Project

conjur-asset-aws

0.0
Repository is archived
No commit activity in last 3 years
No release in over 3 years
conjur-asset-awsconjurinc/conjur-asset-awsHomepageDocumentationSource CodeBug TrackerWiki
Conjur plugin for integrating with AWS
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
3,390
Stars
3
Forks
0
Watchers
32
 Releases
Current version
0.1.0
Total releases
1
First release
2015-01-15
Latest release
2015-01-15
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-06-17
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.7
conjur-cli
>= 0
rake
~> 10.0
rspec
>= 0
rspec-its
>= 0
simplecov
>= 0

Runtime

aws-sdk-v1
>= 0
conjur-api
>= 0
conjur-asset-host-factory
>= 0
 Project Readme

Conjur::Asset::AWS

Conjur plugin for integrating with AWS. This plugin will upload a host factory token to Amazon S3 and create a new IAM role with read permission on the token, allowing you to launch instances that access the token at launch time.

Installation

For Development

Add this line to your application's Gemfile:

gem 'conjur-asset-aws'

And then execute:

$ bundle

Or install it yourself as:

$ gem install conjur-asset-aws

As a Conjur CLI Plugin

Using the Conjur CLI:

$ conjur plugin install aws

Usage

Creating a Token Link

Before beginning, make sure you've set up your AWS credentials.

Next, you'll need a token from a host factory.

If you have a host factory with an existing token, you can view the token as follows:

$ conjur hostfactory show prod/bastion/v1/factory
{
  "id": "prod/bastion/v1/factory",
  "layers": [
    "prod/bastion/v1"
  ],
  "roleid": "dev:policy:prod/bastion/v1",
  "resourceid": "dev:host_factory:prod/bastion/v1/factory",
  "tokens": [
    {
      "token": "e6p1y91pd1d632s0rcq0321td923hrk45b3d5cy0cf06pvdm2gh8g",
      "expiration": "2015-11-17T19:17:33Z"
    }
  ],
  "deputy_api_key": "26bv56a31qh44x1wfm9871xhmjf42s53b692bbfke22yatjew2tymtgq"
}

If you don't yet have an existing token, you may create a new host factory token:

$ conjur hostfactory tokens create prod/bastion/v1/factory
[
  {
    "token": "e6p1y91pd1d632s0rcq0321td923hrk45b3d5cy0cf06pvdm2gh8g",
    "expiration": "2015-11-17T19:17:33+00:00"
  }
]

The token we will be using from here on out can be found in the "token" JSON field in both of the above examples.

Create a token link, making sure to replace the value of the --bucket parameter with your own bucket in Amazon S3:

$ conjur aws token-link create --bucket my-enterprise-hosts --host-factory-token e6p1y91pd1d632s0rcq0321td923hrk45b3d5cy0cf06pvdm2gh8g
Created Conjur IAM link prod-bastion-v1-factory

After successfully running this command there should be a file in the bucket you've specified named after the host factory which owns the token, containing the value of the token.

Deleting a Token Link

To delete the token link, specify the bucket containing the token link as well as the host factory you wish to remove links from (this will remove the data from S3):

$ conjur aws token-link delete --bucket my-enterprise-hosts --host-factory=prod/bastion/v1/factory
Deleted Conjur IAM link prod-bastion-v1-factory

Contributing

  1. Fork it ( https://github.com/[my-github-username]/conjur-asset-aws/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request