pleme 0.0.39 → 0.0.40

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +31 -1
  3. data/go.sh +5 -0
  4. data/lib/pleme/cli.rb +1 -0
  5. data/lib/pleme/gem/version.rb +1 -1
  6. data/lib/pleme/runner.rb +6 -0
  7. data/lib/pleme/scanner.rb +205 -0
  8. data/pleme.gemspec +5 -0
  9. data/results.json +913 -0
  10. data/truvantis_scan.json +1342 -0
  11. metadata +76 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fbf5e9bd2a833c570ce5db41806ae6d6bd823ae4
4
- data.tar.gz: 54a9fd0bade6b9a6f360bfbeb6f1665403603137
3
+ metadata.gz: 8db00856b533ae29bd65d909285f9414b53cf324
4
+ data.tar.gz: 8795bbe8839828c7153611ec8d0005c2926f8fbf
5
5
  SHA512:
6
- metadata.gz: cd48b3fa3ad16023509ec462378da75c3313588eca0128bf4d007d142c0eb98a1336f1a931905c585c9a07251f39f5c8fa2ac33a8f860c1ec1c10d44093e1839
7
- data.tar.gz: 11137276d371ce5ab4ed0679ff7a1519c83f41379fa75989f964ea4ac1cad140effa4d0327bc175fec705e85b408db02cf8dea027c58f806d73895b33caa6c63
6
+ metadata.gz: df20e240c929be96b060a3d82a36374f65686ed103a404092c5b77ee5835a4432a7c0e361739ed9355f2e890060f8cb66c1f0d05b01db4c3e23afa2ac01a37d0
7
+ data.tar.gz: 7ba0ef82e054056548572a3828aec45d19654ff8499f73d3d5ac005a4e03aa8eebd28578bb8604896fe20fc30035f45ccac9da036112319791593aed1d8ad6ad
data/Gemfile.lock CHANGED
@@ -1,19 +1,49 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- pleme (0.0.30)
4
+ pleme (0.0.39)
5
+ aws-sdk-cloudfront
6
+ aws-sdk-ec2
7
+ aws-sdk-elasticloadbalancingv2
8
+ aws-sdk-elasticsearchservice
9
+ aws-sdk-rds
5
10
  docopt
6
11
 
7
12
  GEM
8
13
  remote: https://rubygems.org/
9
14
  specs:
10
15
  ast (2.4.1)
16
+ aws-eventstream (1.1.0)
17
+ aws-partitions (1.375.0)
18
+ aws-sdk-cloudfront (1.42.0)
19
+ aws-sdk-core (~> 3, >= 3.99.0)
20
+ aws-sigv4 (~> 1.1)
21
+ aws-sdk-core (3.107.0)
22
+ aws-eventstream (~> 1, >= 1.0.2)
23
+ aws-partitions (~> 1, >= 1.239.0)
24
+ aws-sigv4 (~> 1.1)
25
+ jmespath (~> 1.0)
26
+ aws-sdk-ec2 (1.195.0)
27
+ aws-sdk-core (~> 3, >= 3.99.0)
28
+ aws-sigv4 (~> 1.1)
29
+ aws-sdk-elasticloadbalancingv2 (1.51.0)
30
+ aws-sdk-core (~> 3, >= 3.99.0)
31
+ aws-sigv4 (~> 1.1)
32
+ aws-sdk-elasticsearchservice (1.42.0)
33
+ aws-sdk-core (~> 3, >= 3.99.0)
34
+ aws-sigv4 (~> 1.1)
35
+ aws-sdk-rds (1.99.0)
36
+ aws-sdk-core (~> 3, >= 3.99.0)
37
+ aws-sigv4 (~> 1.1)
38
+ aws-sigv4 (1.2.2)
39
+ aws-eventstream (~> 1, >= 1.0.2)
11
40
  backport (1.1.2)
12
41
  benchmark (0.1.0)
13
42
  diff-lcs (1.4.4)
14
43
  docopt (0.6.1)
15
44
  e2mmap (0.1.0)
16
45
  jaro_winkler (1.5.4)
46
+ jmespath (1.4.0)
17
47
  maruku (0.7.3)
18
48
  mini_portile2 (2.4.0)
19
49
  nokogiri (1.10.10)
data/go.sh ADDED
@@ -0,0 +1,5 @@
1
+ #!/usr/bin/env sh
2
+
3
+ set -e
4
+
5
+ rake install && pleme truvantis scan
data/lib/pleme/cli.rb CHANGED
@@ -22,6 +22,7 @@ class Cli
22
22
  pleme compose up [-d]
23
23
  pleme compose down
24
24
  pleme compose build
25
+ pleme truvantis scan
25
26
  DOCOPT
26
27
  end
27
28
 
data/lib/pleme/gem/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Pleme
4
4
  module Gem
5
- VERSION = '0.0.39'
5
+ VERSION = '0.0.40'
6
6
  end
7
7
  end
data/lib/pleme/runner.rb CHANGED
@@ -8,6 +8,7 @@
8
8
  require 'pleme/plemec_translator'
9
9
  require 'yaml'
10
10
  require 'json'
11
+ require 'pleme/scanner'
11
12
 
12
13
  class Runner
13
14
  def initialize
@@ -37,6 +38,11 @@ class Runner
37
38
  dotfiles(spec) if spec[:dotfiles]
38
39
 
39
40
  compose if spec[:compose]
41
+
42
+ if spec[:truvantis] && spec[:scan]
43
+ scan = Scanner.new.truvantis_public_scan
44
+ File.write('truvantis_scan.json', JSON.pretty_generate(scan))
45
+ end
40
46
  end
41
47
 
42
48
  def read_config
data/lib/pleme/scanner.rb ADDED
@@ -0,0 +1,205 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'aws-sdk-cloudfront'
4
+ require 'aws-sdk-ec2'
5
+ require 'aws-sdk-elasticloadbalancingv2'
6
+ require 'aws-sdk-elasticsearchservice'
7
+ require 'aws-sdk-rds'
8
+ require 'json'
9
+
10
+ # scan stuff
11
+ class Scanner
12
+ # There is no logic in this scan that would pick up
13
+ # services we are currently not using that may have
14
+ # the potential to create new public endpoints.
15
+ # for example, we do not use dynamodb but it could have public endpoints if
16
+ # we did begin using it.
17
+ #
18
+ # services chosen to be scanned here are the intersection of what we use
19
+ # and what I suspect has public ips.
20
+ def truvantis_public_scan(aws_access_key_id: nil, aws_secret_access_key: nil)
21
+ aws_access_key_id = ENV['AWS_ACCESS_KEY_ID'] if aws_access_key_id.nil?
22
+ aws_secret_access_key = ENV['AWS_SECRET_ACCESS_KEY'] if aws_secret_access_key.nil?
23
+
24
+ ###########################################################################
25
+ # cloudfront
26
+ ###########################################################################
27
+
28
+ report = {}
29
+ report[:cloudfront] = {}
30
+ report[:cloudfront][:distributions] = {}
31
+
32
+ region = ENV['AWS_REGION'] ||
33
+ ENV['AWS_DEFAULT_REGION'] ||
34
+ 'us-east-1'
35
+
36
+ credentials = Aws::Credentials.new(aws_access_key_id, aws_secret_access_key)
37
+ cf_client = Aws::CloudFront::Client.new(region: region, credentials: credentials)
38
+ cf_set = cf_client.list_distributions.distribution_list.to_h
39
+
40
+ # get the domain name which may be public
41
+ # attach the arn for unique object identification as it may be useful to truvantis
42
+ # attach aliases to potentially be scanned as well
43
+ cf_set[:items].each do |item|
44
+ report[:cloudfront][:distributions] = { (item[:id]).to_s => {
45
+ domain: item[:domain_name],
46
+ arn: item[:arn],
47
+ aliases: item[:aliases]
48
+ } }
49
+ end
50
+
51
+ # I purposefully did not include origin endpoints
52
+ # as those will always be either an EIP, Instance, or LB
53
+ # all of which are included in more downstream scans
54
+
55
+ ###########################################################################
56
+ # ec2
57
+ ###########################################################################
58
+ # any public instances and interfaces
59
+
60
+ report[:ec2] = {}
61
+ report[:ec2][:instances] = {}
62
+
63
+ ec2_client = Aws::EC2::Client.new(region: region, credentials: credentials)
64
+
65
+ inst_set = ec2_client.describe_instances.to_h[:reservations]
66
+ inst_set.each do |reservation|
67
+ reservation[:instances].each do |instance|
68
+ # record instance public_ip
69
+ report[:ec2][:instances][(instance[:instance_id]).to_s] = { public_ip: instance[:public_ip] }
70
+
71
+ # record a few things about the instance that may be useful
72
+ report[:ec2][:instances][(instance[:instance_id]).to_s] = \
73
+ { public_dns_name: instance[:public_dns_name] }
74
+
75
+ # instances might have network_interfaces attached
76
+ next unless instance[:network_interfaces].any?
77
+
78
+ # check for important things in each interface
79
+ instance[:network_interfaces].each do |net_inter|
80
+ next if net_inter[:association].nil?
81
+
82
+ report[:ec2][:instances][(instance[:instance_id]).to_s] = \
83
+ { network_interface: {
84
+ carrier_ip: net_inter[:association][:carrier_ip],
85
+ public_ip: net_inter[:association][:public_ip]
86
+ } }
87
+ end
88
+ end
89
+ end
90
+
91
+ ###########################################################################
92
+ # load balancers
93
+ ###########################################################################
94
+ # any public instances and interfaces
95
+
96
+ report[:lb] = {}
97
+ report[:lb][:load_balancers] = {}
98
+
99
+ lb_client = Aws::ElasticLoadBalancingV2::Client.new(region: region, credentials: credentials)
100
+
101
+ # I am including internal facing load balancers and
102
+ # truvantis can filter out internals
103
+ lb_set = lb_client.describe_load_balancers.to_h
104
+ lb_set[:load_balancers].each do |lb|
105
+ report[:lb][:load_balancers][(lb[:load_balancer_name]).to_s] = {
106
+ dns_name: lb[:dns_name],
107
+ scheme: lb[:scheme],
108
+ type: lb[:type]
109
+ }
110
+ report[:lb][:load_balancers][(lb[:load_balancer_name]).to_s][:addresses] = []
111
+
112
+ # gather actual ip addresses as well
113
+ lb[:availability_zones].each do |zone|
114
+ zone[:load_balancer_addresses].each do |addy|
115
+ report[:lb][:load_balancers][(lb[:load_balancer_name]).to_s][:addresses] << addy[:ip_address]
116
+ end
117
+ end
118
+ end
119
+
120
+ ###########################################################################
121
+ # elastic ips
122
+ ###########################################################################
123
+ # uses ec2 client and weird method describe_addresses
124
+ report[:eips] = []
125
+
126
+ # grab public ips for eips
127
+ ec2_client.describe_addresses.to_h[:addresses].each do |addy|
128
+ report[:eips] << addy[:public_ip] if addy[:public_ip]
129
+ end
130
+
131
+ ###########################################################################
132
+ # network interfaces
133
+ ###########################################################################
134
+ # uses ec2 client and describe_network_interfaces
135
+
136
+ report[:network_interfaces] = {}
137
+ ec2_client.describe_network_interfaces.to_h[:network_interfaces].each do |net_inter|
138
+ next if net_inter[:association].nil?
139
+
140
+ report[:network_interfaces][(net_inter[:network_interface_id]).to_s] = {
141
+ association: {
142
+ public_ip: net_inter[:association][:public_ip],
143
+ public_dns_name: net_inter[:association][:public_dns_name]
144
+ }
145
+ }
146
+
147
+ # apparently private_ip_address associations can have public ips
148
+ # grab any of those endpoints if any exist
149
+ next unless net_inter[:private_ip_addresses].any?
150
+
151
+ net_inter[:private_ip_addresses].each do |pia|
152
+ next if report[:network_interfaces][(net_inter[:network_interface_id]).to_s][:private_ip_addresses].nil?
153
+ next unless report[:network_interfaces][(net_inter[:network_interface_id]).to_s][:private_ip_addresses].any?
154
+
155
+ report[:network_interfaces][(net_inter[:network_interface_id]).to_s]\
156
+ [:private_ip_addresses] << {
157
+ public_dns_name: pia[:association][:public_dns_name],
158
+ public_ip: pia[:association][:public_ip]
159
+ }
160
+ end
161
+ end
162
+
163
+ ###########################################################################
164
+ # elasticsearch as a service may have public endpoints
165
+ ###########################################################################
166
+ # Aws::ElasticsearchService and describe elasticsearch domains
167
+
168
+ es_client = Aws::ElasticsearchService::Client.new(region: region, credentials: credentials)
169
+
170
+ domain_names = []
171
+ es_client.list_domain_names.to_h[:domain_names].each do |dn|
172
+ domain_names << dn[:domain_name]
173
+ end
174
+
175
+ report[:es] = {}
176
+ es_client.describe_elasticsearch_domains(domain_names: domain_names).to_h[:domain_status_list].each do |domain|
177
+ report[:es][(domain[:domain_id]).to_s] = { endpoints: domain[:endpoints] }
178
+ end
179
+
180
+ ###########################################################################
181
+ # rds
182
+ ###########################################################################
183
+ # databases may have public endpoints
184
+ rds_client = Aws::RDS::Client.new(region: region, credentials: credentials)
185
+ rds_set = rds_client.describe_db_instances.to_h
186
+ unless rds_set[:db_instances].nil?
187
+ if rds_set[:db_instances].any?
188
+ report[:rds] = {}
189
+ rds_set[:db_instances].each do |dbi|
190
+ report[:rds][(dbi[:db_instance_arn]).to_s] = { endpoint: dbi[:endpoint] }
191
+ end
192
+ end
193
+ end
194
+
195
+ ###########################################################################
196
+ # bonus: open security groups and their associated resources
197
+ ###########################################################################
198
+
199
+ ###########################################################################
200
+ # bonus: open network acls
201
+ ###########################################################################
202
+
203
+ report
204
+ end
205
+ end
data/pleme.gemspec CHANGED
@@ -20,6 +20,11 @@ Gem::Specification.new do |spec|
20
20
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
21
21
  spec.require_paths = ['lib']
22
22
  spec.required_ruby_version = '>= 2.4.0'
23
+ spec.add_dependency('aws-sdk-cloudfront')
24
+ spec.add_dependency('aws-sdk-ec2')
25
+ spec.add_dependency('aws-sdk-elasticloadbalancingv2')
26
+ spec.add_dependency('aws-sdk-elasticsearchservice')
27
+ spec.add_dependency('aws-sdk-rds')
23
28
  spec.add_dependency('docopt')
24
29
  spec.add_development_dependency('rake')
25
30
  spec.add_development_dependency('rspec')
data/results.json ADDED
@@ -0,0 +1,913 @@
1
+ {
2
+ "id": "E1IDK8V7MGA46A",
3
+ "arn": "arn:aws:cloudfront::373533792662:distribution/E1IDK8V7MGA46A",
4
+ "status": "Deployed",
5
+ "last_modified_time": "2019-08-10 02:32:52 UTC",
6
+ "domain_name": "d3o2mwpz5n87n0.cloudfront.net",
7
+ "aliases": {
8
+ "quantity": 2,
9
+ "items": [
10
+ "jedha.tapresearch.com",
11
+ "cdn.je.tapresearch.com"
12
+ ]
13
+ },
14
+ "origins": {
15
+ "quantity": 1,
16
+ "items": [
17
+ {
18
+ "id": "je-cloudfront-raynor",
19
+ "domain_name": "lb.je.tapresearch.io",
20
+ "origin_path": "",
21
+ "custom_headers": {
22
+ "quantity": 0
23
+ },
24
+ "custom_origin_config": {
25
+ "http_port": 80,
26
+ "https_port": 443,
27
+ "origin_protocol_policy": "https-only",
28
+ "origin_ssl_protocols": {
29
+ "quantity": 1,
30
+ "items": [
31
+ "TLSv1.2"
32
+ ]
33
+ },
34
+ "origin_read_timeout": 60,
35
+ "origin_keepalive_timeout": 60
36
+ },
37
+ "connection_attempts": 3,
38
+ "connection_timeout": 10
39
+ }
40
+ ]
41
+ },
42
+ "origin_groups": {
43
+ "quantity": 0
44
+ },
45
+ "default_cache_behavior": {
46
+ "target_origin_id": "je-cloudfront-raynor",
47
+ "trusted_signers": {
48
+ "enabled": false,
49
+ "quantity": 0
50
+ },
51
+ "viewer_protocol_policy": "redirect-to-https",
52
+ "allowed_methods": {
53
+ "quantity": 7,
54
+ "items": [
55
+ "HEAD",
56
+ "DELETE",
57
+ "POST",
58
+ "GET",
59
+ "OPTIONS",
60
+ "PUT",
61
+ "PATCH"
62
+ ],
63
+ "cached_methods": {
64
+ "quantity": 2,
65
+ "items": [
66
+ "HEAD",
67
+ "GET"
68
+ ]
69
+ }
70
+ },
71
+ "smooth_streaming": false,
72
+ "compress": true,
73
+ "lambda_function_associations": {
74
+ "quantity": 0
75
+ },
76
+ "field_level_encryption_id": "",
77
+ "forwarded_values": {
78
+ "query_string": true,
79
+ "cookies": {
80
+ "forward": "all"
81
+ },
82
+ "headers": {
83
+ "quantity": 1,
84
+ "items": [
85
+ "*"
86
+ ]
87
+ },
88
+ "query_string_cache_keys": {
89
+ "quantity": 0
90
+ }
91
+ },
92
+ "min_ttl": 0,
93
+ "default_ttl": 86400,
94
+ "max_ttl": 31536000
95
+ },
96
+ "cache_behaviors": {
97
+ "quantity": 2,
98
+ "items": [
99
+ {
100
+ "path_pattern": "/assets/*",
101
+ "target_origin_id": "je-cloudfront-raynor",
102
+ "trusted_signers": {
103
+ "enabled": false,
104
+ "quantity": 0
105
+ },
106
+ "viewer_protocol_policy": "redirect-to-https",
107
+ "allowed_methods": {
108
+ "quantity": 2,
109
+ "items": [
110
+ "HEAD",
111
+ "GET"
112
+ ],
113
+ "cached_methods": {
114
+ "quantity": 2,
115
+ "items": [
116
+ "HEAD",
117
+ "GET"
118
+ ]
119
+ }
120
+ },
121
+ "smooth_streaming": false,
122
+ "compress": true,
123
+ "lambda_function_associations": {
124
+ "quantity": 0
125
+ },
126
+ "field_level_encryption_id": "",
127
+ "forwarded_values": {
128
+ "query_string": false,
129
+ "cookies": {
130
+ "forward": "none"
131
+ },
132
+ "headers": {
133
+ "quantity": 1,
134
+ "items": [
135
+ "Host"
136
+ ]
137
+ },
138
+ "query_string_cache_keys": {
139
+ "quantity": 0
140
+ }
141
+ },
142
+ "min_ttl": 0,
143
+ "default_ttl": 86400,
144
+ "max_ttl": 31536000
145
+ },
146
+ {
147
+ "path_pattern": "/packs/*",
148
+ "target_origin_id": "je-cloudfront-raynor",
149
+ "trusted_signers": {
150
+ "enabled": false,
151
+ "quantity": 0
152
+ },
153
+ "viewer_protocol_policy": "redirect-to-https",
154
+ "allowed_methods": {
155
+ "quantity": 2,
156
+ "items": [
157
+ "HEAD",
158
+ "GET"
159
+ ],
160
+ "cached_methods": {
161
+ "quantity": 2,
162
+ "items": [
163
+ "HEAD",
164
+ "GET"
165
+ ]
166
+ }
167
+ },
168
+ "smooth_streaming": false,
169
+ "compress": true,
170
+ "lambda_function_associations": {
171
+ "quantity": 0
172
+ },
173
+ "field_level_encryption_id": "",
174
+ "forwarded_values": {
175
+ "query_string": false,
176
+ "cookies": {
177
+ "forward": "none"
178
+ },
179
+ "headers": {
180
+ "quantity": 1,
181
+ "items": [
182
+ "Host"
183
+ ]
184
+ },
185
+ "query_string_cache_keys": {
186
+ "quantity": 0
187
+ }
188
+ },
189
+ "min_ttl": 0,
190
+ "default_ttl": 86400,
191
+ "max_ttl": 31536000
192
+ }
193
+ ]
194
+ },
195
+ "custom_error_responses": {
196
+ "quantity": 0
197
+ },
198
+ "comment": "je-cloudfront-raynor",
199
+ "price_class": "PriceClass_100",
200
+ "enabled": true,
201
+ "viewer_certificate": {
202
+ "acm_certificate_arn": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
203
+ "ssl_support_method": "sni-only",
204
+ "minimum_protocol_version": "TLSv1",
205
+ "certificate": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
206
+ "certificate_source": "acm"
207
+ },
208
+ "restrictions": {
209
+ "geo_restriction": {
210
+ "restriction_type": "none",
211
+ "quantity": 0
212
+ }
213
+ },
214
+ "web_acl_id": "",
215
+ "http_version": "HTTP2",
216
+ "is_ipv6_enabled": true,
217
+ "alias_icp_recordals": [
218
+ {
219
+ "cname": "cdn.je.tapresearch.com",
220
+ "icp_recordal_status": "APPROVED"
221
+ },
222
+ {
223
+ "cname": "jedha.tapresearch.com",
224
+ "icp_recordal_status": "APPROVED"
225
+ }
226
+ ]
227
+ }
228
+ {
229
+ "id": "E3D0PNT6PGI431",
230
+ "arn": "arn:aws:cloudfront::373533792662:distribution/E3D0PNT6PGI431",
231
+ "status": "Deployed",
232
+ "last_modified_time": "2019-08-10 02:58:26 UTC",
233
+ "domain_name": "d2xrlyt627lqpx.cloudfront.net",
234
+ "aliases": {
235
+ "quantity": 2,
236
+ "items": [
237
+ "staging.tapresearch.com",
238
+ "cdn.st.tapresearch.com"
239
+ ]
240
+ },
241
+ "origins": {
242
+ "quantity": 1,
243
+ "items": [
244
+ {
245
+ "id": "st-cloudfront-raynor",
246
+ "domain_name": "lb.st.tapresearch.io",
247
+ "origin_path": "",
248
+ "custom_headers": {
249
+ "quantity": 0
250
+ },
251
+ "custom_origin_config": {
252
+ "http_port": 80,
253
+ "https_port": 443,
254
+ "origin_protocol_policy": "https-only",
255
+ "origin_ssl_protocols": {
256
+ "quantity": 1,
257
+ "items": [
258
+ "TLSv1.2"
259
+ ]
260
+ },
261
+ "origin_read_timeout": 60,
262
+ "origin_keepalive_timeout": 60
263
+ },
264
+ "connection_attempts": 3,
265
+ "connection_timeout": 10
266
+ }
267
+ ]
268
+ },
269
+ "origin_groups": {
270
+ "quantity": 0
271
+ },
272
+ "default_cache_behavior": {
273
+ "target_origin_id": "st-cloudfront-raynor",
274
+ "trusted_signers": {
275
+ "enabled": false,
276
+ "quantity": 0
277
+ },
278
+ "viewer_protocol_policy": "redirect-to-https",
279
+ "allowed_methods": {
280
+ "quantity": 7,
281
+ "items": [
282
+ "HEAD",
283
+ "DELETE",
284
+ "POST",
285
+ "GET",
286
+ "OPTIONS",
287
+ "PUT",
288
+ "PATCH"
289
+ ],
290
+ "cached_methods": {
291
+ "quantity": 2,
292
+ "items": [
293
+ "HEAD",
294
+ "GET"
295
+ ]
296
+ }
297
+ },
298
+ "smooth_streaming": false,
299
+ "compress": true,
300
+ "lambda_function_associations": {
301
+ "quantity": 0
302
+ },
303
+ "field_level_encryption_id": "",
304
+ "forwarded_values": {
305
+ "query_string": true,
306
+ "cookies": {
307
+ "forward": "all"
308
+ },
309
+ "headers": {
310
+ "quantity": 1,
311
+ "items": [
312
+ "*"
313
+ ]
314
+ },
315
+ "query_string_cache_keys": {
316
+ "quantity": 0
317
+ }
318
+ },
319
+ "min_ttl": 0,
320
+ "default_ttl": 86400,
321
+ "max_ttl": 31536000
322
+ },
323
+ "cache_behaviors": {
324
+ "quantity": 2,
325
+ "items": [
326
+ {
327
+ "path_pattern": "/assets/*",
328
+ "target_origin_id": "st-cloudfront-raynor",
329
+ "trusted_signers": {
330
+ "enabled": false,
331
+ "quantity": 0
332
+ },
333
+ "viewer_protocol_policy": "redirect-to-https",
334
+ "allowed_methods": {
335
+ "quantity": 2,
336
+ "items": [
337
+ "HEAD",
338
+ "GET"
339
+ ],
340
+ "cached_methods": {
341
+ "quantity": 2,
342
+ "items": [
343
+ "HEAD",
344
+ "GET"
345
+ ]
346
+ }
347
+ },
348
+ "smooth_streaming": false,
349
+ "compress": true,
350
+ "lambda_function_associations": {
351
+ "quantity": 0
352
+ },
353
+ "field_level_encryption_id": "",
354
+ "forwarded_values": {
355
+ "query_string": false,
356
+ "cookies": {
357
+ "forward": "none"
358
+ },
359
+ "headers": {
360
+ "quantity": 1,
361
+ "items": [
362
+ "Host"
363
+ ]
364
+ },
365
+ "query_string_cache_keys": {
366
+ "quantity": 0
367
+ }
368
+ },
369
+ "min_ttl": 0,
370
+ "default_ttl": 86400,
371
+ "max_ttl": 31536000
372
+ },
373
+ {
374
+ "path_pattern": "/packs/*",
375
+ "target_origin_id": "st-cloudfront-raynor",
376
+ "trusted_signers": {
377
+ "enabled": false,
378
+ "quantity": 0
379
+ },
380
+ "viewer_protocol_policy": "redirect-to-https",
381
+ "allowed_methods": {
382
+ "quantity": 2,
383
+ "items": [
384
+ "HEAD",
385
+ "GET"
386
+ ],
387
+ "cached_methods": {
388
+ "quantity": 2,
389
+ "items": [
390
+ "HEAD",
391
+ "GET"
392
+ ]
393
+ }
394
+ },
395
+ "smooth_streaming": false,
396
+ "compress": true,
397
+ "lambda_function_associations": {
398
+ "quantity": 0
399
+ },
400
+ "field_level_encryption_id": "",
401
+ "forwarded_values": {
402
+ "query_string": false,
403
+ "cookies": {
404
+ "forward": "none"
405
+ },
406
+ "headers": {
407
+ "quantity": 1,
408
+ "items": [
409
+ "Host"
410
+ ]
411
+ },
412
+ "query_string_cache_keys": {
413
+ "quantity": 0
414
+ }
415
+ },
416
+ "min_ttl": 0,
417
+ "default_ttl": 86400,
418
+ "max_ttl": 31536000
419
+ }
420
+ ]
421
+ },
422
+ "custom_error_responses": {
423
+ "quantity": 0
424
+ },
425
+ "comment": "st-cloudfront-raynor",
426
+ "price_class": "PriceClass_100",
427
+ "enabled": true,
428
+ "viewer_certificate": {
429
+ "acm_certificate_arn": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
430
+ "ssl_support_method": "sni-only",
431
+ "minimum_protocol_version": "TLSv1",
432
+ "certificate": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
433
+ "certificate_source": "acm"
434
+ },
435
+ "restrictions": {
436
+ "geo_restriction": {
437
+ "restriction_type": "none",
438
+ "quantity": 0
439
+ }
440
+ },
441
+ "web_acl_id": "",
442
+ "http_version": "HTTP2",
443
+ "is_ipv6_enabled": true,
444
+ "alias_icp_recordals": [
445
+ {
446
+ "cname": "staging.tapresearch.com",
447
+ "icp_recordal_status": "APPROVED"
448
+ },
449
+ {
450
+ "cname": "cdn.st.tapresearch.com",
451
+ "icp_recordal_status": "APPROVED"
452
+ }
453
+ ]
454
+ }
455
+ {
456
+ "id": "E1YOITBMNMXCK7",
457
+ "arn": "arn:aws:cloudfront::373533792662:distribution/E1YOITBMNMXCK7",
458
+ "status": "Deployed",
459
+ "last_modified_time": "2019-08-10 04:39:39 UTC",
460
+ "domain_name": "d2xztbefcw8pto.cloudfront.net",
461
+ "aliases": {
462
+ "quantity": 3,
463
+ "items": [
464
+ "www.tapresearch.com",
465
+ "cdn.tapresearch.com",
466
+ "tapresearch.com"
467
+ ]
468
+ },
469
+ "origins": {
470
+ "quantity": 1,
471
+ "items": [
472
+ {
473
+ "id": "pr-cloudfront-raynor",
474
+ "domain_name": "lb.pr.tapresearch.io",
475
+ "origin_path": "",
476
+ "custom_headers": {
477
+ "quantity": 0
478
+ },
479
+ "custom_origin_config": {
480
+ "http_port": 80,
481
+ "https_port": 443,
482
+ "origin_protocol_policy": "https-only",
483
+ "origin_ssl_protocols": {
484
+ "quantity": 1,
485
+ "items": [
486
+ "TLSv1.2"
487
+ ]
488
+ },
489
+ "origin_read_timeout": 60,
490
+ "origin_keepalive_timeout": 60
491
+ },
492
+ "connection_attempts": 3,
493
+ "connection_timeout": 10
494
+ }
495
+ ]
496
+ },
497
+ "origin_groups": {
498
+ "quantity": 0
499
+ },
500
+ "default_cache_behavior": {
501
+ "target_origin_id": "pr-cloudfront-raynor",
502
+ "trusted_signers": {
503
+ "enabled": false,
504
+ "quantity": 0
505
+ },
506
+ "viewer_protocol_policy": "redirect-to-https",
507
+ "allowed_methods": {
508
+ "quantity": 7,
509
+ "items": [
510
+ "HEAD",
511
+ "DELETE",
512
+ "POST",
513
+ "GET",
514
+ "OPTIONS",
515
+ "PUT",
516
+ "PATCH"
517
+ ],
518
+ "cached_methods": {
519
+ "quantity": 2,
520
+ "items": [
521
+ "HEAD",
522
+ "GET"
523
+ ]
524
+ }
525
+ },
526
+ "smooth_streaming": false,
527
+ "compress": true,
528
+ "lambda_function_associations": {
529
+ "quantity": 0
530
+ },
531
+ "field_level_encryption_id": "",
532
+ "forwarded_values": {
533
+ "query_string": true,
534
+ "cookies": {
535
+ "forward": "all"
536
+ },
537
+ "headers": {
538
+ "quantity": 1,
539
+ "items": [
540
+ "*"
541
+ ]
542
+ },
543
+ "query_string_cache_keys": {
544
+ "quantity": 0
545
+ }
546
+ },
547
+ "min_ttl": 0,
548
+ "default_ttl": 86400,
549
+ "max_ttl": 31536000
550
+ },
551
+ "cache_behaviors": {
552
+ "quantity": 2,
553
+ "items": [
554
+ {
555
+ "path_pattern": "/assets/*",
556
+ "target_origin_id": "pr-cloudfront-raynor",
557
+ "trusted_signers": {
558
+ "enabled": false,
559
+ "quantity": 0
560
+ },
561
+ "viewer_protocol_policy": "redirect-to-https",
562
+ "allowed_methods": {
563
+ "quantity": 2,
564
+ "items": [
565
+ "HEAD",
566
+ "GET"
567
+ ],
568
+ "cached_methods": {
569
+ "quantity": 2,
570
+ "items": [
571
+ "HEAD",
572
+ "GET"
573
+ ]
574
+ }
575
+ },
576
+ "smooth_streaming": false,
577
+ "compress": true,
578
+ "lambda_function_associations": {
579
+ "quantity": 0
580
+ },
581
+ "field_level_encryption_id": "",
582
+ "forwarded_values": {
583
+ "query_string": false,
584
+ "cookies": {
585
+ "forward": "none"
586
+ },
587
+ "headers": {
588
+ "quantity": 1,
589
+ "items": [
590
+ "Host"
591
+ ]
592
+ },
593
+ "query_string_cache_keys": {
594
+ "quantity": 0
595
+ }
596
+ },
597
+ "min_ttl": 0,
598
+ "default_ttl": 86400,
599
+ "max_ttl": 31536000
600
+ },
601
+ {
602
+ "path_pattern": "/packs/*",
603
+ "target_origin_id": "pr-cloudfront-raynor",
604
+ "trusted_signers": {
605
+ "enabled": false,
606
+ "quantity": 0
607
+ },
608
+ "viewer_protocol_policy": "redirect-to-https",
609
+ "allowed_methods": {
610
+ "quantity": 2,
611
+ "items": [
612
+ "HEAD",
613
+ "GET"
614
+ ],
615
+ "cached_methods": {
616
+ "quantity": 2,
617
+ "items": [
618
+ "HEAD",
619
+ "GET"
620
+ ]
621
+ }
622
+ },
623
+ "smooth_streaming": false,
624
+ "compress": true,
625
+ "lambda_function_associations": {
626
+ "quantity": 0
627
+ },
628
+ "field_level_encryption_id": "",
629
+ "forwarded_values": {
630
+ "query_string": false,
631
+ "cookies": {
632
+ "forward": "none"
633
+ },
634
+ "headers": {
635
+ "quantity": 1,
636
+ "items": [
637
+ "Host"
638
+ ]
639
+ },
640
+ "query_string_cache_keys": {
641
+ "quantity": 0
642
+ }
643
+ },
644
+ "min_ttl": 0,
645
+ "default_ttl": 86400,
646
+ "max_ttl": 31536000
647
+ }
648
+ ]
649
+ },
650
+ "custom_error_responses": {
651
+ "quantity": 0
652
+ },
653
+ "comment": "pr-cloudfront-raynor",
654
+ "price_class": "PriceClass_100",
655
+ "enabled": true,
656
+ "viewer_certificate": {
657
+ "acm_certificate_arn": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
658
+ "ssl_support_method": "sni-only",
659
+ "minimum_protocol_version": "TLSv1",
660
+ "certificate": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
661
+ "certificate_source": "acm"
662
+ },
663
+ "restrictions": {
664
+ "geo_restriction": {
665
+ "restriction_type": "none",
666
+ "quantity": 0
667
+ }
668
+ },
669
+ "web_acl_id": "",
670
+ "http_version": "HTTP2",
671
+ "is_ipv6_enabled": true,
672
+ "alias_icp_recordals": [
673
+ {
674
+ "cname": "tapresearch.com",
675
+ "icp_recordal_status": "APPROVED"
676
+ },
677
+ {
678
+ "cname": "cdn.tapresearch.com",
679
+ "icp_recordal_status": "APPROVED"
680
+ },
681
+ {
682
+ "cname": "www.tapresearch.com",
683
+ "icp_recordal_status": "APPROVED"
684
+ }
685
+ ]
686
+ }
687
+ {
688
+ "id": "E1UOT14S5HMB0D",
689
+ "arn": "arn:aws:cloudfront::373533792662:distribution/E1UOT14S5HMB0D",
690
+ "status": "Deployed",
691
+ "last_modified_time": "2019-08-10 01:26:15 UTC",
692
+ "domain_name": "d1xrdicqtjcu82.cloudfront.net",
693
+ "aliases": {
694
+ "quantity": 2,
695
+ "items": [
696
+ "yavin.tapresearch.com",
697
+ "cdn.ya.tapresearch.com"
698
+ ]
699
+ },
700
+ "origins": {
701
+ "quantity": 1,
702
+ "items": [
703
+ {
704
+ "id": "ya-cloudfront-raynor",
705
+ "domain_name": "lb.ya.tapresearch.io",
706
+ "origin_path": "",
707
+ "custom_headers": {
708
+ "quantity": 0
709
+ },
710
+ "custom_origin_config": {
711
+ "http_port": 80,
712
+ "https_port": 443,
713
+ "origin_protocol_policy": "https-only",
714
+ "origin_ssl_protocols": {
715
+ "quantity": 1,
716
+ "items": [
717
+ "TLSv1.2"
718
+ ]
719
+ },
720
+ "origin_read_timeout": 60,
721
+ "origin_keepalive_timeout": 60
722
+ },
723
+ "connection_attempts": 3,
724
+ "connection_timeout": 10
725
+ }
726
+ ]
727
+ },
728
+ "origin_groups": {
729
+ "quantity": 0
730
+ },
731
+ "default_cache_behavior": {
732
+ "target_origin_id": "ya-cloudfront-raynor",
733
+ "trusted_signers": {
734
+ "enabled": false,
735
+ "quantity": 0
736
+ },
737
+ "viewer_protocol_policy": "redirect-to-https",
738
+ "allowed_methods": {
739
+ "quantity": 7,
740
+ "items": [
741
+ "HEAD",
742
+ "DELETE",
743
+ "POST",
744
+ "GET",
745
+ "OPTIONS",
746
+ "PUT",
747
+ "PATCH"
748
+ ],
749
+ "cached_methods": {
750
+ "quantity": 2,
751
+ "items": [
752
+ "HEAD",
753
+ "GET"
754
+ ]
755
+ }
756
+ },
757
+ "smooth_streaming": false,
758
+ "compress": true,
759
+ "lambda_function_associations": {
760
+ "quantity": 0
761
+ },
762
+ "field_level_encryption_id": "",
763
+ "forwarded_values": {
764
+ "query_string": true,
765
+ "cookies": {
766
+ "forward": "all"
767
+ },
768
+ "headers": {
769
+ "quantity": 1,
770
+ "items": [
771
+ "*"
772
+ ]
773
+ },
774
+ "query_string_cache_keys": {
775
+ "quantity": 0
776
+ }
777
+ },
778
+ "min_ttl": 0,
779
+ "default_ttl": 86400,
780
+ "max_ttl": 31536000
781
+ },
782
+ "cache_behaviors": {
783
+ "quantity": 2,
784
+ "items": [
785
+ {
786
+ "path_pattern": "/assets/*",
787
+ "target_origin_id": "ya-cloudfront-raynor",
788
+ "trusted_signers": {
789
+ "enabled": false,
790
+ "quantity": 0
791
+ },
792
+ "viewer_protocol_policy": "redirect-to-https",
793
+ "allowed_methods": {
794
+ "quantity": 2,
795
+ "items": [
796
+ "HEAD",
797
+ "GET"
798
+ ],
799
+ "cached_methods": {
800
+ "quantity": 2,
801
+ "items": [
802
+ "HEAD",
803
+ "GET"
804
+ ]
805
+ }
806
+ },
807
+ "smooth_streaming": false,
808
+ "compress": true,
809
+ "lambda_function_associations": {
810
+ "quantity": 0
811
+ },
812
+ "field_level_encryption_id": "",
813
+ "forwarded_values": {
814
+ "query_string": false,
815
+ "cookies": {
816
+ "forward": "none"
817
+ },
818
+ "headers": {
819
+ "quantity": 1,
820
+ "items": [
821
+ "Host"
822
+ ]
823
+ },
824
+ "query_string_cache_keys": {
825
+ "quantity": 0
826
+ }
827
+ },
828
+ "min_ttl": 0,
829
+ "default_ttl": 86400,
830
+ "max_ttl": 31536000
831
+ },
832
+ {
833
+ "path_pattern": "/packs/*",
834
+ "target_origin_id": "ya-cloudfront-raynor",
835
+ "trusted_signers": {
836
+ "enabled": false,
837
+ "quantity": 0
838
+ },
839
+ "viewer_protocol_policy": "redirect-to-https",
840
+ "allowed_methods": {
841
+ "quantity": 2,
842
+ "items": [
843
+ "HEAD",
844
+ "GET"
845
+ ],
846
+ "cached_methods": {
847
+ "quantity": 2,
848
+ "items": [
849
+ "HEAD",
850
+ "GET"
851
+ ]
852
+ }
853
+ },
854
+ "smooth_streaming": false,
855
+ "compress": true,
856
+ "lambda_function_associations": {
857
+ "quantity": 0
858
+ },
859
+ "field_level_encryption_id": "",
860
+ "forwarded_values": {
861
+ "query_string": false,
862
+ "cookies": {
863
+ "forward": "none"
864
+ },
865
+ "headers": {
866
+ "quantity": 1,
867
+ "items": [
868
+ "Host"
869
+ ]
870
+ },
871
+ "query_string_cache_keys": {
872
+ "quantity": 0
873
+ }
874
+ },
875
+ "min_ttl": 0,
876
+ "default_ttl": 86400,
877
+ "max_ttl": 31536000
878
+ }
879
+ ]
880
+ },
881
+ "custom_error_responses": {
882
+ "quantity": 0
883
+ },
884
+ "comment": "ya-cloudfront-raynor",
885
+ "price_class": "PriceClass_100",
886
+ "enabled": true,
887
+ "viewer_certificate": {
888
+ "acm_certificate_arn": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
889
+ "ssl_support_method": "sni-only",
890
+ "minimum_protocol_version": "TLSv1",
891
+ "certificate": "arn:aws:acm:us-east-1:373533792662:certificate/2ab64b56-ce35-4116-99e5-91ac5141b063",
892
+ "certificate_source": "acm"
893
+ },
894
+ "restrictions": {
895
+ "geo_restriction": {
896
+ "restriction_type": "none",
897
+ "quantity": 0
898
+ }
899
+ },
900
+ "web_acl_id": "",
901
+ "http_version": "HTTP2",
902
+ "is_ipv6_enabled": true,
903
+ "alias_icp_recordals": [
904
+ {
905
+ "cname": "yavin.tapresearch.com",
906
+ "icp_recordal_status": "APPROVED"
907
+ },
908
+ {
909
+ "cname": "cdn.ya.tapresearch.com",
910
+ "icp_recordal_status": "APPROVED"
911
+ }
912
+ ]
913
+ }