josh-padnick

HealthLine Temp AWS Infrastructure Instructions

We setup a limited version of the infrastructure needed by HealthLine in AWS using Terraform.

Environments

This infrastructure has two environments:

• mgmt: Contains a Bastion Host where you SSH to get access to everything else
• stage: Contains an ECS Cluster running the gruntwork-sample-app

josh-padnick

April 7th 2017

Description

A deserialization vulnerability has been found in the socket appender and socket receiver in Logback, which is used by Play. This affects all versions of Play from 2.0.0 through 2.5.13.

Play includes integration with Logback through SLF4J. Logback has functionality that enables logging events to be sent over a network, using Java Serialization.

Using Logback in Play itself does not result in vulnerability as per the default Play configuration, but if Logback has been specifically configured to use SocketAppender or ServerSocketReceiver, then Play is vulnerable.

josh-padnick

To deploy a change to an app to stage, in the current workflow, you'd do the following:

1. Accept our previous github invitation for user l85m at https://github.com/gruntwork-io
2. git clone https://github.com/gruntwork-io/sample-app-tesla && cd sample-app-tesla
3. docker-compose up
4. Open http://localhost:3000 to see the app.
5. Make whatever changes you want and refresh your browser. A good file to change is app/index.html.
6. git commit -am "some commit message"
7. git push
8. Normally, this would kick off a build in Jenkins which would automatically push a new Docker image to ECR and then auto-deploy to stage or prod. But because we haven't configured Jenkins yet, you would manually deploy as follows:

josh-padnick

2017/04/06 13:34:57 [INFO] Terraform version: 0.9.2  6365269541c8e3150ebe638a5c555e1424071417+CHANGES
2017/04/06 13:34:57 [INFO] Go runtime version: go1.8
2017/04/06 13:34:57 [INFO] CLI args: []string{"/usr/local/bin/terraform", "apply"}
2017/04/06 13:34:57 [DEBUG] Detected home directory from env var: /Users/josh
2017/04/06 13:34:57 [DEBUG] Detected home directory from env var: /Users/josh
2017/04/06 13:34:57 [DEBUG] Attempting to open CLI config file: /Users/josh/.terraformrc
2017/04/06 13:34:57 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2017/04/06 13:34:57 [INFO] CLI command args: []string{"apply"}
2017/04/06 13:34:57 [DEBUG] Detected home directory from env var: /Users/josh
2017/04/06 13:34:57 [DEBUG] command: loading backend config file: /Users/josh/go/src/github.com/gruntwork-io/package-mongodb/examples/mongodb-sharded-cluster

josh-padnick

awk '$1=$1' ORS='' cert.pem

josh-padnick

2017/01/24 16:47:43 [INFO] Terraform version: 0.8.4  a791ff09b29d063dd4b6da0cac04ad3b83c836f5
2017/01/24 16:47:43 [INFO] CLI args: []string{"/usr/local/bin/terraform", "plan"}
2017/01/24 16:47:43 [DEBUG] Detected home directory from env var: /Users/josh
2017/01/24 16:47:43 [DEBUG] Detected home directory from env var: /Users/josh
2017/01/24 16:47:43 [DEBUG] Attempting to open CLI config file: /Users/josh/.terraformrc
2017/01/24 16:47:43 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2017/01/24 16:47:43 [DEBUG] Detected home directory from env var: /Users/josh
2017/01/24 16:47:43 [TRACE] Preserving existing state lineage "53585088-64b1-4b42-859f-b04cf3e2e4aa"
2017/01/24 16:47:43 [TRACE] Preserving existing state lineage "53585088-64b1-4b42-859f-b04cf3e2e4aa"
2017/01/24 16:47:43 [TRACE] Graph after step *terraform.ConfigTransformerOld:

josh-padnick

josh@ip-10-200-0-2 ~/g/s/g/g/m/e/l/elb (add-alb-logs)> terraform apply
2016/12/25 14:10:07 [INFO] Terraform version: 0.8.2
2016/12/25 14:10:07 [INFO] CLI args: []string{"/usr/local/Cellar/terraform/0.8.2/bin/terraform", "apply"}
2016/12/25 14:10:07 [DEBUG] Detected home directory from env var: /Users/josh
2016/12/25 14:10:07 [DEBUG] Detected home directory from env var: /Users/josh
2016/12/25 14:10:07 [DEBUG] Attempting to open CLI config file: /Users/josh/.terraformrc
2016/12/25 14:10:07 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2016/12/25 14:10:07 [DEBUG] Detected home directory from env var: /Users/josh
2016/12/25 14:10:07 [DEBUG] vertex "module.elb_access_logs_bucket": static expanding
.GraphNodeConfigVariable

josh-padnick

SOLR MODULES EXAMPLE
- git repo: infrastructure-live
  - dept1
    - prod-account
      - .terragrunt
      - global
        - iam-groups
        - cloudtrail
      - us-west-2
        - prod

josh-padnick

2016/09/28 15:12:25 [INFO] Terraform version: 0.7.4  
2016/09/28 15:12:25 [INFO] CLI args: []string{"/usr/local/Cellar/terraform/0.7.4/bin/terraform", "apply"}
2016/09/28 15:12:25 [DEBUG] Detected home directory from env var: /Users/josh
2016/09/28 15:12:25 [DEBUG] Detected home directory from env var: /Users/josh
2016/09/28 15:12:25 [DEBUG] Attempting to open CLI config file: /Users/josh/.terraformrc
2016/09/28 15:12:25 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2016/09/28 15:12:25 [DEBUG] Detected home directory from env var: /Users/josh
2016/09/28 15:12:25 [DEBUG] Checking resource noop: aws_s3_bucket.cloudtrail
2016/09/28 15:12:25 [DEBUG] No diff, not a noop
2016/09/28 15:12:25 [DEBUG] Starting graph walk: walkInput

josh-padnick

2016/09/19 14:19:03 [INFO] Terraform version: 0.7.3  0dd7c657d6d60d2e7392b66ae6f74fb84582cab9
2016/09/19 14:19:03 [INFO] CLI args: []string{"/opt/lib/terraform/terraform", "apply"}
2016/09/19 14:19:03 [DEBUG] Detected home directory from env var: /Users/josh
2016/09/19 14:19:03 [DEBUG] Detected home directory from env var: /Users/josh
2016/09/19 14:19:03 [DEBUG] Attempting to open CLI config file: /Users/josh/.terraformrc
2016/09/19 14:19:03 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2016/09/19 14:19:03 [DEBUG] Detected home directory from env var: /Users/josh
2016/09/19 14:19:03 [TRACE] Preserving existing state lineage "74da3ceb-07b6-42c7-bc7a-cd2f6919d606"
2016/09/19 14:19:03 [TRACE] Preserving existing state lineage "74da3ceb-07b6-42c7-bc7a-cd2f6919d606"
2016/09/19 14:19:03 [TRACE] Graph after step *terraform.ConfigTransformer: