Aaron Meihm
1cca2ed5f8
fix typo from b516699
2017-02-09 13:09:56 -06:00
Aaron Meihm
b516699264
conditionally deploy dd role in prod
2017-02-09 12:31:02 -06:00
Aaron Meihm
dd4ce1ecc2
use gp2 for rds in dev
2017-02-09 11:59:54 -06:00
Aaron Meihm
fd99e97f9a
move td-agent installation later in process
2017-02-08 14:45:15 -06:00
Aaron Meihm
639b94f022
set topic name for SNS topic
2017-02-08 14:37:08 -06:00
Aaron Meihm
84888ac495
add role to deploy td-agent
2017-02-08 14:19:14 -06:00
Aaron Meihm
547626d9e1
add a couple missing permissions for sns / sqs
2017-02-08 13:54:48 -06:00
Aaron Meihm
a030fa75cb
add sqs and sns topic for logging to mozdef
2017-02-08 11:11:50 -06:00
Aaron Meihm
793c44ce4c
enable datadog role
2017-01-26 11:44:15 -06:00
Aaron Meihm
3a13c0543f
change rds storage type to io1
...
This should likely become gp2, but initially use io1.
2017-01-26 09:54:52 -06:00
Aaron Meihm
aaf800fc18
adjust some params for rds instance
2017-01-12 11:01:31 -06:00
Aaron Meihm
1c51f22ff7
allocate eip for gateway
2017-01-12 11:01:12 -06:00
Aaron Meihm
d3e081bbe3
ensure users role runs
2017-01-11 15:36:49 -06:00
Aaron Meihm
53eaa9acc6
update API ELB policy to ELBSecurityPolicy-2016-08
2017-01-11 14:46:55 -06:00
Aaron Meihm
86942df544
add playbook for stack promotion
2017-01-11 14:40:19 -06:00
Aaron Meihm
2a7b7ada1f
api and relay elb dns in stack output
2017-01-11 13:38:24 -06:00
Aaron Meihm
78454efaee
set internal relay elb scheme
2017-01-09 11:55:35 -06:00
Aaron Meihm
1b25c4e8a1
use internal elb for relay connection
...
Use regular amqp to connect from internal hosts to relays. This avoids
an issue where if we are using amqps and connecting to the regular relay
elb, dns needs to be set on the stack so certificate validation
succeeds.
2017-01-09 10:54:40 -06:00
Aaron Meihm
5bc45f5e1d
add missing scheduler instance type
2017-01-08 13:58:04 -06:00
Aaron Meihm
fc032d64f9
add scheduler
2017-01-08 13:14:44 -06:00
Aaron Meihm
72dc14ab55
add elb for relay
2017-01-08 12:01:10 -06:00
Aaron Meihm
8904b67747
optionally support rds resource creation using a snapshot
2017-01-08 08:15:31 -06:00
Aaron Meihm
892ac89020
enable dns hostnames in vpc
2017-01-06 16:21:34 -06:00
Aaron Meihm
de95416f44
all ports between rabbit cluster
2017-01-06 16:20:22 -06:00
Aaron Meihm
9a3460643b
update base template to use tags
2017-01-06 15:49:25 -06:00
Aaron Meihm
44b040e885
add second relay
2017-01-06 15:46:14 -06:00
Aaron Meihm
616c46d30a
add primary relay instance
2017-01-06 13:20:34 -06:00
Aaron Meihm
5946fcde1e
change elb instance port for api to 1664
2017-01-05 16:25:10 -06:00
Aaron Meihm
c506ebc7a4
app vpc updates, userdata
2017-01-05 15:00:31 -06:00
Aaron Meihm
71912cf951
set noecho for rds param
2017-01-05 14:13:02 -06:00
Aaron Meihm
dae7fbf872
sops decrypt of pull secrets
2017-01-05 13:59:30 -06:00
Aaron Meihm
161ff7504a
s3 for sops data
2017-01-05 13:12:11 -06:00
Aaron Meihm
a619139cd3
set instance role in base stack
2017-01-05 11:06:18 -06:00
Aaron Meihm
645dd5d28d
assign static role name
2017-01-05 10:49:11 -06:00
Aaron Meihm
ed5bf8185c
add template for instance role creation
2017-01-05 10:38:52 -06:00
Aaron Meihm
937cf43bc3
output rds instance on stack create
2017-01-04 15:53:15 -06:00
Aaron Meihm
1553f40b45
rds access from bastion host
2017-01-04 15:40:53 -06:00
Aaron Meihm
b69d8d1df9
add rds, additional subnets
2017-01-04 15:32:29 -06:00
Aaron Meihm
ea6e8f10aa
add some missing tags, bump api instances to 2
2017-01-04 13:36:42 -06:00
Aaron Meihm
3a4363825c
specify az on base creation
2017-01-04 11:07:02 -06:00
Aaron Meihm
ce61904398
use nat instance
2017-01-03 15:21:27 -06:00
Aaron Meihm
9fac287feb
gw iptables config, cinit meta
2017-01-03 14:30:28 -06:00
Aaron Meihm
d29de9c8d0
add api elb, some additional cleanup
2017-01-03 13:11:29 -06:00
Aaron Meihm
4d5d18178f
add some initial stuff around this
2016-12-30 17:05:00 -06:00