Systems Manager Parameter store

devopsacademyau / 2020-feb-project1-group2

Creative Commons Attribution Share Alike 4.0 International

0 stars 2 forks source link

Systems Manager Parameter store #21

Open kikobr82 opened 4 years ago

kikobr82 commented 4 years ago

Objectives:

generate 4 empty keys to store wordpress secrets
- /wordpress/WORDPRESS_DB_HOST
- /wordpress/WORDPRESS_DB_USER
- /wordpress/WORDPRESS_DB_PASSWORD
- /wordpress/WORDPRESS_DB_NAME
use aws managed key to encrypt values for these keys. Do it manually through AWS console
make sure to use same values when configuring wordpress image

Acceptance Criteria:

All values in parameter store are encrypted
My ec2 instance can get the values from the Parameter Store

deniseddi commented 4 years ago

To generate 4 keys to store wordpress secrets:

Created four aws ssm parameter resource through Terraform.
- A parameter is a key-value pair for any data that you want to store and reference. You need to specify a name, data type and value for the parameter.
To store an encrypted value:
- set parameter type to “SecureString”
- used the default SSM KMS key
Run terraform init, plan, apply.
To comply with testing requirements, I’ve created an EC2 instance through terraform and attached an IAM role to it. Connected to instance using SSH key and accessed parameter value using the command: <$ aws ssm get-parameters --names "/wordpress/WORDPRESS_DB_NAME" "/wordpress/WORDPRESS_DB_USER" --region ap-southeast-2 --with-decryption>

deniseddi commented 4 years ago

How shoud I name this file? parameter-store.tf ?

kikobr82 commented 4 years ago

That's your decision.. :) file names can change anytime anyway.. no need to worry with that.

Please, create a PR, so we can approve it and merge. Remember to include in the documentation what needs to be done once the terraform code is applied.

deniseddi commented 4 years ago

"Remember to include in the documentation what needs to be done once the terraform code is applied." So, after running terraform apply ?

Create an EC2 instance to test accessing the parameter details?
Encrypt values for these keys manually through AWS console ? (Even though "SecureString" seems to do the job)
Use same "values" when configuring wordpress image ?

Kiko, I am not sure if you meant the above or something else? And does this information to go into the documentation is to be saved in a file annexed to the parameter-store.tf as a README file or in here or elsewhere? Cheers

kikobr82 commented 4 years ago

The EC2 creatio. is just so you can test and validate it's all working, so no need to be done on every deployment.

What you need to include in the README is the steps required to include the right values in those parameters store keys... As you mentioning, if you are doing through the console, those values will be encrypted by default, so no need too have the encryption step included, but how to change the values in the console should be there..

deniseddi commented 4 years ago

For the README

After running terraform apply, in order to include the right values in the parameters store keys or change the values manually:

Log in to AWS console then go to Systems Manager service, which is located under Management & Governance.
Navigate to Parameter Store, under Application Management.
Select the parameter and click “Edit” to change/add the new value. Save changes. Remember to select “SecureString” to encrypt sensitive data using the KMS keys for your account.