Skip to content

Instantly share code, notes, and snippets.

@jen20

jen20/gist:28f3d86440730979910ae08c6be61f90 Secret

Created August 4, 2018 17:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jen20/28f3d86440730979910ae08c6be61f90 to your computer and use it in GitHub Desktop.
Save jen20/28f3d86440730979910ae08c6be61f90 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
{
"version": 1,
"deployment": {
"manifest": {
"time": "2018-08-04T12:32:53.979067832-05:00",
"magic": "e56a32b644e870e9f1852a0865c77308bee2ea8dd31e4fe4487a3e9ac5258599",
"version": "v0.14.4-dev-1533103699-g6958ad40",
"plugins": [
{
"name": "nodejs",
"path": "/opt/pulumi/bin/pulumi-language-nodejs",
"type": "language",
"version": "0.14.4-dev-1533103699-g6958ad40"
},
{
"name": "aws",
"path": "/opt/pulumi/bin/pulumi-resource-aws",
"type": "resource",
"version": "0.14.6-dev-1532473423-g4c982c2-dirty"
}
]
},
"resources": [
{
"urn": "urn:pulumi:vault-test-dev::pulumi-vault-test::pulumi:pulumi:Stack::pulumi-vault-test-vault-test-dev",
"custom": false,
"type": "pulumi:pulumi:Stack",
"outputs": {
"keyBucketArn": "arn:aws:s3:::algo-vault-tls-keys",
"keyBucketName": "algo-vault-tls-keys",
"kmsKeyArn": "arn:aws:kms:us-west-2:383023859661:key/153f8252-abaa-43ed-985b-1130ff2bbc1c",
"kmsKeyId": "153f8252-abaa-43ed-985b-1130ff2bbc1c"
},
"dependencies": [],
"initErrors": []
},
{
"urn": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert::algo-vault-lambda-cert",
"custom": false,
"type": "operator-error:aws:LambdaCert",
"inputs": {
"acmeUrl": "https://acme-staging-v02.api.letsencrypt.org/directory",
"adminEmail": "webmaster@operator-error.com",
"baseTags": {
"Project": "Algorithmic Trading V2"
},
"description": "Algos Vault",
"domainNamePrefix": "vault",
"emptyBucketOnDestroy": true,
"route53DomainName": "linedata.technology"
},
"dependencies": [],
"initErrors": []
},
{
"urn": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:iam/role:Role::algo-vault-lambda-cert-function-role",
"custom": true,
"id": "algo-vault-lambda-cert-function-role-7b6368f",
"type": "aws:iam/role:Role",
"inputs": {
"assumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowAssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"forceDetachPolicies": false,
"maxSessionDuration": 3600,
"name": "algo-vault-lambda-cert-function-role-7b6368f",
"path": "/algo-vault/"
},
"outputs": {
"arn": "arn:aws:iam::383023859661:role/algo-vault/algo-vault-lambda-cert-function-role-7b6368f",
"assumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowAssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"createDate": "2018-08-04T17:18:36Z",
"forceDetachPolicies": false,
"id": "algo-vault-lambda-cert-function-role-7b6368f",
"maxSessionDuration": "3600",
"name": "algo-vault-lambda-cert-function-role-7b6368f",
"path": "/algo-vault/",
"uniqueId": "AROAJZD67TN3CCER666ZY"
},
"parent": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert::algo-vault-lambda-cert",
"dependencies": [],
"initErrors": []
},
{
"urn": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:kms/key:Key::algo-vault-lambda-cert-kms-key",
"custom": true,
"id": "153f8252-abaa-43ed-985b-1130ff2bbc1c",
"type": "aws:kms/key:Key",
"inputs": {
"deletionWindowInDays": 7,
"description": "Certificate encryption key for Algos Vault",
"enableKeyRotation": false,
"isEnabled": true,
"policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Delegate Key Access to IAM\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::383023859661:root\"},\"Action\":[\"kms:*\"],\"Resource\":[\"*\"]}]}",
"tags": {
"Name": "Algos Vault TLS Keys",
"Project": "Algorithmic Trading V2"
}
},
"outputs": {
"arn": "arn:aws:kms:us-west-2:383023859661:key/153f8252-abaa-43ed-985b-1130ff2bbc1c",
"deletionWindowInDays": "7",
"description": "Certificate encryption key for Algos Vault",
"enableKeyRotation": false,
"id": "153f8252-abaa-43ed-985b-1130ff2bbc1c",
"isEnabled": true,
"keyId": "153f8252-abaa-43ed-985b-1130ff2bbc1c",
"keyUsage": "ENCRYPT_DECRYPT",
"policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::383023859661:root\"},\"Resource\":\"*\",\"Sid\":\"Delegate Key Access to IAM\"}],\"Version\":\"2012-10-17\"}",
"tags": {
"Name": "Algos Vault TLS Keys",
"Project": "Algorithmic Trading V2"
}
},
"parent": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert::algo-vault-lambda-cert",
"dependencies": [],
"initErrors": []
},
{
"urn": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:s3/bucket:Bucket::algo-vault-lambda-cert-bucket",
"custom": true,
"id": "algo-vault-tls-keys",
"type": "aws:s3/bucket:Bucket",
"inputs": {
"acl": "private",
"bucket": "algo-vault-tls-keys",
"forceDestroy": true,
"tags": {
"Name": "Algos Vault TLS Keys",
"Project": "Algorithmic Trading V2"
}
},
"outputs": {
"accelerationStatus": "",
"acl": "private",
"arn": "arn:aws:s3:::algo-vault-tls-keys",
"bucket": "algo-vault-tls-keys",
"bucketDomainName": "algo-vault-tls-keys.s3.amazonaws.com",
"bucketRegionalDomainName": "algo-vault-tls-keys.s3.us-west-2.amazonaws.com",
"corsRules": [],
"forceDestroy": true,
"hostedZoneId": "Z3BJ6K6RIION7M",
"id": "algo-vault-tls-keys",
"loggings": [],
"region": "us-west-2",
"requestPayer": "BucketOwner",
"tags": {
"Name": "Algos Vault TLS Keys",
"Project": "Algorithmic Trading V2"
},
"versioning": {
"enabled": false,
"mfaDelete": false
}
},
"parent": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert::algo-vault-lambda-cert",
"dependencies": [],
"initErrors": []
},
{
"urn": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:iam/role:Role$aws:iam/rolePolicy:RolePolicy::algo-vault-lambda-cert-function-policy",
"custom": true,
"id": "algo-vault-lambda-cert-function-role-7b6368f:algo-vault-lambda-cert-function-policy-a98a03f",
"type": "aws:iam/rolePolicy:RolePolicy",
"inputs": {
"name": "algo-vault-lambda-cert-function-policy-a98a03f",
"policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowLambdaLogging\",\"Effect\":\"Allow\",\"Action\":[\"logs:CreateLogGroup\",\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Resource\":[\"arn:aws:logs:*:*:*\"]},{\"Sid\":\"AllowEncryptDecrypt\",\"Effect\":\"Allow\",\"Action\":[\"kms:Encrypt\",\"kms:Decrypt\",\"kms:GenerateDataKey\"],\"Resource\":[\"arn:aws:kms:us-west-2:383023859661:key/153f8252-abaa-43ed-985b-1130ff2bbc1c\"]},{\"Sid\":\"AllowDNS01Verification\",\"Effect\":\"Allow\",\"Action\":[\"route53:GetChange\",\"route53:ListHostedZonesByName\"],\"Resource\":[\"*\"]},{\"Sid\":\"AllowDNS01Modification\",\"Effect\":\"Allow\",\"Action\":[\"route53:ChangeResourceRecordSets\"],\"Resource\":[\"arn:aws:route53:::hostedzone/Z20EN7GEH5Q9QY\"]},{\"Sid\":\"AllowBucketReadWrite\",\"Effect\":\"Allow\",\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Resource\":[\"arn:aws:s3:::algo-vault-tls-keys/config/config.json.enc\",\"arn:aws:s3:::algo-vault-tls-keys/vault.linedata.technology/cert.crt\",\"arn:aws:s3:::algo-vault-tls-keys/vault.linedata.technology/cert.key.enc\",\"arn:aws:s3:::algo-vault-tls-keys/vault.linedata.technology/keystore.jks\"]}]}",
"role": "algo-vault-lambda-cert-function-role-7b6368f"
},
"outputs": {
"id": "algo-vault-lambda-cert-function-role-7b6368f:algo-vault-lambda-cert-function-policy-a98a03f",
"name": "algo-vault-lambda-cert-function-policy-a98a03f",
"policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowLambdaLogging\",\"Effect\":\"Allow\",\"Action\":[\"logs:CreateLogGroup\",\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Resource\":[\"arn:aws:logs:*:*:*\"]},{\"Sid\":\"AllowEncryptDecrypt\",\"Effect\":\"Allow\",\"Action\":[\"kms:Encrypt\",\"kms:Decrypt\",\"kms:GenerateDataKey\"],\"Resource\":[\"arn:aws:kms:us-west-2:383023859661:key/153f8252-abaa-43ed-985b-1130ff2bbc1c\"]},{\"Sid\":\"AllowDNS01Verification\",\"Effect\":\"Allow\",\"Action\":[\"route53:GetChange\",\"route53:ListHostedZonesByName\"],\"Resource\":[\"*\"]},{\"Sid\":\"AllowDNS01Modification\",\"Effect\":\"Allow\",\"Action\":[\"route53:ChangeResourceRecordSets\"],\"Resource\":[\"arn:aws:route53:::hostedzone/Z20EN7GEH5Q9QY\"]},{\"Sid\":\"AllowBucketReadWrite\",\"Effect\":\"Allow\",\"Action\":[\"s3:GetObject\",\"s3:PutObject\"],\"Resource\":[\"arn:aws:s3:::algo-vault-tls-keys/config/config.json.enc\",\"arn:aws:s3:::algo-vault-tls-keys/vault.linedata.technology/cert.crt\",\"arn:aws:s3:::algo-vault-tls-keys/vault.linedata.technology/cert.key.enc\",\"arn:aws:s3:::algo-vault-tls-keys/vault.linedata.technology/keystore.jks\"]}]}",
"role": "algo-vault-lambda-cert-function-role-7b6368f"
},
"parent": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:iam/role:Role::algo-vault-lambda-cert-function-role",
"dependencies": [
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:kms/key:Key::algo-vault-lambda-cert-kms-key",
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:s3/bucket:Bucket::algo-vault-lambda-cert-bucket",
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:iam/role:Role::algo-vault-lambda-cert-function-role"
],
"initErrors": []
},
{
"urn": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:lambda/function:Function::algo-vault-lambda-cert-function",
"custom": true,
"id": "algo-vault-lambda-cert-function-5c874c9",
"type": "aws:lambda/function:Function",
"inputs": {
"code": {
"4dabf18193072939515e22adb298388d": "0def7320c3a5731c473e5ecbe6d01bc7",
"hash": "27825ec201b9d84e6aa6ec7cf1649a858ef5b86602f8d2b0adb9b6d5f724ed7d",
"uri": "https://github.com/jen20/lambda-cert/releases/download/v1.1.0/lambda-cert.zip"
},
"description": "Maintain TLS Certificate for Algos Vault",
"environment": {
"variables": {
"ACME_SERVER_URL": "https://acme-staging-v02.api.letsencrypt.org/directory",
"ADMIN_EMAIL": "webmaster@operator-error.com",
"BUCKET_NAME": "algo-vault-tls-keys",
"CERTIFICATE_NAME": "vault.linedata.technology",
"GENERATE_JAVA_KEYSTORE": "false",
"KMS_KEY_ID": "153f8252-abaa-43ed-985b-1130ff2bbc1c"
}
},
"handler": "lambda-cert",
"memorySize": 128,
"name": "algo-vault-lambda-cert-function-5c874c9",
"publish": false,
"role": "arn:aws:iam::383023859661:role/algo-vault/algo-vault-lambda-cert-function-role-7b6368f",
"runtime": "go1.x",
"tags": {
"Name": "Maintain TLS Keys for Algos Vault",
"Project": "Algorithmic Trading V2"
},
"timeout": 300
},
"outputs": {
"arn": "arn:aws:lambda:us-west-2:383023859661:function:algo-vault-lambda-cert-function-5c874c9",
"code": "/var/folders/sx/8xy92hzs08gcds5gmd5gw7z80000gn/T/pulumi-asset-27825ec201b9d84e6aa6ec7cf1649a858ef5b86602f8d2b0adb9b6d5f724ed7d",
"description": "Maintain TLS Certificate for Algos Vault",
"environment": {
"variables": {
"ACME_SERVER_URL": "https://acme-staging-v02.api.letsencrypt.org/directory",
"ADMIN_EMAIL": "webmaster@operator-error.com",
"BUCKET_NAME": "algo-vault-tls-keys",
"CERTIFICATE_NAME": "vault.linedata.technology",
"GENERATE_JAVA_KEYSTORE": false,
"KMS_KEY_ID": "153f8252-abaa-43ed-985b-1130ff2bbc1c"
}
},
"handler": "lambda-cert",
"id": "algo-vault-lambda-cert-function-5c874c9",
"invokeArn": "arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:383023859661:function:algo-vault-lambda-cert-function-5c874c9/invocations",
"kmsKeyArn": "",
"lastModified": "2018-08-04T17:20:09.649+0000",
"memorySize": "128",
"name": "algo-vault-lambda-cert-function-5c874c9",
"publish": false,
"qualifiedArn": "arn:aws:lambda:us-west-2:383023859661:function:algo-vault-lambda-cert-function-5c874c9:$LATEST",
"reservedConcurrentExecutions": "0",
"role": "arn:aws:iam::383023859661:role/algo-vault/algo-vault-lambda-cert-function-role-7b6368f",
"runtime": "go1.x",
"sourceCodeHash": "J4JewgG52E5qpux88WSahY71uGYC+NKwrbm21fck7X0=",
"sourceCodeSize": "12286731",
"tags": {
"Name": "Maintain TLS Keys for Algos Vault",
"Project": "Algorithmic Trading V2"
},
"timeout": "300",
"tracingConfig": {
"mode": "PassThrough"
},
"version": "$LATEST"
},
"parent": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert::algo-vault-lambda-cert",
"dependencies": [
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:iam/role:Role$aws:iam/rolePolicy:RolePolicy::algo-vault-lambda-cert-function-policy",
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:s3/bucket:Bucket::algo-vault-lambda-cert-bucket",
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:kms/key:Key::algo-vault-lambda-cert-kms-key",
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:iam/role:Role::algo-vault-lambda-cert-function-role"
],
"initErrors": []
},
{
"urn": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:cloudwatch/eventRule:EventRule::algo-vault-lambda-cert-schedule",
"custom": true,
"id": "algo-vault-lambda-cert-schedule-aa95a0a",
"type": "aws:cloudwatch/eventRule:EventRule",
"inputs": {
"description": "Check Algos Vault TLS Cert Status",
"isEnabled": true,
"name": "algo-vault-lambda-cert-schedule-aa95a0a",
"scheduleExpression": "rate(12 hours)"
},
"outputs": {
"arn": "arn:aws:events:us-west-2:383023859661:rule/algo-vault-lambda-cert-schedule-aa95a0a",
"description": "Check Algos Vault TLS Cert Status",
"id": "algo-vault-lambda-cert-schedule-aa95a0a",
"isEnabled": true,
"name": "algo-vault-lambda-cert-schedule-aa95a0a",
"roleArn": "",
"scheduleExpression": "rate(12 hours)"
},
"parent": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert::algo-vault-lambda-cert",
"dependencies": [
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:lambda/function:Function::algo-vault-lambda-cert-function"
],
"initErrors": []
},
{
"urn": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:lambda/function:Function$aws:lambda/permission:Permission::algo-vault-lambda-cert-permission",
"custom": true,
"id": "AllowExecutionFromCloudWatch",
"type": "aws:lambda/permission:Permission",
"inputs": {
"action": "lambda:InvokeFunction",
"function": "algo-vault-lambda-cert-function-5c874c9",
"principal": "events.amazonaws.com",
"sourceArn": "arn:aws:events:us-west-2:383023859661:rule/algo-vault-lambda-cert-schedule-aa95a0a",
"statementId": "AllowExecutionFromCloudWatch"
},
"outputs": {
"action": "lambda:InvokeFunction",
"function": "algo-vault-lambda-cert-function-5c874c9",
"id": "AllowExecutionFromCloudWatch",
"principal": "events.amazonaws.com",
"qualifier": "",
"sourceArn": "arn:aws:events:us-west-2:383023859661:rule/algo-vault-lambda-cert-schedule-aa95a0a",
"statementId": "AllowExecutionFromCloudWatch"
},
"parent": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:lambda/function:Function::algo-vault-lambda-cert-function",
"dependencies": [
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:lambda/function:Function::algo-vault-lambda-cert-function",
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:cloudwatch/eventRule:EventRule::algo-vault-lambda-cert-schedule"
],
"initErrors": []
},
{
"urn": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:cloudwatch/eventRule:EventRule$aws:cloudwatch/eventTarget:EventTarget::algo-vault-lambda-cert-target",
"custom": true,
"id": "algo-vault-lambda-cert-schedule-aa95a0a-algo-vault-lambda-cert-function-5c874c9",
"type": "aws:cloudwatch/eventTarget:EventTarget",
"inputs": {
"arn": "arn:aws:lambda:us-west-2:383023859661:function:algo-vault-lambda-cert-function-5c874c9",
"rule": "algo-vault-lambda-cert-schedule-aa95a0a",
"targetId": "algo-vault-lambda-cert-function-5c874c9"
},
"outputs": {
"arn": "arn:aws:lambda:us-west-2:383023859661:function:algo-vault-lambda-cert-function-5c874c9",
"id": "algo-vault-lambda-cert-schedule-aa95a0a-algo-vault-lambda-cert-function-5c874c9",
"input": "",
"inputPath": "",
"roleArn": "",
"rule": "algo-vault-lambda-cert-schedule-aa95a0a",
"targetId": "algo-vault-lambda-cert-function-5c874c9"
},
"parent": "urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:cloudwatch/eventRule:EventRule::algo-vault-lambda-cert-schedule",
"dependencies": [
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:lambda/function:Function::algo-vault-lambda-cert-function",
"urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert$aws:cloudwatch/eventRule:EventRule::algo-vault-lambda-cert-schedule"
],
"initErrors": []
}
]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment