train-aws 0.1.11 → 0.1.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/train-aws/version.rb +1 -1
- data/train-aws.gemspec +2 -2
- metadata +3 -4
- data/README.md +0 -109
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f12716bfe83d525bf3283209f86ff9d94dbf6bb236d008f4755d7da1e5826c1b
|
4
|
+
data.tar.gz: 36181b6c56d09e996efc4c22020a9c5559e60472152ddb101b898e71b72f84c4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: af8a97cbf3101d0800e20cfc5722f3841fb8fcd07823a52eb8d91ad56f6c2d94db3d46c9c4135ca13e311f632e3aacbd45d2b97f413544582e5c70c83e45d333
|
7
|
+
data.tar.gz: c2697ec2c1f4ac129f80acac20c1a37d6a7bc5612796724f44efd1b209c25be9a4d9e7f9825c9b93142d87ab4a24dc4a9c6393b8b8fc7486fcfd73b2e9443ce4
|
data/lib/train-aws/version.rb
CHANGED
data/train-aws.gemspec
CHANGED
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
|
|
17
17
|
spec.authors = ["Chef InSpec Team"]
|
18
18
|
spec.email = ["inspec@chef.io"]
|
19
19
|
spec.summary = "AWS API Transport for Train"
|
20
|
-
spec.description = "Allows
|
20
|
+
spec.description = "Allows applications using Train to speak to AWS; handles authentication, cacheing, and SDK dependency management."
|
21
21
|
spec.homepage = "https://github.com/inspec/train-aws"
|
22
22
|
spec.license = "Apache-2.0"
|
23
23
|
|
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
|
|
25
25
|
# It just filters what will actually be packaged in the gem (leaving
|
26
26
|
# out tests, etc)
|
27
27
|
spec.files = %w{
|
28
|
-
|
28
|
+
train-aws.gemspec Gemfile
|
29
29
|
} + Dir.glob(
|
30
30
|
"lib/**/*", File::FNM_DOTMATCH
|
31
31
|
).reject { |f| File.directory?(f) }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: train-aws
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chef InSpec Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-10-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-apigateway
|
@@ -654,7 +654,7 @@ dependencies:
|
|
654
654
|
- - "~>"
|
655
655
|
- !ruby/object:Gem::Version
|
656
656
|
version: '1'
|
657
|
-
description: Allows
|
657
|
+
description: Allows applications using Train to speak to AWS; handles authentication,
|
658
658
|
cacheing, and SDK dependency management.
|
659
659
|
email:
|
660
660
|
- inspec@chef.io
|
@@ -663,7 +663,6 @@ extensions: []
|
|
663
663
|
extra_rdoc_files: []
|
664
664
|
files:
|
665
665
|
- Gemfile
|
666
|
-
- README.md
|
667
666
|
- lib/train-aws.rb
|
668
667
|
- lib/train-aws/connection.rb
|
669
668
|
- lib/train-aws/platform.rb
|
data/README.md
DELETED
@@ -1,109 +0,0 @@
|
|
1
|
-
# train-aws - Train Plugin for connecting to AWS
|
2
|
-
|
3
|
-
* **Project State: Active**
|
4
|
-
* **Issues Response SLA: 3 business days**
|
5
|
-
* **Pull Request Response SLA: 3 business days**
|
6
|
-
|
7
|
-
For more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md).
|
8
|
-
|
9
|
-
This plugin allows applications that rely on Train to communicate with the Amazon Web Services API. For example, InSpec uses this to perform compliance checks against AWS infrastructure components.
|
10
|
-
|
11
|
-
The plugin is a wrapper around `aws-sdk-core` version 3, with additional service-specific gems added where needed by the `inspec-aws` resource pack.
|
12
|
-
|
13
|
-
Train itself has no CLI, nor a sophisticated test harness. InSpec does have such facilities, so installing Train plugins will require an InSpec installation. You do not need to use or understand InSpec.
|
14
|
-
|
15
|
-
Train plugins may be developed without an InSpec installation.
|
16
|
-
|
17
|
-
## To Install this as a User
|
18
|
-
|
19
|
-
Train plugins are distributed as gems. You may choose to manage the gem yourself, but if you are an InSpec user, InSPec can handle it for you.
|
20
|
-
|
21
|
-
You will need InSpec v2.3 or later.
|
22
|
-
|
23
|
-
Simply run:
|
24
|
-
|
25
|
-
```
|
26
|
-
$ inspec plugin install train-aws
|
27
|
-
```
|
28
|
-
|
29
|
-
You can then run:
|
30
|
-
|
31
|
-
```
|
32
|
-
$ inspec detect -t aws://
|
33
|
-
== Platform Details
|
34
|
-
|
35
|
-
Name: aws
|
36
|
-
Families: cloud, api
|
37
|
-
Release: train-aws: v0.1.0, aws-sdk-core: 3.30.0
|
38
|
-
Arch: -
|
39
|
-
```
|
40
|
-
|
41
|
-
## Authenticating to AWS
|
42
|
-
|
43
|
-
These instructions assume you are using InSpec.
|
44
|
-
|
45
|
-
### Setting up AWS credentials for InSpec
|
46
|
-
|
47
|
-
InSpec uses the standard AWS authentication mechanisms. Typically, you will create an IAM user specifically for auditing activities.
|
48
|
-
|
49
|
-
* 1 Create an IAM user in the AWS console, with your choice of username. Check the box marked "Programmatic Access."
|
50
|
-
* 2 On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM Profile named "ReadOnlyAccess." If you wish to restrict the user further, you may do so; see individual InSpec resources to identify which permissions are required.
|
51
|
-
* 3 After generating the key, record the Access Key ID and Secret Key.
|
52
|
-
|
53
|
-
#### Using Environment Variables to provide credentials
|
54
|
-
|
55
|
-
You may provide the credentials to InSpec by setting the following environment variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_KEY_ID`. You may also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the [AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for details.
|
56
|
-
|
57
|
-
Once you have your environment variables set, you can verify your credentials by running:
|
58
|
-
|
59
|
-
```bash
|
60
|
-
you$ inspec detect -t aws://
|
61
|
-
|
62
|
-
== Platform Details
|
63
|
-
Name: aws
|
64
|
-
Families: cloud, api
|
65
|
-
Release: aws-sdk-v2.10.125
|
66
|
-
```
|
67
|
-
|
68
|
-
#### Using the InSpec target option to provide credentials on AWS
|
69
|
-
|
70
|
-
Look for a file in your home directory named `~/.aws/credentials`. If it does not exist, create it. Choose a name for your profile; here, we're using the name 'auditing'. Add your credentials as a new profile, in INI format:
|
71
|
-
|
72
|
-
```bash
|
73
|
-
[auditing]
|
74
|
-
aws_access_key_id = AKIA....
|
75
|
-
aws_secret_access_key = 1234....abcd
|
76
|
-
```
|
77
|
-
|
78
|
-
You may now run InSpec using the `--target` / `-t` option, using the format `-t aws://region/profile`. For example, to connect to the Ohio region using a profile named 'auditing', use `-t aws://us-east-2/auditing`. Any omitted portion will use teh environment variables.
|
79
|
-
|
80
|
-
To verify your credentials,
|
81
|
-
|
82
|
-
```bash
|
83
|
-
you$ inspec detect -t aws://
|
84
|
-
|
85
|
-
== Platform Details
|
86
|
-
Name: aws
|
87
|
-
Families: cloud, api
|
88
|
-
Release: aws-sdk-v2.10.125
|
89
|
-
```
|
90
|
-
|
91
|
-
## Reporting Issues
|
92
|
-
|
93
|
-
Bugs, typos, limitations, and frustrations are welcome to be reported through the [GitHub issues page for the train-aws project](https://github.com/inspec/train-aws/issues).
|
94
|
-
|
95
|
-
You may also ask questions in the #inspec channel of the CHef Community Slack team. However, for an issue to get traction, please report it as a github issue.
|
96
|
-
|
97
|
-
## Development on this Plugin
|
98
|
-
|
99
|
-
### Development Process
|
100
|
-
|
101
|
-
If you wish to contribute to this plugin, please use the usual fork-branch-push-PR cycle. All functional changes need new tests, and bugfixes are expected to include a new test that demonstrates the bug.
|
102
|
-
|
103
|
-
### Reference Information
|
104
|
-
|
105
|
-
[Plugin Development](https://github.com/inspec/train/blob/master/docs/dev/plugins.md) is documented on the `train` project on GitHub.
|
106
|
-
|
107
|
-
### Testing changes against AWS
|
108
|
-
|
109
|
-
Live-fire testing against AWS may be performed by the `integration` set of tests. To run the integration tests, you will need to have a set of AWS credentials exported to your environment. See test/integration/live_connect_test.rb .
|