01 fidelis

01-cloudformation/README.md

@@ -75,7 +75,7 @@ and get familiar with the basic parts of a CloudFormation template.
 
 #### Lab 1.1.1: CloudFormation Template Requirements
 
-Create the *most minimal CFN template possible* that can be used to
+Create the _most minimal CFN template possible_ that can be used to
 create an AWS Simple Storage Service (S3) Bucket.
 
 - Always write your CloudFormation [templates in YAML](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-formats.html).
@@ -85,8 +85,8 @@ create an AWS Simple Storage Service (S3) Bucket.
 
 - Note the output provided by creating the Stack.
 
-- Though *functionally* unnecessary, the Description (i.e. its *purpose*)
-  element documents your code's *intent*, so provide one. The Description
+- Though _functionally_ unnecessary, the Description (i.e. its _purpose_)
+  element documents your code's _intent_, so provide one. The Description
   key-value pair should be at the _root level_ of your template. If you place
   it under the definition of a resource, AWS will allow the template's creation
   but your description will not populate anything. See
@@ -213,7 +213,7 @@ Policy's Amazon Resource Name ([ARN](https://docs.aws.amazon.com/general/latest/
 
 #### Lab 1.2.3: Importing another Stack's Exports
 
-Create a *new* CFN template that describes an IAM User and applies to it
+Create a _new_ CFN template that describes an IAM User and applies to it
 the Managed Policy ARN created by and exported from the previous Stack.
 
 - Create this new Stack.
@@ -273,7 +273,7 @@ deploy _a single S3 bucket_.
   using a looping construct to run the template the proper number of times.
 
 - Use an external JSON or YAML configuration file to maintain the target
-  deployment region parameters.  Consider using `jq` or `yq` to parse this file.
+  deployment region parameters. Consider using `jq` or `yq` to parse this file.
 
 - Each bucket name should be of the format
   "_current-Region_-_current-Account_-_friendly-name_"

01-cloudformation/exec.sh

@@ -0,0 +1,16 @@
+#!/bin/bash 
+
+STACK_NAME="fidelisImportIAM"
+TEMPLATE="s3-import.yaml"
+PROFILE="labmfa"
+REGION="us-east-1"
+
+aws cloudformation deploy --template-file $TEMPLATE \
+     --stack-name $STACK_NAME --profile $PROFILE \
+       --capabilities CAPABILITY_NAMED_IAM \
+         --region $REGION
+
+# aws cloudformation list-exports \
+#    --profile $PROFILE \
+#      --region $REGION
+

01-cloudformation/myReadme.md

@@ -0,0 +1,38 @@
+# Documentation for the cloudformation module
+
+This holds all the informations about scripts and templates i created in this module
+
+## Lab 1.1.1
+
+- s3_1.yaml template will create a simple s3 bucket.
+- I have used the aws cli tool to deploy the stack
+  - aws cloudformation deploy --template-file s3.yaml --stack-name s3-bucket-create
+- If we notice, the bucket has been named: s3-bucket-create-s3bucket-15s1dsy5yhdfa
+
+## Lab 1.1.2: Stack Parameters
+
+- s3-params.yaml template will create the bucket and name it using the parameter file name.json
+- command used to update the stack is:
+  - aws cloudformation deploy --template-file s3-params.yaml --stack-name s3-bucket-create --profile labmfa --parameter-overrides file://name.json
+
+## Lab 1.1.3: Pseudo-Parameters
+
+- s3-pseudo.yaml has the template
+- This will prefix the bucketname with the aws account id
+
+### Scripts
+
+- exec.sh: This script does the cli kick of the deployment.
+
+## Lab 1.2.1: Cross-Referencing Resources within a Template
+
+- s3-iam.yaml creates the stack
+
+## Lab 1.2.2: Exposing Resource Details via Exports
+
+- updated s3-iam.yaml to update the stack
+- exec.sh has the commands used to list all stack exports
+
+## Lab 1.2.3: Importing another Stack's Exports
+
+- s3-import.yaml creates the stack

01-cloudformation/name.json

@@ -0,0 +1,5 @@
+{
+    "Parameters": {
+      "BucketName": "fidelis-stelligent-test-bucket"
+    }
+}

01-cloudformation/s3-cond.yaml

@@ -0,0 +1,19 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: 'AWS CloudFormation Template to create an S3 bucket'
+
+Parameters:
+  BucketName:
+    Type: String
+    Description: The name of the S3 Bucket to create
+
+Conditions:
+  isProduction: !Equals [ !Ref AWS::Region, us-east-1 ]
+
+Resources:
+  S3Bucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketName: !If
+      - isProduction
+      - !Join [ '-', [ !Ref AWS::AccountId, !Ref BucketName ] ]
+      - !Join [ '-', [ !Ref AWS::Region, !Ref BucketName ] ]

01-cloudformation/s3-iam.yaml

@@ -0,0 +1,39 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: Create IAM user with Read access to all buckets.
+
+Parameters:
+  S3UserName:
+    Type: String
+    Description: The name of the S3 Bucket to create
+    Default: 01-fidelis-user
+
+Resources:
+
+  myCustomerManagedPolicyForIAM:
+    Type: 'AWS::IAM::ManagedPolicy'
+    Properties:
+      ManagedPolicyName: FidelisIAMReadOnlyPolicy # give a name to this policy
+      Description: Customer managed policy for read only access to s3
+      Path: '/'
+      PolicyDocument: # (required) JSON policy document 
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Action:
+              - 's3:ListBucket'
+              - 's3:GetObject'
+            Resource: '*'
+
+  S3User:
+    Type: AWS::IAM::User
+    Properties:
+      UserName: !Ref S3UserName
+      ManagedPolicyArns:
+        - !Ref myCustomerManagedPolicyForIAM
+
+Outputs:
+  outputName:
+    Description: Customer managed policy name
+    Value: !Ref myCustomerManagedPolicyForIAM
+    Export:
+      Name: !Sub "${AWS::StackName}-MyManagedPolicy" 

01-cloudformation/s3-import.yaml

@@ -0,0 +1,18 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: Create IAM user with Read access to all buckets.
+
+Parameters:
+  S3UserName:
+    Type: String
+    Description: The name of the S3 Bucket to create
+    Default: 01-fidelis-user2
+
+Resources:
+
+  S3User:
+    Type: AWS::IAM::User
+    Properties:
+      UserName: !Ref S3UserName
+      ManagedPolicyArns:
+        - Fn::ImportValue: "fidelis-test-lab-MyManagedPolicy"
+

01-cloudformation/s3-params.yaml

@@ -0,0 +1,13 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: 'AWS CloudFormation Template to create an S3 bucket'
+
+Parameters:
+  BucketName:
+    Type: String
+    Description: The name of the S3 Bucket to create
+
+Resources:
+  S3Bucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketName: !Ref BucketName

01-cloudformation/s3-pseudo.yaml

@@ -0,0 +1,13 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: 'AWS CloudFormation Template to create an S3 bucket'
+
+Parameters:
+  BucketName:
+    Type: String
+    Description: The name of the S3 Bucket to create
+
+Resources:
+  S3Bucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketName: !Join [ '-', [ !Ref AWS::AccountId, !Ref BucketName ] ]

01-cloudformation/s3_1.yaml

@@ -0,0 +1,6 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: 'AWS CloudFormation Template to create an S3 bucket'
+
+Resources:
+  S3Bucket:
+    Type: AWS::S3::Bucket

01-cloudformation/stacks

@@ -0,0 +1,6 @@
+fidelis-lab
+fidelis-test-lab
+fidelis-test-new-lab 
+fidelis-new-lab
+fidelis01-new-lab
+fidelisImportIAM