security
This commit is contained in:
Bryce Covert
1
.gitignore
vendored
1
.gitignore
vendored
@@ -13,3 +13,4 @@ pom.xml.asc
|
||||
examples/
|
||||
data/
|
||||
\#*\#
|
||||
\.terraform
|
||||
|
||||
73
terraform/main.tf
Normal file
73
terraform/main.tf
Normal file
@@ -0,0 +1,73 @@
|
||||
provider "aws" {}
|
||||
|
||||
data "aws_caller_identity" "current" {}
|
||||
|
||||
resource "aws_ses_receipt_rule_set" "main" {
|
||||
rule_set_name = "default-rule-set"
|
||||
}
|
||||
|
||||
resource "aws_ses_receipt_rule" "store" {
|
||||
depends_on = ["aws_ses_receipt_rule_set.main"]
|
||||
name = "store"
|
||||
rule_set_name = "default-rule-set"
|
||||
recipients = ["invoices@mail.integreat.aws.brycecovertoperations.com"]
|
||||
enabled = true
|
||||
scan_enabled = true
|
||||
|
||||
s3_action {
|
||||
bucket_name = "${aws_s3_bucket.invoices.id}"
|
||||
position = 0
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket" "invoices" {
|
||||
bucket = "integreat-mail-prod"
|
||||
acl = "private"
|
||||
policy = <<EOF
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "AllowSESPuts",
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"Service": "ses.amazonaws.com"
|
||||
},
|
||||
"Action": "s3:PutObject",
|
||||
"Resource": "arn:aws:s3:::integreat-mail-prod/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"aws:Referer": "${data.aws_caller_identity.current.account_id}"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
resource "aws_iam_user" "app_user" {
|
||||
name = "integreat"
|
||||
}
|
||||
|
||||
resource "aws_iam_access_key" "app_user" {
|
||||
user = "${aws_iam_user.app_user.name}"
|
||||
}
|
||||
|
||||
resource "aws_iam_user_policy_attachment" "app_user_policy" {
|
||||
user = "${aws_iam_user.app_user.name}"
|
||||
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
|
||||
}
|
||||
|
||||
output "aws_access_key_id" {
|
||||
value = "${aws_iam_access_key.app_user.id}"
|
||||
}
|
||||
|
||||
output "aws_secret_access_key" {
|
||||
value = "${aws_iam_access_key.app_user.secret}"
|
||||
}
|
||||
|
||||
output "aws_default_region" {
|
||||
value = "us-east-1"
|
||||
}
|
||||
|
||||
192
terraform/terraform.tfstate
Normal file
192
terraform/terraform.tfstate
Normal file
@@ -0,0 +1,192 @@
|
||||
{
|
||||
"version": 3,
|
||||
"terraform_version": "0.11.5",
|
||||
"serial": 7,
|
||||
"lineage": "9b630886-8cee-a57d-c7a2-4f19f13f9c51",
|
||||
"modules": [
|
||||
{
|
||||
"path": [
|
||||
"root"
|
||||
],
|
||||
"outputs": {
|
||||
"aws_access_key_id": {
|
||||
"sensitive": false,
|
||||
"type": "string",
|
||||
"value": "AKIAIRKDGLBX7J7VJZ6Q"
|
||||
},
|
||||
"aws_default_region": {
|
||||
"sensitive": false,
|
||||
"type": "string",
|
||||
"value": "us-east-1"
|
||||
},
|
||||
"aws_secret_access_key": {
|
||||
"sensitive": false,
|
||||
"type": "string",
|
||||
"value": "OtRw2t/xktJBDjP8Jnx1Yf6G+uzBfIkrQEc6nmgo"
|
||||
}
|
||||
},
|
||||
"resources": {
|
||||
"aws_iam_access_key.app_user": {
|
||||
"type": "aws_iam_access_key",
|
||||
"depends_on": [
|
||||
"aws_iam_user.app_user"
|
||||
],
|
||||
"primary": {
|
||||
"id": "AKIAIRKDGLBX7J7VJZ6Q",
|
||||
"attributes": {
|
||||
"id": "AKIAIRKDGLBX7J7VJZ6Q",
|
||||
"secret": "OtRw2t/xktJBDjP8Jnx1Yf6G+uzBfIkrQEc6nmgo",
|
||||
"ses_smtp_password": "ApPp+ffnGJ/nH8OmP/3dB6ASbZDSNPF3sRyRtZNrEl5D",
|
||||
"status": "Active",
|
||||
"user": "integreat"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
},
|
||||
"aws_iam_user.app_user": {
|
||||
"type": "aws_iam_user",
|
||||
"depends_on": [],
|
||||
"primary": {
|
||||
"id": "integreat",
|
||||
"attributes": {
|
||||
"arn": "arn:aws:iam::679918342773:user/integreat",
|
||||
"force_destroy": "false",
|
||||
"id": "integreat",
|
||||
"name": "integreat",
|
||||
"path": "/",
|
||||
"unique_id": "AIDAINFBWI2I7A3TKPGW2"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
},
|
||||
"aws_iam_user_policy_attachment.app_user_policy": {
|
||||
"type": "aws_iam_user_policy_attachment",
|
||||
"depends_on": [
|
||||
"aws_iam_user.app_user"
|
||||
],
|
||||
"primary": {
|
||||
"id": "integreat-20180405235730902200000001",
|
||||
"attributes": {
|
||||
"id": "integreat-20180405235730902200000001",
|
||||
"policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess",
|
||||
"user": "integreat"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
},
|
||||
"aws_s3_bucket.invoices": {
|
||||
"type": "aws_s3_bucket",
|
||||
"depends_on": [
|
||||
"data.aws_caller_identity.current"
|
||||
],
|
||||
"primary": {
|
||||
"id": "integreat-mail-prod",
|
||||
"attributes": {
|
||||
"acceleration_status": "",
|
||||
"acl": "private",
|
||||
"arn": "arn:aws:s3:::integreat-mail-prod",
|
||||
"bucket": "integreat-mail-prod",
|
||||
"bucket_domain_name": "integreat-mail-prod.s3.amazonaws.com",
|
||||
"force_destroy": "false",
|
||||
"hosted_zone_id": "Z3AQBSTGFYJSTF",
|
||||
"id": "integreat-mail-prod",
|
||||
"logging.#": "0",
|
||||
"policy": "{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:Referer\":\"679918342773\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ses.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::integreat-mail-prod/*\",\"Sid\":\"AllowSESPuts\"}],\"Version\":\"2012-10-17\"}",
|
||||
"region": "us-east-1",
|
||||
"replication_configuration.#": "0",
|
||||
"request_payer": "BucketOwner",
|
||||
"server_side_encryption_configuration.#": "0",
|
||||
"tags.%": "0",
|
||||
"versioning.#": "1",
|
||||
"versioning.0.enabled": "false",
|
||||
"versioning.0.mfa_delete": "false",
|
||||
"website.#": "0"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
},
|
||||
"aws_ses_receipt_rule.store": {
|
||||
"type": "aws_ses_receipt_rule",
|
||||
"depends_on": [
|
||||
"aws_s3_bucket.invoices",
|
||||
"aws_ses_receipt_rule_set.main"
|
||||
],
|
||||
"primary": {
|
||||
"id": "store",
|
||||
"attributes": {
|
||||
"add_header_action.#": "0",
|
||||
"bounce_action.#": "0",
|
||||
"enabled": "true",
|
||||
"id": "store",
|
||||
"lambda_action.#": "0",
|
||||
"name": "store",
|
||||
"recipients.#": "1",
|
||||
"recipients.2059710502": "invoices@mail.integreat.aws.brycecovertoperations.com",
|
||||
"rule_set_name": "default-rule-set",
|
||||
"s3_action.#": "1",
|
||||
"s3_action.4268582484.bucket_name": "integreat-mail-prod",
|
||||
"s3_action.4268582484.kms_key_arn": "",
|
||||
"s3_action.4268582484.object_key_prefix": "",
|
||||
"s3_action.4268582484.position": "1",
|
||||
"s3_action.4268582484.topic_arn": "",
|
||||
"scan_enabled": "true",
|
||||
"sns_action.#": "0",
|
||||
"stop_action.#": "0",
|
||||
"tls_policy": "Optional",
|
||||
"workmail_action.#": "0"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
},
|
||||
"aws_ses_receipt_rule_set.main": {
|
||||
"type": "aws_ses_receipt_rule_set",
|
||||
"depends_on": [],
|
||||
"primary": {
|
||||
"id": "default-rule-set",
|
||||
"attributes": {
|
||||
"id": "default-rule-set",
|
||||
"rule_set_name": "default-rule-set"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
},
|
||||
"data.aws_caller_identity.current": {
|
||||
"type": "aws_caller_identity",
|
||||
"depends_on": [],
|
||||
"primary": {
|
||||
"id": "2018-04-05 23:57:10.202315014 +0000 UTC",
|
||||
"attributes": {
|
||||
"account_id": "679918342773",
|
||||
"arn": "arn:aws:iam::679918342773:user/bryce",
|
||||
"id": "2018-04-05 23:57:10.202315014 +0000 UTC",
|
||||
"user_id": "AIDAJPUJFTOKO4IRADMV4"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
}
|
||||
},
|
||||
"depends_on": []
|
||||
}
|
||||
]
|
||||
}
|
||||
119
terraform/terraform.tfstate.backup
Normal file
119
terraform/terraform.tfstate.backup
Normal file
@@ -0,0 +1,119 @@
|
||||
{
|
||||
"version": 3,
|
||||
"terraform_version": "0.11.5",
|
||||
"serial": 7,
|
||||
"lineage": "9b630886-8cee-a57d-c7a2-4f19f13f9c51",
|
||||
"modules": [
|
||||
{
|
||||
"path": [
|
||||
"root"
|
||||
],
|
||||
"outputs": {},
|
||||
"resources": {
|
||||
"aws_s3_bucket.invoices": {
|
||||
"type": "aws_s3_bucket",
|
||||
"depends_on": [
|
||||
"data.aws_caller_identity.current"
|
||||
],
|
||||
"primary": {
|
||||
"id": "integreat-mail-prod",
|
||||
"attributes": {
|
||||
"acceleration_status": "",
|
||||
"acl": "private",
|
||||
"arn": "arn:aws:s3:::integreat-mail-prod",
|
||||
"bucket": "integreat-mail-prod",
|
||||
"bucket_domain_name": "integreat-mail-prod.s3.amazonaws.com",
|
||||
"force_destroy": "false",
|
||||
"hosted_zone_id": "Z3AQBSTGFYJSTF",
|
||||
"id": "integreat-mail-prod",
|
||||
"logging.#": "0",
|
||||
"policy": "{\"Statement\":[{\"Action\":\"s3:PutObject\",\"Condition\":{\"StringEquals\":{\"aws:Referer\":\"679918342773\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ses.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::integreat-mail-prod/*\",\"Sid\":\"AllowSESPuts\"}],\"Version\":\"2012-10-17\"}",
|
||||
"region": "us-east-1",
|
||||
"replication_configuration.#": "0",
|
||||
"request_payer": "BucketOwner",
|
||||
"server_side_encryption_configuration.#": "0",
|
||||
"tags.%": "0",
|
||||
"versioning.#": "1",
|
||||
"versioning.0.enabled": "false",
|
||||
"versioning.0.mfa_delete": "false",
|
||||
"website.#": "0"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
},
|
||||
"aws_ses_receipt_rule.store": {
|
||||
"type": "aws_ses_receipt_rule",
|
||||
"depends_on": [
|
||||
"aws_s3_bucket.invoices",
|
||||
"aws_ses_receipt_rule_set.main"
|
||||
],
|
||||
"primary": {
|
||||
"id": "store",
|
||||
"attributes": {
|
||||
"add_header_action.#": "0",
|
||||
"bounce_action.#": "0",
|
||||
"enabled": "true",
|
||||
"id": "store",
|
||||
"lambda_action.#": "0",
|
||||
"name": "store",
|
||||
"recipients.#": "1",
|
||||
"recipients.2059710502": "invoices@mail.integreat.aws.brycecovertoperations.com",
|
||||
"rule_set_name": "default-rule-set",
|
||||
"s3_action.#": "1",
|
||||
"s3_action.4268582484.bucket_name": "integreat-mail-prod",
|
||||
"s3_action.4268582484.kms_key_arn": "",
|
||||
"s3_action.4268582484.object_key_prefix": "",
|
||||
"s3_action.4268582484.position": "1",
|
||||
"s3_action.4268582484.topic_arn": "",
|
||||
"scan_enabled": "true",
|
||||
"sns_action.#": "0",
|
||||
"stop_action.#": "0",
|
||||
"tls_policy": "Optional",
|
||||
"workmail_action.#": "0"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
},
|
||||
"aws_ses_receipt_rule_set.main": {
|
||||
"type": "aws_ses_receipt_rule_set",
|
||||
"depends_on": [],
|
||||
"primary": {
|
||||
"id": "default-rule-set",
|
||||
"attributes": {
|
||||
"id": "default-rule-set",
|
||||
"rule_set_name": "default-rule-set"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
},
|
||||
"data.aws_caller_identity.current": {
|
||||
"type": "aws_caller_identity",
|
||||
"depends_on": [],
|
||||
"primary": {
|
||||
"id": "2018-04-05 23:38:43.421813463 +0000 UTC",
|
||||
"attributes": {
|
||||
"account_id": "679918342773",
|
||||
"arn": "arn:aws:iam::679918342773:user/bryce",
|
||||
"id": "2018-04-05 23:38:43.421813463 +0000 UTC",
|
||||
"user_id": "AIDAJPUJFTOKO4IRADMV4"
|
||||
},
|
||||
"meta": {},
|
||||
"tainted": false
|
||||
},
|
||||
"deposed": [],
|
||||
"provider": "provider.aws"
|
||||
}
|
||||
},
|
||||
"depends_on": []
|
||||
}
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user