treyperrone

## using ubuntu jammy 22 lts docker image

docker pull ubuntu:jammy
apt update
apt install -y curl OR apt install -y wget (wget has less dependencies??)
##% curl dep overlap with azure-cli, so may as well curl?

curl https://releases.hashicorp.com/terraform/1.7.5/terraform_1.7.5_linux_arm.zip > /tmp/terraform.zip
apt install -y unzip
unzip /tmp/terraform.zip -d /usr/local/bin

treyperrone

SCP i have that appears to work:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "ec2:*"
      "Resource": "arn:aws:ec2:*:*:image/ami-*",
 "Condition": {

treyperrone

2024 February

Test various things surrounding deny launch of AMIs via SCPs

Basic setup details:

• primary AWS account with AWS orgs setup acctID xxxxxxxx2016
  • account only has orgs in it and only SCPs in place are a simple denyleavingorgs at root level
• child account created called image-factory acctID xxxxxxxx3352 where AMIs would be created/shared from
• child account created called lab2024 acctID xxxxxxxx6393

treyperrone

2024-02-21

• the lab account policy was not in the prior comments, its the plain jane vanilla default one generated at KMS key creation:

{
    "Id": "key-consolepolicy-3",
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Enable IAM User Permissions",

treyperrone

---
- hosts: all
  vars:
    volumename: f8_ssd
    vcenter_hostname: esxifreename.fqdn
    esxi_hostname: esxifreename.fqdn 
    vm_scsi: paravirtual
    vm_osid: rhel7_64Guest
    template_path_vmdk: template_rhel7.4/rhel7.4_0.vmdk