Skip to content

Commit

Permalink
initial add of cloudformation for platform seeding purposes
Browse files Browse the repository at this point in the history
  • Loading branch information
@nicholasparks @nbaars
nicholasparks authored and nbaars committed May 21, 2017
1 parent fbb389a commit c3d18d5
Show file tree
Hide file tree
Showing 6 changed files with 396 additions and 0 deletions.
12 changes: 12 additions & 0 deletions buildspec.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
version: 0.1

phases:
build:
commands:
- mvn package

artifacts:
files:
- webgoat-server/target/webgoat-server-8.0-SNAPSHOT.jar
discard-paths: yes

24 changes: 24 additions & 0 deletions platformQuickStarts/AWS/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# AWS

- This contains the various platform Quick Starts for Getting WebGoat Deployed into AWS.
- This IaaS quickstart uses AWS CloudFormation to perform most of the provisioning
- This IaaS quickstart is composed of three independent bundles
- Code pipeline and Build
- Deploying to EC2
- Deploying to ECS



## Code Pipeline and Build

This Quickstart is for those that just want to perform builds with AWS. It uses CodeCommit but can be modified to use GitHub



## EC2

This uses AWS CodePipeline, CodeBuild, and CodeDeploy to land WebGoat to Running EC2 instances

## ECS

This uses AWS CodePipeline, CodeBuild, CodeDeploy, ECR, to update an ECS cluster
101 changes: 101 additions & 0 deletions platformQuickStarts/AWS/codepipelinebuild/01_IAM_codebuild.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "IAM Roles for Code Build WebGoat IaaS Quickstart",
"Parameters": {
"qsS3BucketName": {
"Description": "Name of the S3 Bucket for artifacts",
"Type": "String",
"MinLength": "1"
},
"qsRoleName": {
"Description": "Name of the IAM role that CodeBuild Will Use",
"Type": "String",
"Default": "SimpleCodeBuildRole",
"MinLength": "1"
}
},
"Resources": {
"qsCodeBuildRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"codebuild.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/webgoat/",
"RoleName": {
"Ref": "qsRoleName"
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
"arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess",
"arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess"
],
"Policies": [
{
"PolicyName": "CloudWatchLogs",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
{"Fn::Join": [ "",["arn:aws:logs:*:", { "Ref": "AWS::AccountId" }, ":log-group:/aws/codebuild*" ] ]}
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
}
]
}
},
{
"PolicyName": "S3buckets",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "qsS3BucketName"
},
"*"
]
]
},
"arn:aws:s3:::codepipeline-*"
],
"Action": [
"s3:Put*",
"s3:Get*",
"s3:List*"
]
}
]
}
}
]
}
}
}
}
127 changes: 127 additions & 0 deletions platformQuickStarts/AWS/codepipelinebuild/01_IAM_codepipeline.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "IAM Role for Code Pipeline WebGoat IaaS Quickstart",
"Parameters": {
"qsS3BucketName": {
"Description": "Name of the S3 Bucket for artifacts",
"Type": "String",
"MinLength": "1"
},
"qsRoleName": {
"Description": "Name of the IAM role that CodePipeline Will Use",
"Type": "String",
"Default": "SimpleCodePipelineRole",
"MinLength": "1"
}
},
"Resources": {
"qsCodePipelineRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"Path": "/webgoat/",
"RoleName": {
"Ref": "qsRoleName"
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
"arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess",
"arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess"
],
"Policies": [
{
"PolicyName": "CloudWatchLogsPipeline",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
{"Fn::Join": [ "",["arn:aws:logs:*:", { "Ref": "AWS::AccountId" }, ":log-group:/aws/*" ] ]}
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
}
]
}
},
{
"PolicyName": "MiscComputeOpen",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"lambda:InvokeFunction",
"lambda:ListFunctions",
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*",
"cloudformation:*",
"rds:*",
"sqs:*",
"ecs:*",
"iam:PassRole"
]
}
]
}
},
{
"PolicyName": "S3buckets",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "qsS3BucketName"
},
"*"
]
]
},
"arn:aws:s3:::codepipeline-*",
"arn:aws:s3:::elasticbeanstalk*"
],
"Action": [
"s3:Put*",
"s3:Get*",
"s3:List*"
]
}
]
}
}
]
}
}
}
}
112 changes: 112 additions & 0 deletions platformQuickStarts/AWS/codepipelinebuild/01_codepiplinebuild.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
AWSTemplateFormatVersion: "2010-09-09"

Description: >
AWS Cloud Formation for creating an AWS CodePipeline that checks a git repo for changes and then performs a build using code build
Parameters:
qsPipelineName:
Description: The name of the AWS Code Pipeline
Type: String
Default: WG-pipe
MinLength: 1
qsPipelineRoleARN:
Description: The complete ARN to the IAM role that code pipeline should use
Type: String
MinLength: 1
qsCodeRepo:
Description: The Repository
Type: String
MinLength: 1
qsRepoBranch:
Description: The Branch in the Repository
Type: String
MinLength: 1
qsS3PipelineArtifacts:
Description: Where Code Pipeline will state artifacts in S3
Type: String
MinLength: 1
qsS3CodeBuildArtifacts:
Description: Where Code Build will upload Artifacts can be same as codepipeline
Type: String
MinLength: 1
qsCodeBuildName:
Description: Name of the AWS Code Build
Type: String
Default: WG-builder
MinLength: 1
qsKMSKeyARN:
Description: The KMS ARN that the IAM Role is allowed to use
Type: String
MinLength: 1
qsCodeRoleArn:
Description: The IAM Role ARN for CodePipeline and CodeDeploy
Type: String
MinLength: 1



Resources:




stkcbrCodeBuild:
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
Type: CODEPIPELINE
Description: Builds WebGoat Jar using build file in repo
EncryptionKey: !Ref 'qsKMSKeyARN'
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/java:openjdk-8
Type: LINUX_CONTAINER
Name: !Ref 'qsCodeBuildName'
ServiceRole: !Ref 'qsCodeRoleArn'
TimeoutInMinutes: 10
Source:
Type: CODEPIPELINE



stkcplPipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: !Ref 'qsPipelineName'
RoleArn: !Ref 'qsPipelineRoleARN'
ArtifactStore:
Location: !Ref 'qsS3PipelineArtifacts'
Type: S3
Stages:
- Name: CodeRepo
Actions:
- Name: CodeSource
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeCommit
Version: 1
Configuration:
BranchName: !Ref 'qsRepoBranch'
RepositoryName: !Ref 'qsCodeRepo'
OutputArtifacts:
- Name: MySource
RunOrder: '1'
- Name: Build
Actions:
- Name: CodeBuild
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: 1
InputArtifacts:
- Name: MySource
Configuration:
ProjectName: !Ref stkcbrCodeBuild
OutputArtifacts:
- Name: MyBuild
RunOrder: '2'


Loading

0 comments on commit c3d18d5

Please sign in to comment.