pleme 0.0.32 → 0.0.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 984407e0f9e551544fbef6a4905045adc641bd9c
4
- data.tar.gz: d2ea7f9dc5d16b61e528c26ecfd9ef4220c7444b
3
+ metadata.gz: 8db00856b533ae29bd65d909285f9414b53cf324
4
+ data.tar.gz: 8795bbe8839828c7153611ec8d0005c2926f8fbf
5
5
  SHA512:
6
- metadata.gz: 5f4bd8799e8d10f0a0234e96060ea732ea1cee48254fa810dfecaf47344fc480674d84dec145694106a4f063db05fc69089733bb301a73fd41c667290c463349
7
- data.tar.gz: 441a96465efe0a72d794a75fea0689c991ce87955ab90a4e5a660d2c4666394581b8d69779b598b4ca516681f6ef094868eab39f1ab93ee55aeb1fb1509476af
6
+ metadata.gz: df20e240c929be96b060a3d82a36374f65686ed103a404092c5b77ee5835a4432a7c0e361739ed9355f2e890060f8cb66c1f0d05b01db4c3e23afa2ac01a37d0
7
+ data.tar.gz: 7ba0ef82e054056548572a3828aec45d19654ff8499f73d3d5ac005a4e03aa8eebd28578bb8604896fe20fc30035f45ccac9da036112319791593aed1d8ad6ad
@@ -1,19 +1,49 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- pleme (0.0.30)
4
+ pleme (0.0.39)
5
+ aws-sdk-cloudfront
6
+ aws-sdk-ec2
7
+ aws-sdk-elasticloadbalancingv2
8
+ aws-sdk-elasticsearchservice
9
+ aws-sdk-rds
5
10
  docopt
6
11
 
7
12
  GEM
8
13
  remote: https://rubygems.org/
9
14
  specs:
10
15
  ast (2.4.1)
16
+ aws-eventstream (1.1.0)
17
+ aws-partitions (1.375.0)
18
+ aws-sdk-cloudfront (1.42.0)
19
+ aws-sdk-core (~> 3, >= 3.99.0)
20
+ aws-sigv4 (~> 1.1)
21
+ aws-sdk-core (3.107.0)
22
+ aws-eventstream (~> 1, >= 1.0.2)
23
+ aws-partitions (~> 1, >= 1.239.0)
24
+ aws-sigv4 (~> 1.1)
25
+ jmespath (~> 1.0)
26
+ aws-sdk-ec2 (1.195.0)
27
+ aws-sdk-core (~> 3, >= 3.99.0)
28
+ aws-sigv4 (~> 1.1)
29
+ aws-sdk-elasticloadbalancingv2 (1.51.0)
30
+ aws-sdk-core (~> 3, >= 3.99.0)
31
+ aws-sigv4 (~> 1.1)
32
+ aws-sdk-elasticsearchservice (1.42.0)
33
+ aws-sdk-core (~> 3, >= 3.99.0)
34
+ aws-sigv4 (~> 1.1)
35
+ aws-sdk-rds (1.99.0)
36
+ aws-sdk-core (~> 3, >= 3.99.0)
37
+ aws-sigv4 (~> 1.1)
38
+ aws-sigv4 (1.2.2)
39
+ aws-eventstream (~> 1, >= 1.0.2)
11
40
  backport (1.1.2)
12
41
  benchmark (0.1.0)
13
42
  diff-lcs (1.4.4)
14
43
  docopt (0.6.1)
15
44
  e2mmap (0.1.0)
16
45
  jaro_winkler (1.5.4)
46
+ jmespath (1.4.0)
17
47
  maruku (0.7.3)
18
48
  mini_portile2 (2.4.0)
19
49
  nokogiri (1.10.10)
@@ -0,0 +1,10 @@
1
+ ---
2
+ version: '3.7'
3
+ services:
4
+ mongo:
5
+ image: mongo
6
+ graphql:
7
+ build:
8
+ dockerfile: "../lilitu/Dockerfile"
9
+ context: "."
10
+ target: graphql
data/go.sh ADDED
@@ -0,0 +1,5 @@
1
+ #!/usr/bin/env sh
2
+
3
+ set -e
4
+
5
+ rake install && pleme truvantis scan
@@ -19,9 +19,10 @@ class Cli
19
19
  pleme plan
20
20
  pleme apply
21
21
  pleme destroy
22
- pleme compose up
22
+ pleme compose up [-d]
23
23
  pleme compose down
24
24
  pleme compose build
25
+ pleme truvantis scan
25
26
  DOCOPT
26
27
  end
27
28
 
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Pleme
4
4
  module Gem
5
- VERSION = '0.0.32'
5
+ VERSION = '0.0.40'
6
6
  end
7
7
  end
@@ -8,6 +8,7 @@
8
8
  require 'pleme/plemec_translator'
9
9
  require 'yaml'
10
10
  require 'json'
11
+ require 'pleme/scanner'
11
12
 
12
13
  class Runner
13
14
  def initialize
@@ -27,7 +28,7 @@ class Runner
27
28
  # pipe hash to yaml without
28
29
  # weird symbol issues
29
30
  def yamilify(rhash)
30
- YAML.safe_load(JSON.parse(rhash.to_json)).to_yaml
31
+ JSON.parse(rhash.to_json).to_yaml
31
32
  end
32
33
 
33
34
  def run(spec)
@@ -36,10 +37,11 @@ class Runner
36
37
  @spec = spec if @spec.nil?
37
38
  dotfiles(spec) if spec[:dotfiles]
38
39
 
39
- if spec[:compose]
40
- compose(:up) if spec[:up]
41
- compose(:down) if spec[:down]
42
- compose(:build) if spec[:build]
40
+ compose if spec[:compose]
41
+
42
+ if spec[:truvantis] && spec[:scan]
43
+ scan = Scanner.new.truvantis_public_scan
44
+ File.write('truvantis_scan.json', JSON.pretty_generate(scan))
43
45
  end
44
46
  end
45
47
 
@@ -52,16 +54,15 @@ class Runner
52
54
  hax_portal
53
55
  end
54
56
 
55
- def compose(direction)
57
+ def compose
56
58
  config = read_config
57
59
  $logger.info config
58
60
  config[:pleme][:environment].keys.each do |env|
59
61
  config[:pleme][:environment][env].keys.each do |param|
60
62
  case param
61
63
  when :compose
62
- $logger.info env
63
64
  File.write('docker-compose.yml', yamilify(config[:pleme][:environment][env][:compose]))
64
- sh "docker-compose #{direction}"
65
+ sh "docker-compose #{ARGV[1..-1].join(' ')}"
65
66
  end
66
67
  end
67
68
  end
@@ -0,0 +1,205 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'aws-sdk-cloudfront'
4
+ require 'aws-sdk-ec2'
5
+ require 'aws-sdk-elasticloadbalancingv2'
6
+ require 'aws-sdk-elasticsearchservice'
7
+ require 'aws-sdk-rds'
8
+ require 'json'
9
+
10
+ # scan stuff
11
+ class Scanner
12
+ # There is no logic in this scan that would pick up
13
+ # services we are currently not using that may have
14
+ # the potential to create new public endpoints.
15
+ # for example, we do not use dynamodb but it could have public endpoints if
16
+ # we did begin using it.
17
+ #
18
+ # services chosen to be scanned here are the intersection of what we use
19
+ # and what I suspect has public ips.
20
+ def truvantis_public_scan(aws_access_key_id: nil, aws_secret_access_key: nil)
21
+ aws_access_key_id = ENV['AWS_ACCESS_KEY_ID'] if aws_access_key_id.nil?
22
+ aws_secret_access_key = ENV['AWS_SECRET_ACCESS_KEY'] if aws_secret_access_key.nil?
23
+
24
+ ###########################################################################
25
+ # cloudfront
26
+ ###########################################################################
27
+
28
+ report = {}
29
+ report[:cloudfront] = {}
30
+ report[:cloudfront][:distributions] = {}
31
+
32
+ region = ENV['AWS_REGION'] ||
33
+ ENV['AWS_DEFAULT_REGION'] ||
34
+ 'us-east-1'
35
+
36
+ credentials = Aws::Credentials.new(aws_access_key_id, aws_secret_access_key)
37
+ cf_client = Aws::CloudFront::Client.new(region: region, credentials: credentials)
38
+ cf_set = cf_client.list_distributions.distribution_list.to_h
39
+
40
+ # get the domain name which may be public
41
+ # attach the arn for unique object identification as it may be useful to truvantis
42
+ # attach aliases to potentially be scanned as well
43
+ cf_set[:items].each do |item|
44
+ report[:cloudfront][:distributions] = { (item[:id]).to_s => {
45
+ domain: item[:domain_name],
46
+ arn: item[:arn],
47
+ aliases: item[:aliases]
48
+ } }
49
+ end
50
+
51
+ # I purposefully did not include origin endpoints
52
+ # as those will always be either an EIP, Instance, or LB
53
+ # all of which are included in more downstream scans
54
+
55
+ ###########################################################################
56
+ # ec2
57
+ ###########################################################################
58
+ # any public instances and interfaces
59
+
60
+ report[:ec2] = {}
61
+ report[:ec2][:instances] = {}
62
+
63
+ ec2_client = Aws::EC2::Client.new(region: region, credentials: credentials)
64
+
65
+ inst_set = ec2_client.describe_instances.to_h[:reservations]
66
+ inst_set.each do |reservation|
67
+ reservation[:instances].each do |instance|
68
+ # record instance public_ip
69
+ report[:ec2][:instances][(instance[:instance_id]).to_s] = { public_ip: instance[:public_ip] }
70
+
71
+ # record a few things about the instance that may be useful
72
+ report[:ec2][:instances][(instance[:instance_id]).to_s] = \
73
+ { public_dns_name: instance[:public_dns_name] }
74
+
75
+ # instances might have network_interfaces attached
76
+ next unless instance[:network_interfaces].any?
77
+
78
+ # check for important things in each interface
79
+ instance[:network_interfaces].each do |net_inter|
80
+ next if net_inter[:association].nil?
81
+
82
+ report[:ec2][:instances][(instance[:instance_id]).to_s] = \
83
+ { network_interface: {
84
+ carrier_ip: net_inter[:association][:carrier_ip],
85
+ public_ip: net_inter[:association][:public_ip]
86
+ } }
87
+ end
88
+ end
89
+ end
90
+
91
+ ###########################################################################
92
+ # load balancers
93
+ ###########################################################################
94
+ # any public instances and interfaces
95
+
96
+ report[:lb] = {}
97
+ report[:lb][:load_balancers] = {}
98
+
99
+ lb_client = Aws::ElasticLoadBalancingV2::Client.new(region: region, credentials: credentials)
100
+
101
+ # I am including internal facing load balancers and
102
+ # truvantis can filter out internals
103
+ lb_set = lb_client.describe_load_balancers.to_h
104
+ lb_set[:load_balancers].each do |lb|
105
+ report[:lb][:load_balancers][(lb[:load_balancer_name]).to_s] = {
106
+ dns_name: lb[:dns_name],
107
+ scheme: lb[:scheme],
108
+ type: lb[:type]
109
+ }
110
+ report[:lb][:load_balancers][(lb[:load_balancer_name]).to_s][:addresses] = []
111
+
112
+ # gather actual ip addresses as well
113
+ lb[:availability_zones].each do |zone|
114
+ zone[:load_balancer_addresses].each do |addy|
115
+ report[:lb][:load_balancers][(lb[:load_balancer_name]).to_s][:addresses] << addy[:ip_address]
116
+ end
117
+ end
118
+ end
119
+
120
+ ###########################################################################
121
+ # elastic ips
122
+ ###########################################################################
123
+ # uses ec2 client and weird method describe_addresses
124
+ report[:eips] = []
125
+
126
+ # grab public ips for eips
127
+ ec2_client.describe_addresses.to_h[:addresses].each do |addy|
128
+ report[:eips] << addy[:public_ip] if addy[:public_ip]
129
+ end
130
+
131
+ ###########################################################################
132
+ # network interfaces
133
+ ###########################################################################
134
+ # uses ec2 client and describe_network_interfaces
135
+
136
+ report[:network_interfaces] = {}
137
+ ec2_client.describe_network_interfaces.to_h[:network_interfaces].each do |net_inter|
138
+ next if net_inter[:association].nil?
139
+
140
+ report[:network_interfaces][(net_inter[:network_interface_id]).to_s] = {
141
+ association: {
142
+ public_ip: net_inter[:association][:public_ip],
143
+ public_dns_name: net_inter[:association][:public_dns_name]
144
+ }
145
+ }
146
+
147
+ # apparently private_ip_address associations can have public ips
148
+ # grab any of those endpoints if any exist
149
+ next unless net_inter[:private_ip_addresses].any?
150
+
151
+ net_inter[:private_ip_addresses].each do |pia|
152
+ next if report[:network_interfaces][(net_inter[:network_interface_id]).to_s][:private_ip_addresses].nil?
153
+ next unless report[:network_interfaces][(net_inter[:network_interface_id]).to_s][:private_ip_addresses].any?
154
+
155
+ report[:network_interfaces][(net_inter[:network_interface_id]).to_s]\
156
+ [:private_ip_addresses] << {
157
+ public_dns_name: pia[:association][:public_dns_name],
158
+ public_ip: pia[:association][:public_ip]
159
+ }
160
+ end
161
+ end
162
+
163
+ ###########################################################################
164
+ # elasticsearch as a service may have public endpoints
165
+ ###########################################################################
166
+ # Aws::ElasticsearchService and describe elasticsearch domains
167
+
168
+ es_client = Aws::ElasticsearchService::Client.new(region: region, credentials: credentials)
169
+
170
+ domain_names = []
171
+ es_client.list_domain_names.to_h[:domain_names].each do |dn|
172
+ domain_names << dn[:domain_name]
173
+ end
174
+
175
+ report[:es] = {}
176
+ es_client.describe_elasticsearch_domains(domain_names: domain_names).to_h[:domain_status_list].each do |domain|
177
+ report[:es][(domain[:domain_id]).to_s] = { endpoints: domain[:endpoints] }
178
+ end
179
+
180
+ ###########################################################################
181
+ # rds
182
+ ###########################################################################
183
+ # databases may have public endpoints
184
+ rds_client = Aws::RDS::Client.new(region: region, credentials: credentials)
185
+ rds_set = rds_client.describe_db_instances.to_h
186
+ unless rds_set[:db_instances].nil?
187
+ if rds_set[:db_instances].any?
188
+ report[:rds] = {}
189
+ rds_set[:db_instances].each do |dbi|
190
+ report[:rds][(dbi[:db_instance_arn]).to_s] = { endpoint: dbi[:endpoint] }
191
+ end
192
+ end
193
+ end
194
+
195
+ ###########################################################################
196
+ # bonus: open security groups and their associated resources
197
+ ###########################################################################
198
+
199
+ ###########################################################################
200
+ # bonus: open network acls
201
+ ###########################################################################
202
+
203
+ report
204
+ end
205
+ end
@@ -20,6 +20,11 @@ Gem::Specification.new do |spec|
20
20
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
21
21
  spec.require_paths = ['lib']
22
22
  spec.required_ruby_version = '>= 2.4.0'
23
+ spec.add_dependency('aws-sdk-cloudfront')
24
+ spec.add_dependency('aws-sdk-ec2')
25
+ spec.add_dependency('aws-sdk-elasticloadbalancingv2')
26
+ spec.add_dependency('aws-sdk-elasticsearchservice')
27
+ spec.add_dependency('aws-sdk-rds')
23
28
  spec.add_dependency('docopt')
24
29
  spec.add_development_dependency('rake')
25
30
  spec.add_development_dependency('rspec')
@@ -0,0 +1,25 @@
1
+ # frozen_string_literal: true
2
+
3
+ ####################################################
4
+ # basic resource schema
5
+ ####################################################
6
+ # pleme :resource_type, :resource_virtual_name do
7
+ # params
8
+ # end
9
+ ####################################################
10
+
11
+ pleme :environment, :dev do
12
+ app :lilitu
13
+ infra resource: :new
14
+ compose version: '3.7',
15
+ services: {
16
+ mongo: { image: 'mongo' },
17
+ graphql: {
18
+ build: {
19
+ dockerfile: '../lilitu/Dockerfile',
20
+ context: '.',
21
+ target: 'graphql'
22
+ }
23
+ }
24
+ }
25
+ end
@@ -0,0 +1,913 @@
1
+ {
2
+ "id": "E1IDK8V7MGA46A",
3
+ "arn": "arn:aws:cloudfront::373533792662:distribution/E1IDK8V7MGA46A",
4
+ "status": "Deployed",
5
+ "last_modified_time": "2019-08-10 02:32:52 UTC",
6
+ "domain_name": "d3o2mwpz5n87n0.cloudfront.net",
7
+ "aliases": {
8
+ "quantity": 2,
9
+ "items": [
10
+ "jedha.tapresearch.com",
11
+ "cdn.je.tapresearch.com"
12
+ ]
13
+ },
14
+ "origins": {
15
+ "quantity": 1,
16
+ "items": [
17
+ {
18
+ "id": "je-cloudfront-raynor",
19
+ "domain_name": "lb.je.tapresearch.io",
20
+ "origin_path": "",
21
+ "custom_headers": {
22
+ "quantity": 0
23
+ },
24
+ "custom_origin_config": {
25
+ "http_port": 80,
26
+ "https_port": 443,
27
+ "origin_protocol_policy": "https-only",
28
+ "origin_ssl_protocols": {
29
+ "quantity": 1,
30
+ "items": [
31
+ "TLSv1.2"
32
+ ]
33
+ },
34
+ "origin_read_timeout": 60,
35
+ "origin_keepalive_timeout": 60
36
+ },
37
+ "connection_attempts": 3,
38
+ "connection_timeout": 10
39
+ }
40
+ ]
41
+ },
42
+ "origin_groups": {
43
+ "quantity": 0
44
+ },
45
+ "default_cache_behavior": {
46
+ "target_origin_id": "je-cloudfront-raynor",
47
+ "trusted_signers": {
48
+ "enabled": false,
49
+ "quantity": 0
50
+ },
51
+ "viewer_protocol_policy": "redirect-to-https",
52
+ "allowed_methods": {
53
+ "quantity": 7,
54
+ "items": [
55
+ "HEAD",
56
+ "DELETE",
57
+ "POST",
58
+ "GET",
59
+ "OPTIONS",
60
+ "PUT",
61
+ "PATCH"
62
+ ],
63
+ "cached_methods": {
64
+ "quantity": 2,
65
+ "items": [
66
+ "HEAD",
67
+ "GET"
68
+ ]
69
+ }
70
+ },
71
+ "smooth_streaming": false,
72
+ "compress": true,
73
+ "lambda_function_associations": {
74
+ "quantity": 0
75
+ },
76
+ "field_level_encryption_id": "",
77
+ "forwarded_values": {
78
+ "query_string": true,
79
+ "cookies": {
80
+ "forward": "all"
81
+ },
82
+ "headers": {
83
+ "quantity": 1,
84
+ "items": [
85
+ "*"
86
+ ]
87
+ },
88
+ "query_string_cache_keys": {
89
+ "quantity": 0
90
+ }
91
+ },
92
+ "min_ttl": 0,
93
+ "default_ttl": 86400,
94
+ "max_ttl": 31536000
95
+ },
96
+ "cache_behaviors": {
97
+ "quantity": 2,
98
+ "items": [
99
+ {
100
+ "path_pattern": "/assets/*",
101
+ "target_origin_id": "je-cloudfront-raynor",
102
+ "trusted_signers": {
103
+ "enabled": false,
104
+ "quantity": 0
105
+ },
106
+ "viewer_protocol_policy": "redirect-to-https",
107
+ "allowed_methods": {
108
+ "quantity": 2,
109
+ "items": [
110
+ "HEAD",
111
+ "GET"
112
+ ],
113
+ "cached_methods": {
114
+ "quantity": 2,
115
+ "items": [
116
+ "HEAD",
117
+ "GET"
118
+ ]
119
+ }
120
+ },
121
+ "smooth_streaming": false,
122
+ "compress": true,
123
+ "lambda_function_associations": {
124
+ "quantity": 0
125
+ },
126
+ "field_level_encryption_id": "",
127
+ "forwarded_values": {
128
+ "query_string": false,
129
+ "cookies": {
130
+ "forward": "none"
131
+ },
132
+ "headers": {
133
+ "quantity": 1,
134
+ "items": [
135
+ "Host"
136
+ ]
137
+ },
138
+ "query_string_cache_keys": {
139
+ "quantity": 0
140
+ }
141
+ },
142
+ "min_ttl": 0,
143
+ "default_ttl": 86400,
144
+ "max_ttl": 31536000
145
+ },
146
+ {
147
+ "path_pattern": "/packs/*",
148
+ "target_origin_id": "je-cloudfront-raynor",
149
+ "trusted_signers": {
150
+ "enabled": false,
151
+ "quantity": 0
152
+ },
153
+ "viewer_protocol_policy": "redirect-to-https",
154
+ "allowed_methods": {
155
+ "quantity": 2,
156
+ "items": [
157
+ "HEAD",
158
+ "GET"
159
+ ],
160
+ "cached_methods": {
161
+ "quantity": 2,
162
+ "items": [
163
+ "HEAD",
164
+ "GET"
165
+ ]
166
+ }
167
+ },
168
+ "smooth_streaming": false,
169
+ "compress": true,
170
+ "lambda_function_associations": {
171
+ "quantity": 0
172
+ },
173
+ "field_level_encryption_id": "",
174
+ "forwarded_values": {
175
+ "query_string": false,
176
+ "cookies": {
177
+ "forward": "none"
178
+ },
179
+ "headers": {
180
+ "quantity": 1,
181
+ "items": [
182
+ "Host"
183
+ ]
184
+ },
185
+ "query_string_cache_keys": {
186
+ "quantity": 0
187
+ }
188
+ },
189
+ "min_ttl": 0,
190
+ "default_ttl": 86400,
191
+ "max_ttl": 31536000
192
+ }
193
+ ]
194
+ },
195
+ "custom_error_responses": {
196
+ "quantity": 0
197
+ },
198
+ "comment": "je-cloudfront-raynor",
199
+ "price_class": "PriceClass_100",
200
+ "enabled": true,
201
+ "viewer_certificate": {
202
+ "acm_certificate_arn": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
203
+ "ssl_support_method": "sni-only",
204
+ "minimum_protocol_version": "TLSv1",
205
+ "certificate": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
206
+ "certificate_source": "acm"
207
+ },
208
+ "restrictions": {
209
+ "geo_restriction": {
210
+ "restriction_type": "none",
211
+ "quantity": 0
212
+ }
213
+ },
214
+ "web_acl_id": "",
215
+ "http_version": "HTTP2",
216
+ "is_ipv6_enabled": true,
217
+ "alias_icp_recordals": [
218
+ {
219
+ "cname": "cdn.je.tapresearch.com",
220
+ "icp_recordal_status": "APPROVED"
221
+ },
222
+ {
223
+ "cname": "jedha.tapresearch.com",
224
+ "icp_recordal_status": "APPROVED"
225
+ }
226
+ ]
227
+ }
228
+ {
229
+ "id": "E3D0PNT6PGI431",
230
+ "arn": "arn:aws:cloudfront::373533792662:distribution/E3D0PNT6PGI431",
231
+ "status": "Deployed",
232
+ "last_modified_time": "2019-08-10 02:58:26 UTC",
233
+ "domain_name": "d2xrlyt627lqpx.cloudfront.net",
234
+ "aliases": {
235
+ "quantity": 2,
236
+ "items": [
237
+ "staging.tapresearch.com",
238
+ "cdn.st.tapresearch.com"
239
+ ]
240
+ },
241
+ "origins": {
242
+ "quantity": 1,
243
+ "items": [
244
+ {
245
+ "id": "st-cloudfront-raynor",
246
+ "domain_name": "lb.st.tapresearch.io",
247
+ "origin_path": "",
248
+ "custom_headers": {
249
+ "quantity": 0
250
+ },
251
+ "custom_origin_config": {
252
+ "http_port": 80,
253
+ "https_port": 443,
254
+ "origin_protocol_policy": "https-only",
255
+ "origin_ssl_protocols": {
256
+ "quantity": 1,
257
+ "items": [
258
+ "TLSv1.2"
259
+ ]
260
+ },
261
+ "origin_read_timeout": 60,
262
+ "origin_keepalive_timeout": 60
263
+ },
264
+ "connection_attempts": 3,
265
+ "connection_timeout": 10
266
+ }
267
+ ]
268
+ },
269
+ "origin_groups": {
270
+ "quantity": 0
271
+ },
272
+ "default_cache_behavior": {
273
+ "target_origin_id": "st-cloudfront-raynor",
274
+ "trusted_signers": {
275
+ "enabled": false,
276
+ "quantity": 0
277
+ },
278
+ "viewer_protocol_policy": "redirect-to-https",
279
+ "allowed_methods": {
280
+ "quantity": 7,
281
+ "items": [
282
+ "HEAD",
283
+ "DELETE",
284
+ "POST",
285
+ "GET",
286
+ "OPTIONS",
287
+ "PUT",
288
+ "PATCH"
289
+ ],
290
+ "cached_methods": {
291
+ "quantity": 2,
292
+ "items": [
293
+ "HEAD",
294
+ "GET"
295
+ ]
296
+ }
297
+ },
298
+ "smooth_streaming": false,
299
+ "compress": true,
300
+ "lambda_function_associations": {
301
+ "quantity": 0
302
+ },
303
+ "field_level_encryption_id": "",
304
+ "forwarded_values": {
305
+ "query_string": true,
306
+ "cookies": {
307
+ "forward": "all"
308
+ },
309
+ "headers": {
310
+ "quantity": 1,
311
+ "items": [
312
+ "*"
313
+ ]
314
+ },
315
+ "query_string_cache_keys": {
316
+ "quantity": 0
317
+ }
318
+ },
319
+ "min_ttl": 0,
320
+ "default_ttl": 86400,
321
+ "max_ttl": 31536000
322
+ },
323
+ "cache_behaviors": {
324
+ "quantity": 2,
325
+ "items": [
326
+ {
327
+ "path_pattern": "/assets/*",
328
+ "target_origin_id": "st-cloudfront-raynor",
329
+ "trusted_signers": {
330
+ "enabled": false,
331
+ "quantity": 0
332
+ },
333
+ "viewer_protocol_policy": "redirect-to-https",
334
+ "allowed_methods": {
335
+ "quantity": 2,
336
+ "items": [
337
+ "HEAD",
338
+ "GET"
339
+ ],
340
+ "cached_methods": {
341
+ "quantity": 2,
342
+ "items": [
343
+ "HEAD",
344
+ "GET"
345
+ ]
346
+ }
347
+ },
348
+ "smooth_streaming": false,
349
+ "compress": true,
350
+ "lambda_function_associations": {
351
+ "quantity": 0
352
+ },
353
+ "field_level_encryption_id": "",
354
+ "forwarded_values": {
355
+ "query_string": false,
356
+ "cookies": {
357
+ "forward": "none"
358
+ },
359
+ "headers": {
360
+ "quantity": 1,
361
+ "items": [
362
+ "Host"
363
+ ]
364
+ },
365
+ "query_string_cache_keys": {
366
+ "quantity": 0
367
+ }
368
+ },
369
+ "min_ttl": 0,
370
+ "default_ttl": 86400,
371
+ "max_ttl": 31536000
372
+ },
373
+ {
374
+ "path_pattern": "/packs/*",
375
+ "target_origin_id": "st-cloudfront-raynor",
376
+ "trusted_signers": {
377
+ "enabled": false,
378
+ "quantity": 0
379
+ },
380
+ "viewer_protocol_policy": "redirect-to-https",
381
+ "allowed_methods": {
382
+ "quantity": 2,
383
+ "items": [
384
+ "HEAD",
385
+ "GET"
386
+ ],
387
+ "cached_methods": {
388
+ "quantity": 2,
389
+ "items": [
390
+ "HEAD",
391
+ "GET"
392
+ ]
393
+ }
394
+ },
395
+ "smooth_streaming": false,
396
+ "compress": true,
397
+ "lambda_function_associations": {
398
+ "quantity": 0
399
+ },
400
+ "field_level_encryption_id": "",
401
+ "forwarded_values": {
402
+ "query_string": false,
403
+ "cookies": {
404
+ "forward": "none"
405
+ },
406
+ "headers": {
407
+ "quantity": 1,
408
+ "items": [
409
+ "Host"
410
+ ]
411
+ },
412
+ "query_string_cache_keys": {
413
+ "quantity": 0
414
+ }
415
+ },
416
+ "min_ttl": 0,
417
+ "default_ttl": 86400,
418
+ "max_ttl": 31536000
419
+ }
420
+ ]
421
+ },
422
+ "custom_error_responses": {
423
+ "quantity": 0
424
+ },
425
+ "comment": "st-cloudfront-raynor",
426
+ "price_class": "PriceClass_100",
427
+ "enabled": true,
428
+ "viewer_certificate": {
429
+ "acm_certificate_arn": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
430
+ "ssl_support_method": "sni-only",
431
+ "minimum_protocol_version": "TLSv1",
432
+ "certificate": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
433
+ "certificate_source": "acm"
434
+ },
435
+ "restrictions": {
436
+ "geo_restriction": {
437
+ "restriction_type": "none",
438
+ "quantity": 0
439
+ }
440
+ },
441
+ "web_acl_id": "",
442
+ "http_version": "HTTP2",
443
+ "is_ipv6_enabled": true,
444
+ "alias_icp_recordals": [
445
+ {
446
+ "cname": "staging.tapresearch.com",
447
+ "icp_recordal_status": "APPROVED"
448
+ },
449
+ {
450
+ "cname": "cdn.st.tapresearch.com",
451
+ "icp_recordal_status": "APPROVED"
452
+ }
453
+ ]
454
+ }
455
+ {
456
+ "id": "E1YOITBMNMXCK7",
457
+ "arn": "arn:aws:cloudfront::373533792662:distribution/E1YOITBMNMXCK7",
458
+ "status": "Deployed",
459
+ "last_modified_time": "2019-08-10 04:39:39 UTC",
460
+ "domain_name": "d2xztbefcw8pto.cloudfront.net",
461
+ "aliases": {
462
+ "quantity": 3,
463
+ "items": [
464
+ "www.tapresearch.com",
465
+ "cdn.tapresearch.com",
466
+ "tapresearch.com"
467
+ ]
468
+ },
469
+ "origins": {
470
+ "quantity": 1,
471
+ "items": [
472
+ {
473
+ "id": "pr-cloudfront-raynor",
474
+ "domain_name": "lb.pr.tapresearch.io",
475
+ "origin_path": "",
476
+ "custom_headers": {
477
+ "quantity": 0
478
+ },
479
+ "custom_origin_config": {
480
+ "http_port": 80,
481
+ "https_port": 443,
482
+ "origin_protocol_policy": "https-only",
483
+ "origin_ssl_protocols": {
484
+ "quantity": 1,
485
+ "items": [
486
+ "TLSv1.2"
487
+ ]
488
+ },
489
+ "origin_read_timeout": 60,
490
+ "origin_keepalive_timeout": 60
491
+ },
492
+ "connection_attempts": 3,
493
+ "connection_timeout": 10
494
+ }
495
+ ]
496
+ },
497
+ "origin_groups": {
498
+ "quantity": 0
499
+ },
500
+ "default_cache_behavior": {
501
+ "target_origin_id": "pr-cloudfront-raynor",
502
+ "trusted_signers": {
503
+ "enabled": false,
504
+ "quantity": 0
505
+ },
506
+ "viewer_protocol_policy": "redirect-to-https",
507
+ "allowed_methods": {
508
+ "quantity": 7,
509
+ "items": [
510
+ "HEAD",
511
+ "DELETE",
512
+ "POST",
513
+ "GET",
514
+ "OPTIONS",
515
+ "PUT",
516
+ "PATCH"
517
+ ],
518
+ "cached_methods": {
519
+ "quantity": 2,
520
+ "items": [
521
+ "HEAD",
522
+ "GET"
523
+ ]
524
+ }
525
+ },
526
+ "smooth_streaming": false,
527
+ "compress": true,
528
+ "lambda_function_associations": {
529
+ "quantity": 0
530
+ },
531
+ "field_level_encryption_id": "",
532
+ "forwarded_values": {
533
+ "query_string": true,
534
+ "cookies": {
535
+ "forward": "all"
536
+ },
537
+ "headers": {
538
+ "quantity": 1,
539
+ "items": [
540
+ "*"
541
+ ]
542
+ },
543
+ "query_string_cache_keys": {
544
+ "quantity": 0
545
+ }
546
+ },
547
+ "min_ttl": 0,
548
+ "default_ttl": 86400,
549
+ "max_ttl": 31536000
550
+ },
551
+ "cache_behaviors": {
552
+ "quantity": 2,
553
+ "items": [
554
+ {
555
+ "path_pattern": "/assets/*",
556
+ "target_origin_id": "pr-cloudfront-raynor",
557
+ "trusted_signers": {
558
+ "enabled": false,
559
+ "quantity": 0
560
+ },
561
+ "viewer_protocol_policy": "redirect-to-https",
562
+ "allowed_methods": {
563
+ "quantity": 2,
564
+ "items": [
565
+ "HEAD",
566
+ "GET"
567
+ ],
568
+ "cached_methods": {
569
+ "quantity": 2,
570
+ "items": [
571
+ "HEAD",
572
+ "GET"
573
+ ]
574
+ }
575
+ },
576
+ "smooth_streaming": false,
577
+ "compress": true,
578
+ "lambda_function_associations": {
579
+ "quantity": 0
580
+ },
581
+ "field_level_encryption_id": "",
582
+ "forwarded_values": {
583
+ "query_string": false,
584
+ "cookies": {
585
+ "forward": "none"
586
+ },
587
+ "headers": {
588
+ "quantity": 1,
589
+ "items": [
590
+ "Host"
591
+ ]
592
+ },
593
+ "query_string_cache_keys": {
594
+ "quantity": 0
595
+ }
596
+ },
597
+ "min_ttl": 0,
598
+ "default_ttl": 86400,
599
+ "max_ttl": 31536000
600
+ },
601
+ {
602
+ "path_pattern": "/packs/*",
603
+ "target_origin_id": "pr-cloudfront-raynor",
604
+ "trusted_signers": {
605
+ "enabled": false,
606
+ "quantity": 0
607
+ },
608
+ "viewer_protocol_policy": "redirect-to-https",
609
+ "allowed_methods": {
610
+ "quantity": 2,
611
+ "items": [
612
+ "HEAD",
613
+ "GET"
614
+ ],
615
+ "cached_methods": {
616
+ "quantity": 2,
617
+ "items": [
618
+ "HEAD",
619
+ "GET"
620
+ ]
621
+ }
622
+ },
623
+ "smooth_streaming": false,
624
+ "compress": true,
625
+ "lambda_function_associations": {
626
+ "quantity": 0
627
+ },
628
+ "field_level_encryption_id": "",
629
+ "forwarded_values": {
630
+ "query_string": false,
631
+ "cookies": {
632
+ "forward": "none"
633
+ },
634
+ "headers": {
635
+ "quantity": 1,
636
+ "items": [
637
+ "Host"
638
+ ]
639
+ },
640
+ "query_string_cache_keys": {
641
+ "quantity": 0
642
+ }
643
+ },
644
+ "min_ttl": 0,
645
+ "default_ttl": 86400,
646
+ "max_ttl": 31536000
647
+ }
648
+ ]
649
+ },
650
+ "custom_error_responses": {
651
+ "quantity": 0
652
+ },
653
+ "comment": "pr-cloudfront-raynor",
654
+ "price_class": "PriceClass_100",
655
+ "enabled": true,
656
+ "viewer_certificate": {
657
+ "acm_certificate_arn": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
658
+ "ssl_support_method": "sni-only",
659
+ "minimum_protocol_version": "TLSv1",
660
+ "certificate": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
661
+ "certificate_source": "acm"
662
+ },
663
+ "restrictions": {
664
+ "geo_restriction": {
665
+ "restriction_type": "none",
666
+ "quantity": 0
667
+ }
668
+ },
669
+ "web_acl_id": "",
670
+ "http_version": "HTTP2",
671
+ "is_ipv6_enabled": true,
672
+ "alias_icp_recordals": [
673
+ {
674
+ "cname": "tapresearch.com",
675
+ "icp_recordal_status": "APPROVED"
676
+ },
677
+ {
678
+ "cname": "cdn.tapresearch.com",
679
+ "icp_recordal_status": "APPROVED"
680
+ },
681
+ {
682
+ "cname": "www.tapresearch.com",
683
+ "icp_recordal_status": "APPROVED"
684
+ }
685
+ ]
686
+ }
687
+ {
688
+ "id": "E1UOT14S5HMB0D",
689
+ "arn": "arn:aws:cloudfront::373533792662:distribution/E1UOT14S5HMB0D",
690
+ "status": "Deployed",
691
+ "last_modified_time": "2019-08-10 01:26:15 UTC",
692
+ "domain_name": "d1xrdicqtjcu82.cloudfront.net",
693
+ "aliases": {
694
+ "quantity": 2,
695
+ "items": [
696
+ "yavin.tapresearch.com",
697
+ "cdn.ya.tapresearch.com"
698
+ ]
699
+ },
700
+ "origins": {
701
+ "quantity": 1,
702
+ "items": [
703
+ {
704
+ "id": "ya-cloudfront-raynor",
705
+ "domain_name": "lb.ya.tapresearch.io",
706
+ "origin_path": "",
707
+ "custom_headers": {
708
+ "quantity": 0
709
+ },
710
+ "custom_origin_config": {
711
+ "http_port": 80,
712
+ "https_port": 443,
713
+ "origin_protocol_policy": "https-only",
714
+ "origin_ssl_protocols": {
715
+ "quantity": 1,
716
+ "items": [
717
+ "TLSv1.2"
718
+ ]
719
+ },
720
+ "origin_read_timeout": 60,
721
+ "origin_keepalive_timeout": 60
722
+ },
723
+ "connection_attempts": 3,
724
+ "connection_timeout": 10
725
+ }
726
+ ]
727
+ },
728
+ "origin_groups": {
729
+ "quantity": 0
730
+ },
731
+ "default_cache_behavior": {
732
+ "target_origin_id": "ya-cloudfront-raynor",
733
+ "trusted_signers": {
734
+ "enabled": false,
735
+ "quantity": 0
736
+ },
737
+ "viewer_protocol_policy": "redirect-to-https",
738
+ "allowed_methods": {
739
+ "quantity": 7,
740
+ "items": [
741
+ "HEAD",
742
+ "DELETE",
743
+ "POST",
744
+ "GET",
745
+ "OPTIONS",
746
+ "PUT",
747
+ "PATCH"
748
+ ],
749
+ "cached_methods": {
750
+ "quantity": 2,
751
+ "items": [
752
+ "HEAD",
753
+ "GET"
754
+ ]
755
+ }
756
+ },
757
+ "smooth_streaming": false,
758
+ "compress": true,
759
+ "lambda_function_associations": {
760
+ "quantity": 0
761
+ },
762
+ "field_level_encryption_id": "",
763
+ "forwarded_values": {
764
+ "query_string": true,
765
+ "cookies": {
766
+ "forward": "all"
767
+ },
768
+ "headers": {
769
+ "quantity": 1,
770
+ "items": [
771
+ "*"
772
+ ]
773
+ },
774
+ "query_string_cache_keys": {
775
+ "quantity": 0
776
+ }
777
+ },
778
+ "min_ttl": 0,
779
+ "default_ttl": 86400,
780
+ "max_ttl": 31536000
781
+ },
782
+ "cache_behaviors": {
783
+ "quantity": 2,
784
+ "items": [
785
+ {
786
+ "path_pattern": "/assets/*",
787
+ "target_origin_id": "ya-cloudfront-raynor",
788
+ "trusted_signers": {
789
+ "enabled": false,
790
+ "quantity": 0
791
+ },
792
+ "viewer_protocol_policy": "redirect-to-https",
793
+ "allowed_methods": {
794
+ "quantity": 2,
795
+ "items": [
796
+ "HEAD",
797
+ "GET"
798
+ ],
799
+ "cached_methods": {
800
+ "quantity": 2,
801
+ "items": [
802
+ "HEAD",
803
+ "GET"
804
+ ]
805
+ }
806
+ },
807
+ "smooth_streaming": false,
808
+ "compress": true,
809
+ "lambda_function_associations": {
810
+ "quantity": 0
811
+ },
812
+ "field_level_encryption_id": "",
813
+ "forwarded_values": {
814
+ "query_string": false,
815
+ "cookies": {
816
+ "forward": "none"
817
+ },
818
+ "headers": {
819
+ "quantity": 1,
820
+ "items": [
821
+ "Host"
822
+ ]
823
+ },
824
+ "query_string_cache_keys": {
825
+ "quantity": 0
826
+ }
827
+ },
828
+ "min_ttl": 0,
829
+ "default_ttl": 86400,
830
+ "max_ttl": 31536000
831
+ },
832
+ {
833
+ "path_pattern": "/packs/*",
834
+ "target_origin_id": "ya-cloudfront-raynor",
835
+ "trusted_signers": {
836
+ "enabled": false,
837
+ "quantity": 0
838
+ },
839
+ "viewer_protocol_policy": "redirect-to-https",
840
+ "allowed_methods": {
841
+ "quantity": 2,
842
+ "items": [
843
+ "HEAD",
844
+ "GET"
845
+ ],
846
+ "cached_methods": {
847
+ "quantity": 2,
848
+ "items": [
849
+ "HEAD",
850
+ "GET"
851
+ ]
852
+ }
853
+ },
854
+ "smooth_streaming": false,
855
+ "compress": true,
856
+ "lambda_function_associations": {
857
+ "quantity": 0
858
+ },
859
+ "field_level_encryption_id": "",
860
+ "forwarded_values": {
861
+ "query_string": false,
862
+ "cookies": {
863
+ "forward": "none"
864
+ },
865
+ "headers": {
866
+ "quantity": 1,
867
+ "items": [
868
+ "Host"
869
+ ]
870
+ },
871
+ "query_string_cache_keys": {
872
+ "quantity": 0
873
+ }
874
+ },
875
+ "min_ttl": 0,
876
+ "default_ttl": 86400,
877
+ "max_ttl": 31536000
878
+ }
879
+ ]
880
+ },
881
+ "custom_error_responses": {
882
+ "quantity": 0
883
+ },
884
+ "comment": "ya-cloudfront-raynor",
885
+ "price_class": "PriceClass_100",
886
+ "enabled": true,
887
+ "viewer_certificate": {
888
+ "acm_certificate_arn": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
889
+ "ssl_support_method": "sni-only",
890
+ "minimum_protocol_version": "TLSv1",
891
+ "certificate": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
892
+ "certificate_source": "acm"
893
+ },
894
+ "restrictions": {
895
+ "geo_restriction": {
896
+ "restriction_type": "none",
897
+ "quantity": 0
898
+ }
899
+ },
900
+ "web_acl_id": "",
901
+ "http_version": "HTTP2",
902
+ "is_ipv6_enabled": true,
903
+ "alias_icp_recordals": [
904
+ {
905
+ "cname": "yavin.tapresearch.com",
906
+ "icp_recordal_status": "APPROVED"
907
+ },
908
+ {
909
+ "cname": "cdn.ya.tapresearch.com",
910
+ "icp_recordal_status": "APPROVED"
911
+ }
912
+ ]
913
+ }