Граф коммитов

44 Коммитов

Автор SHA1 Сообщение Дата
Aaron Meihm 1cca2ed5f8 fix typo from b516699 2017-02-09 13:09:56 -06:00
Aaron Meihm b516699264 conditionally deploy dd role in prod 2017-02-09 12:31:02 -06:00
Aaron Meihm dd4ce1ecc2 use gp2 for rds in dev 2017-02-09 11:59:54 -06:00
Aaron Meihm fd99e97f9a move td-agent installation later in process 2017-02-08 14:45:15 -06:00
Aaron Meihm 639b94f022 set topic name for SNS topic 2017-02-08 14:37:08 -06:00
Aaron Meihm 84888ac495 add role to deploy td-agent 2017-02-08 14:19:14 -06:00
Aaron Meihm 547626d9e1 add a couple missing permissions for sns / sqs 2017-02-08 13:54:48 -06:00
Aaron Meihm a030fa75cb add sqs and sns topic for logging to mozdef 2017-02-08 11:11:50 -06:00
Aaron Meihm 793c44ce4c enable datadog role 2017-01-26 11:44:15 -06:00
Aaron Meihm 3a13c0543f change rds storage type to io1
This should likely become gp2, but initially use io1.
2017-01-26 09:54:52 -06:00
Aaron Meihm aaf800fc18 adjust some params for rds instance 2017-01-12 11:01:31 -06:00
Aaron Meihm 1c51f22ff7 allocate eip for gateway 2017-01-12 11:01:12 -06:00
Aaron Meihm d3e081bbe3 ensure users role runs 2017-01-11 15:36:49 -06:00
Aaron Meihm 53eaa9acc6 update API ELB policy to ELBSecurityPolicy-2016-08 2017-01-11 14:46:55 -06:00
Aaron Meihm 86942df544 add playbook for stack promotion 2017-01-11 14:40:19 -06:00
Aaron Meihm 2a7b7ada1f api and relay elb dns in stack output 2017-01-11 13:38:24 -06:00
Aaron Meihm 78454efaee set internal relay elb scheme 2017-01-09 11:55:35 -06:00
Aaron Meihm 1b25c4e8a1 use internal elb for relay connection
Use regular amqp to connect from internal hosts to relays. This avoids
an issue where if we are using amqps and connecting to the regular relay
elb, dns needs to be set on the stack so certificate validation
succeeds.
2017-01-09 10:54:40 -06:00
Aaron Meihm 5bc45f5e1d add missing scheduler instance type 2017-01-08 13:58:04 -06:00
Aaron Meihm fc032d64f9 add scheduler 2017-01-08 13:14:44 -06:00
Aaron Meihm 72dc14ab55 add elb for relay 2017-01-08 12:01:10 -06:00
Aaron Meihm 8904b67747 optionally support rds resource creation using a snapshot 2017-01-08 08:15:31 -06:00
Aaron Meihm 892ac89020 enable dns hostnames in vpc 2017-01-06 16:21:34 -06:00
Aaron Meihm de95416f44 all ports between rabbit cluster 2017-01-06 16:20:22 -06:00
Aaron Meihm 9a3460643b update base template to use tags 2017-01-06 15:49:25 -06:00
Aaron Meihm 44b040e885 add second relay 2017-01-06 15:46:14 -06:00
Aaron Meihm 616c46d30a add primary relay instance 2017-01-06 13:20:34 -06:00
Aaron Meihm 5946fcde1e change elb instance port for api to 1664 2017-01-05 16:25:10 -06:00
Aaron Meihm c506ebc7a4 app vpc updates, userdata 2017-01-05 15:00:31 -06:00
Aaron Meihm 71912cf951 set noecho for rds param 2017-01-05 14:13:02 -06:00
Aaron Meihm dae7fbf872 sops decrypt of pull secrets 2017-01-05 13:59:30 -06:00
Aaron Meihm 161ff7504a s3 for sops data 2017-01-05 13:12:11 -06:00
Aaron Meihm a619139cd3 set instance role in base stack 2017-01-05 11:06:18 -06:00
Aaron Meihm 645dd5d28d assign static role name 2017-01-05 10:49:11 -06:00
Aaron Meihm ed5bf8185c add template for instance role creation 2017-01-05 10:38:52 -06:00
Aaron Meihm 937cf43bc3 output rds instance on stack create 2017-01-04 15:53:15 -06:00
Aaron Meihm 1553f40b45 rds access from bastion host 2017-01-04 15:40:53 -06:00
Aaron Meihm b69d8d1df9 add rds, additional subnets 2017-01-04 15:32:29 -06:00
Aaron Meihm ea6e8f10aa add some missing tags, bump api instances to 2 2017-01-04 13:36:42 -06:00
Aaron Meihm 3a4363825c specify az on base creation 2017-01-04 11:07:02 -06:00
Aaron Meihm ce61904398 use nat instance 2017-01-03 15:21:27 -06:00
Aaron Meihm 9fac287feb gw iptables config, cinit meta 2017-01-03 14:30:28 -06:00
Aaron Meihm d29de9c8d0 add api elb, some additional cleanup 2017-01-03 13:11:29 -06:00
Aaron Meihm 4d5d18178f add some initial stuff around this 2016-12-30 17:05:00 -06:00