rds_ssm_connect 1.1.7 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/SECURITY.md +21 -0
  2. package/connect.js +19 -15
  3. package/envPortMapping.js +2 -1
  4. package/package.json +1 -1
package/SECURITY.md ADDED
@@ -0,0 +1,21 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ Use this section to tell people about which versions of your project are
6
+ currently being supported with security updates.
7
+
8
+ | Version | Supported |
9
+ | ------- | ------------------ |
10
+ | 5.1.x | :white_check_mark: |
11
+ | 5.0.x | :x: |
12
+ | 4.0.x | :white_check_mark: |
13
+ | < 4.0 | :x: |
14
+
15
+ ## Reporting a Vulnerability
16
+
17
+ Use this section to tell people how to report a vulnerability.
18
+
19
+ Tell them where to go, how often they can expect to get an update on a
20
+ reported vulnerability, what to expect if the vulnerability is accepted or
21
+ declined, etc.
package/connect.js CHANGED
@@ -14,7 +14,7 @@ const awsConfigPath = path.join(os.homedir(), '.aws', 'config')
14
14
  // Read the contents of the AWS config file
15
15
  const awsConfig = fs.readFileSync(awsConfigPath, 'utf-8')
16
16
 
17
- // Extract environments from AWS config file
17
+ // Extract environments from the AWS config file
18
18
  const ENVS = awsConfig
19
19
  .split('\n')
20
20
  .filter(line => line.startsWith('[') && line.endsWith(']'))
@@ -31,7 +31,6 @@ inquirer
31
31
  choices: ENVS
32
32
  }
33
33
  ])
34
-
35
34
  .then((answers) => {
36
35
  const ENV = answers.ENV // Get the selected environment from the user's answers
37
36
  console.log(`You selected: ${ENV}`)
@@ -52,23 +51,28 @@ inquirer
52
51
 
53
52
  // Set up the commands to run inside the aws-vault environment
54
53
  const awsVaultExecCommand = ['aws-vault', 'exec', ENV, '--']
55
- const ssmDescribeCommand = `aws ssm describe-parameters --region ${REGION} --query "Parameters[?ends_with(Name, '/rds/rds-aurora-password')].Name" --output text | head -n 1`
54
+ const secretsDescribeCommand = `aws secretsmanager list-secrets --region ${REGION} --query 'SecretList[?starts_with(Name, \`rds!cluster\`)].Name' --output text | head -n 1`
56
55
 
57
56
  // Run the commands inside aws-vault environment
58
- const ssmDescribeProcess = spawn('sh', ['-c', `${awsVaultExecCommand.join(' ')} ${ssmDescribeCommand}`])
57
+ const secretsDescribeProcess = spawn('sh', ['-c', `${awsVaultExecCommand.join(' ')} ${secretsDescribeCommand}`])
58
+
59
+ // Get the name of the secret containing the RDS credentials
60
+ secretsDescribeProcess.stdout.on('data', (data) => {
61
+ const SECRET_NAME = data.toString().trim()
59
62
 
60
- // Get the name of the parameter containing the RDS password
61
- ssmDescribeProcess.stdout.on('data', (data) => {
62
- const PARAM_NAME = data.toString().trim()
63
+ if (!SECRET_NAME) {
64
+ console.error('No secret found with name starting with rds!cluster.')
65
+ return
66
+ }
63
67
 
64
- // Get the RDS credentials
65
- const ssmGetCommand = `aws ssm get-parameter --region ${REGION} --name '${PARAM_NAME}' --with-decryption --query Parameter.Value --output text`
66
- const ssmGetProcess = spawn('sh', ['-c', `${awsVaultExecCommand.join(' ')} ${ssmGetCommand}`])
68
+ // Get the RDS credentials from Secrets Manager
69
+ const secretsGetCommand = `aws secretsmanager get-secret-value --region ${REGION} --secret-id '${SECRET_NAME}' --query SecretString --output text`
70
+ const secretsGetProcess = spawn('sh', ['-c', `${awsVaultExecCommand.join(' ')} ${secretsGetCommand}`])
67
71
 
68
- // Parse the JSON output of the ssm get-parameter command to get the RDS credentials
69
- ssmGetProcess.stdout.on('data', (data) => {
72
+ // Parse the JSON output of the secretsmanager get-secret-value command to get the RDS credentials
73
+ secretsGetProcess.stdout.on('data', (data) => {
70
74
  const CREDENTIALS = JSON.parse(data.toString())
71
- const USERNAME = CREDENTIALS.user // Get the RDS username from the credentials
75
+ const USERNAME = CREDENTIALS.username // Get the RDS username from the credentials
72
76
  const PASSWORD = CREDENTIALS.password // Get the RDS password from the credentials
73
77
 
74
78
  // Display connection credentials and connection string
@@ -122,12 +126,12 @@ inquirer
122
126
  })
123
127
  })
124
128
 
125
- ssmGetProcess.stderr.on('data', (data) => {
129
+ secretsGetProcess.stderr.on('data', (data) => {
126
130
  console.error(`Command execution error: ${data.toString()}`)
127
131
  })
128
132
  })
129
133
 
130
- ssmDescribeProcess.stderr.on('data', (data) => {
134
+ secretsDescribeProcess.stderr.on('data', (data) => {
131
135
  console.error(`Command execution error: ${data.toString()}`)
132
136
  })
133
137
  })
package/envPortMapping.js CHANGED
@@ -7,7 +7,8 @@ export const envPortMapping = {
7
7
  dev2: '5437',
8
8
  stage2: '5438',
9
9
  sandbox: '5439',
10
- 'perf-dev': '5440'
10
+ 'perf-dev': '5440',
11
+ support: '5441'
11
12
  }
12
13
 
13
14
  // Define the table name
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "rds_ssm_connect",
3
- "version": "1.1.7",
3
+ "version": "1.2.1",
4
4
  "type": "module",
5
5
  "dependencies": {
6
6
  "@aws-sdk/client-ec2": "^3.495.0",