aws-account-broker

command module

v0.0.0-...-9adfaef Latest Latest Go to latest Published: Apr 4, 2018 License: CC0-1.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gsa/aws-account-broker

Links

Open Source Insights

README ¶

AWS Account Service Broker

This is an API that creates AWS (sub)accounts in an Organization. The broker conforms to the Open Service Broker API, so is compatible with Cloud Foundry, OpenShift, and Kubernetes.

The use case: you offer one of these platforms, with service brokers for specific databases, etc. Those service brokers will have limitations in the ways the underlying services can be configured, which is fine/desirable in many cases. For those cases where more flexibility is needed, though, this broker offers a trap door for users to get self-service access to full AWS accounts. Since those accounts are under the same Organization, they can be centrally configured with any needed policies, etc.

Setup

Install system dependencies.
1. Go
2. Dep
3. SQLite - Proof of concept testing is using SQLite3 for persistence

Clone the repository.

export GOPATH=~/go # or whatever go workspace you prefer
mkdir -p $GOPATH/src/github.com/GSA
cd $GOPATH/src/github.com/GSA
git clone https://github.com/GSA/aws-account-broker.git
cd aws-account-broker

Install Go package dependencies.
```
dep ensure
```
Compile the broker.
```
go build
```

Setup the database with Proof-of-Concept data.

sqlite3 aws-account-broker.db < poc_data.sql

Alternatively, you can inialize the database with just the schema with no data.
```
sqlite3 aws-account-broker.db < schema.sql
```
Change any settings in the config.toml file. See comments in file for instructions.
You can override the database settings using a DATABASE_URL environment variable. (Note: Only tested with sqlite3).
```
export DATABASE_URL="sqlite3:/tmp/alt_database.db"
```
Pick a base email.
- Email addresses for AWS accounts need to be unique, so BASE_EMAIL (below) will be turned into something+<ID>@some.com. This works in GMail, at the very least - you may need to confirm with your mail provider.

Run the broker.

BASE_EMAIL=something@some.com ./aws-account-broker -user=<a username> -pass=<a password>

Confirm it's running and responding to requests. From another terminal, run:
```
curl --user user:pass -H "X-Broker-API-Version: 2.13" http://localhost:8080/v2/catalog
```
Make sure to use the user and pass that you specified in the run command above.

To create an account (also known as Provisioning):

curl "http://user:pass@localhost:8080/v2/service_instances/<INSTANCE_ID>?accepts_incomplete=true" -d '{
  "service_id": "aws-account-broker",
  "plan_id": "IGNORED",
  "organization_guid": "IGNORED",
  "space_guid": "IGNORED"
}' -X PUT -H "X-Broker-API-Version: 2.13" -H "Content-Type: application/json"

Note that the INSTANCE_ID needs to be unique value for all the accounts in your Organization, as it's used to produce the unique email. The command also contains some dummy parameters - marked as IGNORED - which are required by the API spec but not yet used.

Development

make edits
build and run

go build
BASE_EMAIL=something@some.com ./aws-account-broker -user=<a username> -pass=<a password>

CONTROL+C, then go back to 1

Deploy to Cloud.gov

Initialize the database; For proof-of-concept testing, initialize with the poc_data.sql file, otherwise use the schema.sql file.
```
sqlite3 aws-account-broker.db < poc_data.sql
```
Log in to Cloud.gov and setup the command line. See documentation
For now, target your sandbox
```
cf target -o <ORG> -s <SPACE>
```
Push the app. Note: The app will fail because required environment variables are not set yet.
```
cf push --random-route aws-account-broker
```

Set the environment variables from the command line or Cloud.gov dashboard. environment variables:

cf set-env aws-account-broker BASE_EMAIL ${BASE_EMAIL}
cf set-env aws-account-broker BROKER_USER ${BROKER_USER}
cf set-env aws-account-broker BROKER_PASSWORD ${BROKER_PASSWORD}
cf set-env aws-account-broker AWS_ACCESS_KEY_ID ${AWS_ACCESS_KEY_ID}
cf set-env aws-account-broker AWS_SECRET_ACCESS_KEY ${AWS_SECRET_ACCESS_KEY}

Restage the application
```
cf restage aws-account-broker
```

Get the random route

broker_url=$(cf app aws-account-broker | grep routes: | awk '{print $2}')

Check the service catalog

curl -u ${BROKER_USER}:${BROKER_PASSWORD} -H "X-Broker-API-Version: 2.13" https://${broker_url}/v2/catalog

Check last operation

curl -u ${BROKER_USER}:${BROKER_PASSWORD} -H "X-Broker-API-Version: 2.13" https://${broker_url}/v2/service_instances/gsa-devsecops-test4/last_operation

Register the broker

cf create-service-broker aws-account-broker  \
${BROKER_USER} ${BROKER_PASSWORD} https://${broker_url} \
--space-scoped

Display the broker in marketplace
```
cf marketplace -s aws-broker
```

Create an AWS account.

cf create-service aws-account devsecops gsa-devsecops-test<#>

Check the status of the service
```
cf services gsa-devsecops-test<#>
```

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL