diff --git a/.github/workflows/test-environment.yml b/.github/workflows/test-environment.yml index e9634ab14c..01ee949409 100644 --- a/.github/workflows/test-environment.yml +++ b/.github/workflows/test-environment.yml @@ -311,9 +311,3 @@ jobs: if: github.event.inputs.cleanup-env == 'true' run: | just delete-cloud-env ${{ env.DEPLOYMENT_NAME }} '' "false" - - - name: Tag CNVM Instance - if: github.event.inputs.cleanup-env == 'false' - env: - STACK_NAME: "${{ env.CNVM_STACK_NAME}}" - run: just create-cnvm-stack-tags ${{ env.AWS_REGION}} ${{ env.STACK_NAME }} '${{ env.AWS_DEFAULT_TAGS }} Key=owner,Value=${{ github.actor }}' diff --git a/deploy/cloudformation/elastic-agent-ec2-cnvm.yml b/deploy/cloudformation/elastic-agent-ec2-cnvm.yml index ec9d250b58..864e68f645 100644 --- a/deploy/cloudformation/elastic-agent-ec2-cnvm.yml +++ b/deploy/cloudformation/elastic-agent-ec2-cnvm.yml @@ -33,6 +33,11 @@ Parameters: Description: The version of elastic-agent to install Type: String +Conditions: + UseElasticTags: !Equals + - !Ref "AWS::AccountId" + - 704479110758 + Resources: # Security Group for EC2 instance @@ -134,6 +139,26 @@ Resources: - !Ref "AWS::StackId" - Key: Task Value: Vulnerability Management Scanner + - Key: division + Value: !If + - UseElasticTags + - engineering + - AWS::NoValue + - Key: org + Value: !If + - UseElasticTags + - security + - AWS::NoValue + - Key: team + Value: !If + - UseElasticTags + - cloud-security + - AWS::NoValue + - Key: project + Value: !If + - UseElasticTags + - cloudformation + - AWS::NoValue ImageId: !Ref LatestAmiId InstanceType: !Ref InstanceType IamInstanceProfile: !Ref ElasticAgentInstanceProfile diff --git a/deploy/cloudformation/elastic-agent-ec2-cspm.yml b/deploy/cloudformation/elastic-agent-ec2-cspm.yml index c19f2b806f..64450befd7 100644 --- a/deploy/cloudformation/elastic-agent-ec2-cspm.yml +++ b/deploy/cloudformation/elastic-agent-ec2-cspm.yml @@ -33,6 +33,11 @@ Parameters: Description: The version of elastic-agent to install Type: String +Conditions: + UseElasticTags: !Equals + - !Ref "AWS::AccountId" + - 704479110758 + Resources: # Security Group for EC2 instance @@ -102,6 +107,26 @@ Resources: - !Ref "AWS::StackId" - Key: Task Value: Cloud Security Posture Management Scanner + - Key: division + Value: !If + - UseElasticTags + - engineering + - AWS::NoValue + - Key: org + Value: !If + - UseElasticTags + - security + - AWS::NoValue + - Key: team + Value: !If + - UseElasticTags + - cloud-security + - AWS::NoValue + - Key: project + Value: !If + - UseElasticTags + - cloudformation + - AWS::NoValue ImageId: !Ref LatestAmiId InstanceType: !Ref InstanceType IamInstanceProfile: !Ref ElasticAgentInstanceProfile diff --git a/justfile b/justfile index 622d7740f9..817b511f25 100644 --- a/justfile +++ b/justfile @@ -6,7 +6,6 @@ kustomizeEksOverlay := "deploy/kustomize/overlays/cloudbeat-eks" kustomizeAwsOverlay := "deploy/kustomize/overlays/cloudbeat-aws" cspPoliciesPkg := "github.com/elastic/csp-security-policies" hermitActivationScript := "bin/activate-hermit" -AWS_DEFAULT_TAGS := 'Key=division,Value=engineering Key=org,Value=security Key=team,Value=cloud-security-posture Key=project,Value=test-environments' # use env var if available export LOCAL_GOARCH := `go env GOARCH` @@ -130,9 +129,6 @@ deploy-dm: delete-dm name: gcloud deployment-manager deployments delete {{name}} -q -create-cnvm-stack-tags region stack_name tags=(AWS_DEFAULT_TAGS): - ./scripts/add_cnvm_tags.sh {{region}} {{stack_name}} '{{tags}}' - build-kibana-docker: node scripts/build --docker-images --skip-docker-ubi --skip-docker-centos -v diff --git a/scripts/add_cnvm_tags.sh b/scripts/add_cnvm_tags.sh deleted file mode 100755 index d4f5b388c7..0000000000 --- a/scripts/add_cnvm_tags.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/env bash -# Script: add_cnvm_tags.sh -# Description: This script retrieves the instance ID of an EC2 instance -# associated with a CloudFormation stack and applies tags to it. -# Usage: ./scripts/add_cnvm_tags.sh -# -# Arguments: -# : The AWS region where the CloudFormation stack is deployed. -# : The name of the CloudFormation stack. -# : Tags to be applied to the EC2 instance, provided as a single string -# with each key-value pair separated by spaces. -# -# Example: -# ./scripts/add_cnvm_tags.sh eu-west-1 cnvm-sanity-test-stack "Key=division,Value=engineering Key=org,Value=security Key=team,Value=cloud-security-posture" - -set -euo pipefail - -# Maximum timeout in seconds -max_timeout=300 - -# Elapsed time in seconds -elapsed_time=0 - -# Sleep time in seconds -sleep_time=10 - -# AWS region provided as the first argument -aws_region=${1:?AWS region not provided} - -# Stack name provided as the second argument -stack_name=${2:?Stack name not provided} - -# Tags provided as the third argument -tags=${3:?Tags not provided} - -# Initialize instance_id variable -instance_id="" - -# Loop until instance ID is retrieved or timeout is reached -while [ -z "$instance_id" ]; do - instance_id=$(aws cloudformation describe-stack-resources --region "$aws_region" --stack-name "$stack_name" --query 'StackResources[?ResourceType==`AWS::EC2::Instance`].PhysicalResourceId' --output text) - echo "Waiting for instance ID..." - - # Check if instance ID is retrieved and break the loop - if [ -n "$instance_id" ]; then - break - fi - - # Check if timeout is reached and exit the loop - if [ "$elapsed_time" -ge "$max_timeout" ]; then - echo "Timeout reached. Exiting..." - break - fi - - # Sleep for the specified duration - sleep "$sleep_time" - elapsed_time=$((elapsed_time + sleep_time)) -done - -echo "$instance_id" - -# If instance ID is retrieved, create tags for the instance -if [ -n "$instance_id" ]; then - aws ec2 create-tags --region "$aws_region" --resources "$instance_id" --tags $tags -fi