November 26, 2020 23:53
CloudFormation: Lambda Error Notification
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Add SNS Notifications of Lambda failures. Only alarms on text sent to CloudWatch logs | |
| Parameters: | |
| AppName: | |
| Type: String | |
| SNSEmail: | |
| Type: String | |
| Resources: | |
| Lambda: | |
| Type: AWS::Serverless::Function |
chrisj-au
/ CFN-SubStringMapping.yaml
Last active
November 27, 2020 00:04
CloudFormation Sub into a string from Map
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Used to provide map values to a long string, e.g. EnvironmentVariables to CodeBuild. | |
| Parameters: | |
| Environment: | |
| Description: Environment to deploy | |
| Type: String | |
| Default: prod | |
| AllowedValues: | |
| - prod | |
| - stage |
chrisj-au
/ TF-NotifyEc2Status.tf
Last active
November 27, 2020 00:19
Terraform event rule notification ec2 spot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Useful if EC2 is using spot pricing, receive a 2 minute warning notification. Also tracks state changes but notification will be incomplete (you should create a 2nd event target) | |
| resource "aws_cloudwatch_event_rule" "ec2spotnotification" { | |
| name = "ec2spotnotification" | |
| description = "2 min warning for when a spot instance is going to be reclaimed" | |
| role_arn = "" | |
| event_pattern = <<EOF | |
| { | |
| "source" : [ "aws.ec2" ], | |
| "detail-type": [ |
NewerOlder