sshcom / privx-on-aws Goto Github PK
View Code? Open in Web Editor NEWPrivX - Just-in-time Access Management
License: Apache License 2.0
PrivX - Just-in-time Access Management
License: Apache License 2.0
We spawn an instance to public subnet, it enables out of the box support for native clients. However, native clients is an optional feature. We might disable them and run the instance in private subnet.
Use GitHub Actions instead of travis.
add rule to Http LB to forward port 80 traffic to /authorizer
The threshold and period is misconfigured. The alarms says
Threshold Crossed: 1 datapoint was received for 4 periods and 3 missing datapoints were treated as [NonBreaching].
It should use 5 min period for InDebts alarms
IP traffic on ports 2222 and 3389 has to be routed to PrivX instances.
As a DevOps
I want to tryout/deploy PrivX without domain name
So that Route53 configuration is not need at beginning.
Hello,
When trying to deploy stack I'm getting an error 'Cannot read property 'split' of undefined
Here is log output:
cdk deploy albertprivxtest18 -c cidr=10.100.0.0/16 -c domain=<mydomain.com> -c [email protected] -c sshkey=test-albert -c name=albertprivxtest18 -vvv --debug
CDK toolkit version: 1.108.0 (build b23f781)
Command line arguments: {
_: [ 'deploy' ],
c: [
'cidr=10.100.0.0/16',
'domain=<mydomain.com>',
'[email protected]',
'sshkey=test-albert',
'name=albertprivxtest18'
],
context: [
'cidr=10.100.0.0/16',
'domain=<mydomain.com>',
'[email protected]',
'sshkey=test-albert',
'name=albertprivxtest18'
],
v: 3,
verbose: 3,
debug: true,
defaultAccount: ############,
defaultRegion: 'us-east-1',
lookups: true,
'ignore-errors': false,
ignoreErrors: false,
json: false,
j: false,
ec2creds: undefined,
i: undefined,
'version-reporting': undefined,
versionReporting: undefined,
'path-metadata': true,
pathMetadata: true,
'asset-metadata': true,
assetMetadata: true,
'role-arn': undefined,
r: undefined,
roleArn: undefined,
staging: true,
'no-color': false,
noColor: false,
fail: false,
all: false,
'build-exclude': [],
E: [],
buildExclude: [],
ci: false,
execute: true,
force: false,
f: false,
parameters: [ {} ],
'previous-parameters': true,
previousParameters: true,
'$0': '/usr/local/bin/cdk',
STACKS: [ 'albertprivxtest18' ],
'S-t-a-c-k-s': [ 'albertprivxtest18' ]
}
CLI argument context: cidr=10.100.0.0/16
CLI argument context: domain=<mydomain.com>
CLI argument context: [email protected]
CLI argument context: sshkey=test-albert
CLI argument context: name=albertprivxtest18
cdk.json: {
"app": "ts-node src/index",
"requireApproval": "never"
}
cdk.context.json: {
"availability-zones:account=############:region=us-east-1": [
"us-east-1a",
"us-east-1b",
"us-east-1c",
"us-east-1d",
"us-east-1e",
"us-east-1f"
],
"hosted-zone:account=############:domainName=<mydomain.com>:region=us-east-1": {
"Id": "/hostedzone/Z06499273BCK97TD82YGA",
"Name": "<mydomain.com>."
}
}
merged settings: {
versionReporting: true,
pathMetadata: true,
output: 'cdk.out',
app: 'ts-node src/index',
requireApproval: 'never',
context: {
cidr: '10.100.0.0/16',
domain: '<mydomain.com>',
email: '[email protected]',
sshkey: 'test-albert',
name: 'albertprivxtest18'
},
debug: true,
assetMetadata: true,
toolkitBucket: {},
staging: true,
bundlingStacks: [ '*' ],
lookups: true
}
Determining if we're on an EC2 instance.
Does not look like an EC2 instance.
Toolkit stack: CDKToolkit
Setting "CDK_DEFAULT_REGION" environment variable to us-east-1
Resolving default credentials
Retrieved account ID ############ from disk cache
Setting "CDK_DEFAULT_ACCOUNT" environment variable to ############
context: {
'availability-zones:account=############:region=us-east-1': [
'us-east-1a',
'us-east-1b',
'us-east-1c',
'us-east-1d',
'us-east-1e',
'us-east-1f'
],
'hosted-zone:account=############:domainName=<mydomain.com>:region=us-east-1': { Id: '/hostedzone/Z06499273BCK97TD82YGA', Name: '<mydomain.com>.' },
cidr: '10.100.0.0/16',
domain: '<mydomain.com>',
email: '[email protected]',
sshkey: 'test-albert',
name: 'albertprivxtest18',
'aws:cdk:enable-path-metadata': true,
'aws:cdk:enable-asset-metadata': true,
'aws:cdk:version-reporting': true,
'aws:cdk:bundling-stacks': [ '*' ]
}
outdir: cdk.out
env: {
CDK_DEFAULT_REGION: 'us-east-1',
CDK_DEFAULT_ACCOUNT: '############',
CDK_DEBUG: 'true',
CDK_CONTEXT_JSON: '{"availability-zones:account=############:region=us-east-1":["us-east-1a","us-east-1b","us-east-1c","us-east-1d","us-east-1e","us-east-1f"],"hosted-zone:account=############:domainName=<mydomain.com>:region=us-east-1":{"Id":"/hostedzone/Z06499273BCK97TD82YGA","Name":"<mydomain.com>."},"cidr":"10.100.0.0/16","domain":"<mydomain.com>","email":"[email protected]","sshkey":"test-albert","name":"albertprivxtest18","aws:cdk:enable-path-metadata":true,"aws:cdk:enable-asset-metadata":true,"aws:cdk:version-reporting":true,"aws:cdk:bundling-stacks":["*"]}',
CDK_OUTDIR: 'cdk.out',
CDK_CLI_ASM_VERSION: '7.0.0',
CDK_CLI_VERSION: '1.108.0'
}
Cannot read property 'split' of undefined
TypeError: Cannot read property 'split' of undefined
at Minimatch.match (/usr/local/lib/node_modules/aws-cdk/node_modules/minimatch/minimatch.js:717:9)
at minimatch (/usr/local/lib/node_modules/aws-cdk/node_modules/minimatch/minimatch.js:107:42)
at CloudAssembly.selectStacks (/usr/local/lib/node_modules/aws-cdk/lib/api/cxapp/cloud-assembly.ts:121:13)
at CdkToolkit.selectStacksForDeploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:385:35)
at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:111:20)
at initCommandLine (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:210:9)
thank you,
Albert Sheynkman
SAML SSO will improve security and ease the access to the system.
The default AWS CDK implementation uses RETAIN policy. However, our policy is to clean-up everything after the stack is removed.
Each deployment consumes the account's certificate capacity. By default account is limited to 20 requests.
We have to create a dedicated stack to manage common resources
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.