Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial functionality #12

Open
wants to merge 41 commits into
base: develop
Choose a base branch
from
Open

Initial functionality #12

wants to merge 41 commits into from

Conversation

dav3r
Copy link
Member

@dav3r dav3r commented Sep 27, 2024
edited
Loading

🗣 Description

This PR deploys the start of a Cyber Hygiene environment containing:

  • A CyHy VPC
  • A DocumentDB cluster
  • An EC2 instance that is allowed to access the DocumentDB
  • A Lambda that synchronizes KEV data to the DocumentDB

💭 Motivation and context

This PR is not intended to provide a fully functional CyHy environment. No host or vulnerability scanning activity is included here yet. That will be added eventually, but for now, we are using this repo as a way to gradually build and test a cloud-native version of CyHy.

🧪 Testing

I successfully ran a terraform apply in a development environment and confirmed that:

  • The intended resources (VPC, DocumentDB, EC2, Lambda) were created
  • The KEV synchronization Lambda ran successfully on a schedule as intended
  • The EC2 instance was accessible via SSH from a trusted IP (var.ec2_trusted_ingress_cidr_blocks)
  • The DocumentDB was accessible via a mongoDB client (mongosh) on the EC2 instance

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • All new and existing tests pass.

@dav3r dav3r added the improvement This issue or pull request will add or improve functionality, maintainability, or ease of use label Sep 27, 2024
@dav3r dav3r self-assigned this Sep 27, 2024
@dav3r dav3r mentioned this pull request Sep 27, 2024
Open
7 tasks
@dav3r dav3r added the hacktoberfest-accepted Pull request that should count toward Hacktoberfest participation label Oct 1, 2024
jsf9k
jsf9k reviewed Oct 14, 2024
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here are a few things I noticed in my pre-review.

README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Show resolved Hide resolved
cyhy-kevsync-lambda.tf Outdated Show resolved Hide resolved
documentdb.tf Outdated Show resolved Hide resolved
variables.tf Outdated Show resolved Hide resolved
@dav3r dav3r marked this pull request as ready for review October 25, 2024 18:21
@dav3r dav3r mentioned this pull request Nov 5, 2024
Open
7 tasks
@dav3r
Specify backend
9a71ed2
@dav3r
Update variables from skeleton
00f90b7
@dav3r
Define default provider
5f6a052
@dav3r
Update versions
6371941
@dav3r
Use correct default backend bucket
5d76754
@dav3r
Remove an unused Terraform file
881e374
@dav3r
Set up providers
3eab4a1
@dav3r
Replace default variables with more useful ones
f4a17b1
@dav3r
Create VPC and subnets
ccf1b74
@dav3r
Remove example outputs inherited from skeleton
0e72e77
@dav3r
Define a DocumentDB cluster
405c161
@dav3r
Add a required variable for ssh_public_key_path
fcc12d8
@dav3r
Add an EC2 instance
6290d27 
This instance will be used to test access to the DocumentDB database.  It may be deleted later.
@dav3r
Add SG rules to allow the EC2 instance to communicate with the Docume…
765d00a 
…ntDB cluster
@dav3r
Add a locals file and grab the CyHy AWS account ID
04104cb
@dav3r
Add variables related to the cyhy-kevsync Lambda
e2c3ac3
@dav3r
Create a Lambda that runs the cyhy-kevsync-lambda code on a schedule
22f10c1
@dav3r
Initial README updates from skeleton template
90594df
@dav3r
Mention cisagov/cool-accounts-cyhy in the pre-requisites section
02c6fcb
dav3r and others added 22 commits November 15, 2024 11:25
@dav3r
Schedule the kevsync Lambda via an EventBridge expression, as opposed…
4f8086b 
… to scheduling it to run every X minutes.

This allows for more flexibility in scheduling.
@dav3r
Add the .ssh directory to the .gitignore file
327d5ab 
This is to prevent unintentional committing of the SSH credentials created in this repo.
@dav3r
Use an EventBridge TF module instead of doing it myself
7c537c0
@dav3r
Remove examples directory inherited from skeleton
e8e7ea6
@dav3r
Improve comments
3397a6d
@dav3r
Remove the input data to the kevsync Lambda
8fd3f75 
The Lambda no longer requires any event input; it just runs and does it's thang.
@dav3r
Add a new optional variable for the retention duration of CloudWatch …
98a0f3d 
…logs for the kevsync Lambda
@dav3r
Update README with latest output from terraform-docs
b27bb2d 
Also includes an updated variable description to satisfy the markdownlint pre-commit hook.
@dav3r
Correct a note in the README
bc5db67
@dav3r
Add variable to control DocumentDB cluster size
3df9199
@dav3r @jsf9k
Put variable names in backticks
190c7a9 
Co-authored-by: Shane Frasier <[email protected]>
@dav3r @jsf9k
Put variable name in backticks
e8a54bf 
Co-authored-by: Shane Frasier <[email protected]>
@dav3r
Invoke kevsync lamdba to initially load KEV data into the database
1141bf1
@dav3r @jsf9k
Reword a variable description and add a period
e5aebf2 
Co-authored-by: Shane Frasier <[email protected]>
@dav3r
Include the version of the lambda deployment package S3 object in the…
833a4b0 
… kevsync lambda module

This allows Terraform to determine if a new version of the lambda deployment package is present in the bucket and if so, update the lambda function to use it.
@dav3r
Remove a couple of TODO comments
12c29bf
@dav3r
Disable volume tags on the EC2 instance
0feaa66 
We don't need them here and Terraform constantly wanted to add them on every apply, even when they were already present.
@dav3r
Update README to include all Terraform resources
c3e0424
@dav3r
Add some potentially-useful outputs
9cfefc6
@dav3r
Add a blank line per our usual style
7539f4f
@dav3r
Document Terraform outputs in README
81605e1
@dav3r
Remove unused "Examples" section from README
2ef53d9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@dav3r dav3r

Labels
hacktoberfest-accepted Pull request that should count toward Hacktoberfest participation improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
CyHy Cloud
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dav3r @jsf9k