sshcom / privx-on-aws Goto Github PK
View Code? Open in Web Editor NEWPrivX - Just-in-time Access Management
License: Apache License 2.0
privx-on-aws's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
privx-on-aws's Issues
Native clients is an optional feature
We spawn an instance to public subnet, it enables out of the box support for native clients. However, native clients is an optional feature. We might disable them and run the instance in private subnet.
Use CloudWatch to log PrivX events.
Integrate GitHub Actions
Use GitHub Actions instead of travis.
Migrate to v11
route http (80) traffic to PrivX instance
add rule to Http LB to forward port 80 traffic to /authorizer
InDebt alarms are flaky
The threshold and period is misconfigured. The alarms says
Threshold Crossed: 1 datapoint was received for 4 periods and 3 missing datapoints were treated as [NonBreaching].
It should use 5 min period for InDebts alarms
Support native clients
IP traffic on ports 2222 and 3389 has to be routed to PrivX instances.
Deploy without Domain name
As a DevOps
I want to tryout/deploy PrivX without domain name
So that Route53 configuration is not need at beginning.
Error when deploying stack
Hello,
When trying to deploy stack I'm getting an error 'Cannot read property 'split' of undefined
Here is log output:
cdk deploy albertprivxtest18 -c cidr=10.100.0.0/16 -c domain=<mydomain.com> -c [email protected] -c sshkey=test-albert -c name=albertprivxtest18 -vvv --debug
CDK toolkit version: 1.108.0 (build b23f781)
Command line arguments: {
_: [ 'deploy' ],
c: [
'cidr=10.100.0.0/16',
'domain=<mydomain.com>',
'[email protected]',
'sshkey=test-albert',
'name=albertprivxtest18'
],
context: [
'cidr=10.100.0.0/16',
'domain=<mydomain.com>',
'[email protected]',
'sshkey=test-albert',
'name=albertprivxtest18'
],
v: 3,
verbose: 3,
debug: true,
defaultAccount: ############,
defaultRegion: 'us-east-1',
lookups: true,
'ignore-errors': false,
ignoreErrors: false,
json: false,
j: false,
ec2creds: undefined,
i: undefined,
'version-reporting': undefined,
versionReporting: undefined,
'path-metadata': true,
pathMetadata: true,
'asset-metadata': true,
assetMetadata: true,
'role-arn': undefined,
r: undefined,
roleArn: undefined,
staging: true,
'no-color': false,
noColor: false,
fail: false,
all: false,
'build-exclude': [],
E: [],
buildExclude: [],
ci: false,
execute: true,
force: false,
f: false,
parameters: [ {} ],
'previous-parameters': true,
previousParameters: true,
'$0': '/usr/local/bin/cdk',
STACKS: [ 'albertprivxtest18' ],
'S-t-a-c-k-s': [ 'albertprivxtest18' ]
}
CLI argument context: cidr=10.100.0.0/16
CLI argument context: domain=<mydomain.com>
CLI argument context: [email protected]
CLI argument context: sshkey=test-albert
CLI argument context: name=albertprivxtest18
cdk.json: {
"app": "ts-node src/index",
"requireApproval": "never"
}
cdk.context.json: {
"availability-zones:account=############:region=us-east-1": [
"us-east-1a",
"us-east-1b",
"us-east-1c",
"us-east-1d",
"us-east-1e",
"us-east-1f"
],
"hosted-zone:account=############:domainName=<mydomain.com>:region=us-east-1": {
"Id": "/hostedzone/Z06499273BCK97TD82YGA",
"Name": "<mydomain.com>."
}
}
merged settings: {
versionReporting: true,
pathMetadata: true,
output: 'cdk.out',
app: 'ts-node src/index',
requireApproval: 'never',
context: {
cidr: '10.100.0.0/16',
domain: '<mydomain.com>',
email: '[email protected]',
sshkey: 'test-albert',
name: 'albertprivxtest18'
},
debug: true,
assetMetadata: true,
toolkitBucket: {},
staging: true,
bundlingStacks: [ '*' ],
lookups: true
}
Determining if we're on an EC2 instance.
Does not look like an EC2 instance.
Toolkit stack: CDKToolkit
Setting "CDK_DEFAULT_REGION" environment variable to us-east-1
Resolving default credentials
Retrieved account ID ############ from disk cache
Setting "CDK_DEFAULT_ACCOUNT" environment variable to ############
context: {
'availability-zones:account=############:region=us-east-1': [
'us-east-1a',
'us-east-1b',
'us-east-1c',
'us-east-1d',
'us-east-1e',
'us-east-1f'
],
'hosted-zone:account=############:domainName=<mydomain.com>:region=us-east-1': { Id: '/hostedzone/Z06499273BCK97TD82YGA', Name: '<mydomain.com>.' },
cidr: '10.100.0.0/16',
domain: '<mydomain.com>',
email: '[email protected]',
sshkey: 'test-albert',
name: 'albertprivxtest18',
'aws:cdk:enable-path-metadata': true,
'aws:cdk:enable-asset-metadata': true,
'aws:cdk:version-reporting': true,
'aws:cdk:bundling-stacks': [ '*' ]
}
outdir: cdk.out
env: {
CDK_DEFAULT_REGION: 'us-east-1',
CDK_DEFAULT_ACCOUNT: '############',
CDK_DEBUG: 'true',
CDK_CONTEXT_JSON: '{"availability-zones:account=############:region=us-east-1":["us-east-1a","us-east-1b","us-east-1c","us-east-1d","us-east-1e","us-east-1f"],"hosted-zone:account=############:domainName=<mydomain.com>:region=us-east-1":{"Id":"/hostedzone/Z06499273BCK97TD82YGA","Name":"<mydomain.com>."},"cidr":"10.100.0.0/16","domain":"<mydomain.com>","email":"[email protected]","sshkey":"test-albert","name":"albertprivxtest18","aws:cdk:enable-path-metadata":true,"aws:cdk:enable-asset-metadata":true,"aws:cdk:version-reporting":true,"aws:cdk:bundling-stacks":["*"]}',
CDK_OUTDIR: 'cdk.out',
CDK_CLI_ASM_VERSION: '7.0.0',
CDK_CLI_VERSION: '1.108.0'
}
Cannot read property 'split' of undefined
TypeError: Cannot read property 'split' of undefined
at Minimatch.match (/usr/local/lib/node_modules/aws-cdk/node_modules/minimatch/minimatch.js:717:9)
at minimatch (/usr/local/lib/node_modules/aws-cdk/node_modules/minimatch/minimatch.js:107:42)
at CloudAssembly.selectStacks (/usr/local/lib/node_modules/aws-cdk/lib/api/cxapp/cloud-assembly.ts:121:13)
at CdkToolkit.selectStacksForDeploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:385:35)
at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:111:20)
at initCommandLine (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:210:9)
thank you,
Albert Sheynkman
[Feature Request]Add SAML SSO support
SAML SSO will improve security and ease the access to the system.
Fix Retain Policy of EFS
The default AWS CDK implementation uses RETAIN policy. However, our policy is to clean-up everything after the stack is removed.
Clarify the instructions about git checkout process
Update CDK deps to 1.20.0
Allow to re-use existing certificate or create dedicated stack to manage it
Each deployment consumes the account's certificate capacity. By default account is limited to 20 requests.
Document all provisioned resource
Split stack into common resources and actual PrivX app
We have to create a dedicated stack to manage common resources
- AWS Certificate
- EFS
- RDS
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.