Skip to content

Commit

Permalink
POC-690: Release v14.2 (#407)
Browse files Browse the repository at this point in the history
* POC-999-update-release-version

* POC-584: update runtime

* Update to RHEL 9 (#397)

* POC-634: Create GitHub Action (#400)

* POC-620: Remove route53 usage (#402)

* POC-620 remove dns from full-pas

* remove DNS

---------

Co-authored-by: ggalfrin <[email protected]>

* POC-684: Delete AIO template (#403)

* POC-620: remove route53 from changelog

* POC-620: remove hosted zone creation

* update to v14.2 (#404)

* update changelog

* update readme

* rephrase

* .

* typos

* refactor indents

* fix indents

---------

Co-authored-by: ggalfrin <[email protected]>
Co-authored-by: ggalfrin <[email protected]>
  • Loading branch information
3 people authored Jun 18, 2024
1 parent f3ad4a8 commit 3660eba
Show file tree
Hide file tree
Showing 9 changed files with 320 additions and 496 deletions.
31 changes: 31 additions & 0 deletions .github/workflows/update_url.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
name: Update URL Version

on: create

env:
GITHUB_TOKEN: ${{ github.token }}

jobs:
build:
name: Update URL Version for Release Branches
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/heads/release/')
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
ssh-key: ${{secrets.ID_GITHUB_ACTIONS}}

- name: Update pas-single-component-deploy.json
uses: restackio/[email protected]
with:
file: azure/pas-single-component-deploy.json
fields: "{\"resources[0].properties.templateLink.uri\": \"https://raw.githubusercontent.com/cyberark/pas-on-cloud/${{github.ref_name}}/azure/nested/psmp-nested-template.json\"}"

- name: Commit changes
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git add azure/pas-single-component-deploy.json
git commit -m "GitHub Action: Update psmp nested template url"
git push
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,15 @@
The AWS Cloud package includes CyberArk PAS products, delivered as AMIs and AWS CloudFormation templates to automate deployment.


## [PAS on Cloud v14.2] (18.6.2024)

### Changed
- #### AWS :
- Lambda functions are running using Python 3.11
- Patches for PAM products will be distributed and supported as images for new deployments.

- PTA & PSMP are deployed on RHEL 9, instead of RHEL 8

## [PAS on Cloud v14.0] (11.1.2024)

### Added
Expand Down
2 changes: 1 addition & 1 deletion aws/DRVault-Single-Deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ Resources:
Type: Custom::FindAMI
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "Vault"
OS: !Ref WinVersion
OwnerAccountId: !Ref CyberarkAccountId
Expand Down
16 changes: 8 additions & 8 deletions aws/Full-PAS-Deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ Resources:
Type: Custom::FindAMI
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "Vault"
OS: !Ref WinVersion
OwnerAccountId: !Ref CyberarkAccountId
Expand All @@ -130,7 +130,7 @@ Resources:
Type: Custom::FindAMI
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "PVWA"
OS: !Ref WinVersion
OwnerAccountId: !Ref CyberarkAccountId
Expand All @@ -141,7 +141,7 @@ Resources:
Type: Custom::FindAMI
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "CPM"
OS: !Ref WinVersion
OwnerAccountId: !Ref CyberarkAccountId
Expand All @@ -152,7 +152,7 @@ Resources:
Type: Custom::FindAMI
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "PSM"
OS: !Ref WinVersion
OwnerAccountId: !Ref CyberarkAccountId
Expand All @@ -163,9 +163,9 @@ Resources:
Type: Custom::FindAMI
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "PSMP"
OS: "RHEL-8"
OS: "RHEL-9"
OwnerAccountId: !Ref CyberarkAccountId
DependsOn:
- LambdaDeployRole
Expand All @@ -174,9 +174,9 @@ Resources:
Type: Custom::FindAMI
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "PTA"
OS: "RHEL-8"
OS: "RHEL-9"
OwnerAccountId: !Ref CyberarkAccountId
DependsOn:
- LambdaDeployRole
Expand Down
14 changes: 7 additions & 7 deletions aws/PAS-Component-Single-Deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ Resources:
Condition: PVWACustomImageEmpty
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "PVWA"
OS: !Ref WinVersion
OwnerAccountId: !Ref CyberarkAccountId
Expand All @@ -100,7 +100,7 @@ Resources:
Condition: CPMCustomImageEmpty
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "CPM"
OS: !Ref WinVersion
OwnerAccountId: !Ref CyberarkAccountId
Expand All @@ -111,7 +111,7 @@ Resources:
Condition: PSMCustomImageEmpty
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "PSM"
OS: !Ref WinVersion
OwnerAccountId: !Ref CyberarkAccountId
Expand All @@ -122,9 +122,9 @@ Resources:
Condition: PSMPCustomImageEmpty
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "PSMP"
OS: "RHEL-8"
OS: "RHEL-9"
OwnerAccountId: !Ref CyberarkAccountId
DependsOn:
- LambdaDeployRole
Expand All @@ -133,9 +133,9 @@ Resources:
Condition: PTACustomImageEmpty
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "PTA"
OS: "RHEL-8"
OS: "RHEL-9"
OwnerAccountId: !Ref CyberarkAccountId
DependsOn:
- LambdaDeployRole
Expand Down
2 changes: 1 addition & 1 deletion aws/Vault-Single-Deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ Resources:
Type: Custom::FindAMI
Properties:
ServiceToken: !GetAtt GetLatestAMILambda.Arn
Version: "14.0"
Version: "14.2"
Component: "Vault"
OS: !Ref WinVersion
OwnerAccountId: !Ref CyberarkAccountId
Expand Down
39 changes: 10 additions & 29 deletions azure/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,37 +17,18 @@ These images later can be used together with deployment scripts above in order t
To copy CyberArk Privileged Access Security solution snapshot and create the images in your Azure subscription, use the import-pas-images.ps1 PowerShell script. Make sure you have all the CyberArk components AccessSAS URLs before executing the script.

## Usage
As a first step customer must receive components AccessSAS.
As a prerequisite to deploy PAM components using the supplied ARM templates, customer must have the compatible images ready in a designated Resource Group in the destination subscription.

This can be achieved by downloading the import-pas-images.ps1 from CyberArk's Marketplace at:
https://cyberark.my.site.com/mplace/s/#software
You should navigate to "Privileged Access Manager Self-Hosted" matching your desired release version.
Under "PAM Self-Hosted on Cloud" > "Share Image on Cloud" > "Share PAM Self-Hosted on Azure", you'll be able to download the required PowerShell script.
Copy import-pas-images.ps1 script to your environment. You can copy it directly to Azure Cloud Shell or to the machine with defined access to your Azure account.
The detailed documentation and helpful notes can be found inside the script, it is already loaded with all the required AccessSAS URLs needed for PAM images import.

import-pas-images.ps1 -location "<Desired Azure location>" [-release] "<PAS release>" [-winVersion] "<Win2016 / Win2019>" [-storageName] "<Custom Storage account>" [-containerName] "<Custom Container>" [-resourceGroupName] "<Custom Resource Group>" [-vaultAccessSAS] "<pas-vault-vXX.X AccessSAS>"
[-vaultDataDiskAccessSAS] "<pas-vaultDataDisk-vXX.X AccessSAS>" [-pvwaAccessSAS] "<pas-pvwa-vXX.X AccessSAS>" [-cpmAccessSAS] "<pas-cpm-vXX.X AccessSAS>"
[-psmAccessSAS] "<pas-psm-vXX.X AccessSAS>" [-psmpAccessSAS] "<pas-psmp-vXX.X AccessSAS>" [-ptaAccessSAS] "<pas-pta-vXX.X AccessSAS>"

Parameters:

| Parameter Name | Required | Default | Comments |
|-------------------------|----------|----------------------|----------|
| location | Yes | None | |
| release | No | **v14.0** | |
| winVersion | No | **win2016** | |
| storageName | No | **cyberarkimages** | |
| containerName | No | **cyberarkimages** | |
| resourceGroupName | No | **Cyberark-Images** | |
| vaultAccessSAS | No | None | |
| vaultDataDiskAccessSAS | No | None | |
| pvwaAccessSAS | No | None | |
| cpmAccessSAS | No | None | |
| psmAccessSAS | No | None | |
| psmpAccessSAS | No | None | |
| ptaAccessSAS | No | None | |

## Notes:
- "release" and "winVersion" parameters are being used in the naming of the vhd files and images created,
it is recommended to specify those to get accurately described images ("winVersion" is irrelevant if only pta/psmp are being imported).
- "storageName", "containerName" and "resourceGroupName" are defaulted to "cyberarkimages", "cyberarkimages" and "Cyberark-Images" respectivly,
and the required objects will be created automatically if needed. Use these only in case you desire to place them in a custom location.
- "vaultAccessSAS" and "vaultDataDiskAccessSAS" are binded together, you must specify both of them or none of them.
As an alternative, you are also offered the option to download a toolkit that will allow you to create PAM component images on your own,
under "PAM Self-Hosted on Cloud" > "Bring Your Own Image" > "PAM_Self-Hosted_on_Azure.zip".
If chosen to use this toolkit, your results would be in the form of an chosen PAM component image, which is ready to use as part of the ARM templates.


## In order to enable PTA with self sign certificate after successful installation please do the below:
Expand Down
Loading

0 comments on commit 3660eba

Please sign in to comment.