AWS Inspector - Teraform deployment - amazon-web-services

I am working over AWS trying some security features like securityhub, and I was deployed it trough terraform. Now I am interested in apply from terraform AWS inspector after try it from aws console; but I don't find a way to configure this implementation applying an account delegation and full freatured deployment, I was only found the way to apply the old classic inspector over aws. There is a way to implement aws inspector v2 with terraform?
Thanks

I just saw thath Inspector v2 is a new feature (released one month ago) and at the moment is is not supported by Terraform.
Terraform GitHub Issue

Related

how to attach dashboard with AWS managed grafana using terraform

I am trying to setup AWS Managed grafana using terraform. I am following this examples:
https://github.com/terraform-aws-modules/terraform-aws-managed-service-grafana/tree/master/examples/complete
I can able to setup the grafana via terraform. Then I created dashboard.json and tried to apply dashboard via terraform. But I am not able to find any suitable link for it. Can anyone please help me on this?
It doesn't look like theres a resource in the terraform provider for adding a dashboard just yet. Available resources
There is however an AWS REST API for it: https://docs.aws.amazon.com/grafana/latest/userguide/Grafana-API-Dashboard.html
I've recently been investigating this myself and decided to just create them manually and store json backups of the dashboard configuration for when it becomes available.
At my place we use Pulumi, which would make it easier to add a custom integration to add dashboard to the Grafana instance, so I will be looking in to that when I have more time.
you will have to use the grafana provider for Terraform.
Here is a sample code that might help you: https://github.com/kunduso/aws_managed_grafana_workspace_dashboard/tree/main/amg_dashboard

How do we go about versioning and/or backing up Configurations for the Amazon AWS Cloud Services?

Sorry, I’m sort of a newbie when it comes to Amazon AWS Cloud so sorry if I sound naïve.
For .NET developers, I’ve used Visual Studio 2019’s AWS Lambda project to code Lambda functions and ultimately deploy it to Amazon AWS cloud
However, my concern is that there is No way to version and/or back up the Configurations for the AWS Services ( i.e., S3 bucket, Amazon SNS & SQS, etc.) that are invoked and/or trigger the various AWS Lambda Functions
The problem is that IT developers who configure said AWS Services have to use the ADFS AWS Services console website’s GUI to configure the various AWS Services, and if someone mistakenly deletes an AWS Services then they lose the configuration settings as well?
How do we go about versioning and/or backing up Configurations for the AWS Services?
There are Infrastructure as a Code frameworks like Terraform and Ansible designed to address that.
You can't really delete an AWS service.
it seems like you guys are kind of "new" to AWS so I will recommend using CloudFormation templates as Infrastructure As Code tool. All the configuration of how your AWS resources are supposed to look like can be added to the template and you deploy the template to create your AWS resources. Its AWS-Native and does not cost you anything.
On top of it, you also want to add your CloudFormation templates to version control system.

Terraform aws iot sitewise resource

I am trying to create an IoT Sitewise asset in aws using terraform however it is not listed in documentation. Is there a way for me to create this or is it not supported by the provider yet? By the way I am very new to these concepts so please do not mind me if I am asking something obvious.
You are correct that as of right now, IoT Sitewise is not supported by Terraform. IoT Sitewise was just launched last month. Terraform is updated regularly with new AWS services, so the best way to find out when it becomes supported is to keep an eye on the AWS Provider Documentation in Terraform's documentation. Search for "IoT" in the navigation pane and it will populate in the search results when they have added support.
You could use the awscc (AWS Cloud Control) provider: https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/iotsitewise_asset. Later on, when it makes it to the official aws provider, you can switch to it.

AWS Amplify & Serverless-Stack

I am currently looking into AWS Amplify as well as I am reading Serverless Stack. My goal is to create a simple ToDo list app. Both "Getting started" / Documentations seem to have the same goal. However, AWS Amplify guide seems to be way easier from the setup.
And that's where I am confused. As far as I understand AWS Amplify also uses DynamoDB and gets data via GraphQL. But where is the difference between these two documentations?
Serverless Stack is a resource providing guidance on how to create serverless applications with AWS. It was created by a company called Anomaly Innovations.
AWS Amplify is an open source framework maintained by AWS which helps developers integrate their applications with AWS resources.
AWS Amplify is a very confusing service and consists of many components. I would categorize as follow.
AWS Amplify Console
AWS Amplify CLI
AWS SDK&Libraries to integrate to your mobile or web
AWS Appsync Transformer
AWS Amplify Console gives you the ability to easily to setup Continous Deployment for your Amplify project. Amplify Console use together with AWS Amplify CLI for you to manage different environments.
Let's say you want to start the Todo App. You start on your local using Amplify CLI and create API Gateway/Lambda/DynamoDB stacks.
Amplify CLI lets you create the whole stack easily and push it to AWS to deploy the whole stack. Then you can create a different environment based on the same stacks, let's say you want your dev environment, and QA environment and production environment.
Amplify CLI gives you all the commands necessary for you to achieve this, then if you want to auto-deploy the change to AWS when someone push the code to your Git repository, you can use the Amplify Console to set up exactly that.
Amplify Console also integrate with AWS Domain so, you can easily point your own domain to any of the environment.
On top of these, Amplify also provides, GraphQL Transformer, which you can easily define the GraphQL schema in Amplify format and it will transform and deploy to AWS Appsync. And there is a Mobile SDK which you can sync data between AppSync and you're mobile and provides some UIs as well.
We used one of our web projects and we liked it for Continues Deployment aspect of the Amplify, but we didn't like the AppSync(GraphQL) aspect of Amplify just b/c it was not easy to implement layered resolver.
Also, keep in mind that Amplify CLI/SDK/Transformer is under one project and it's still very fragile. You can take a look at the version history from https://www.npmjs.com/package/#aws-amplify/cli and you will see few version bump just in a single month. There were many obvious bugs we encounter, even on the AWS Console.
I haven't use the Serverless yet, but as long as I know, Serverless provides No1 and No2 of Amplify with greater stability.

Integrating Github Enterprise with AWS Codepipeline

I have a repository in a [company hosted] GitHub enterprise site that I need to integrate within a CI/CD pipeline in AWS using the CodePipeline service. The CodePipeline service then will connect with a Jenkins Service running in an EC2 instance. I am following this AWS documentation to do this.
Note that this is an enterprise GitHub repo and not hosted on GitHub.com.
I am unable to connect to the GitHub Enterprise site in the "Create a pipeline" wizard. Selecting GitHub as a source only lets me connect to GitHub.com, and not to my organization's enterprise site.
How do I connect to the enterprise GitHub site so that I can add the repo as a source for my codepipeline?
UPDATE: An integration was finally released for github enterprise to work with AWS Codepipeline. Please see this answer by Pedreiro
As Sid Malani said in the comments, there's no straightforward or direct way to use a privately hosted GitHub Enterprise Repository in AWS CodePipeline.
One way would be to use CodeBuild, which allows to add custom github repositories which can then be used in CodePipeline. This, however, should only be considered as a stop-gap solution.
Thank you Sid Malani for the alternative strategy
I doubt AWS will ship this feature anytime soon (hopefully I eat my words) since the workaround is well-documented and works fine. The gist of it can be found here, which I'll summarize as follows:
Create a CodeBuild project (which can take GitHub Enterprise as a source) which essentially just listens to a push event (webhook) of your development or master branch and outputs a .zip file of the source-code into an S3 bucket.
Use the S3 bucket as the source of your CodePipeline.
The official integration was finally released.
https://aws.amazon.com/about-aws/whats-new/2020/09/aws-codepipeline-supports-github-enterprise-server
Here is the documentation:
https://docs.aws.amazon.com/codepipeline/latest/userguide/connections-ghes.html
There is a way to integrate 3rd party Git repos with AWS CodePipeline. AWS suggested the following process. It used S3 buckets and API Gateways and Lambdas to connected Github enterprise repos to CodePipeline. It's not ideal but it can work.
Unofficial: I've heard CodePipeline support for Github Enterprise will be out second half of 2019.