fixed missing error handling when importing ssh users

kainepro · May 3, 2017 · f517bf1 · f517bf1
1 parent ebaf472
commit f517bf1
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 9 deletions.
diff --git a/ec2/ec2-auto-recovery.yaml b/ec2/ec2-auto-recovery.yaml
@@ -251,7 +251,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}

diff --git a/ecs/cluster.yaml b/ecs/cluster.yaml
@@ -255,6 +255,27 @@ Resources:
             - 'sqs:DeleteMessage'
             - 'sqs:ReceiveMessage'
             Resource: !GetAtt 'AutoScalingGroupLifecycleHookQueue.Arn'
+  IAMPolicySSHAccess:
+    Type: 'AWS::IAM::Policy'
+    Condition: HasIAMUserSSHAccess
+    Properties:
+      Roles:
+      - !Ref Role
+      PolicyName: 'iam-ssh'
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+        - Effect: Allow
+          Action:
+          - 'iam:ListUsers'
+          Resource:
+          - '*'
+        - Effect: Allow
+          Action:
+          - 'iam:ListSSHPublicKeys'
+          - 'iam:GetSSHPublicKey'
+          Resource:
+          - !Sub 'arn:aws:iam::${AWS::AccountId}:user/*'
   ALBSecurityGroup:
     Type: 'AWS::EC2::SecurityGroup'
     Properties:
@@ -439,6 +460,9 @@ Resources:
                 files:
                 - '/etc/newrelic/nrsysmond.cfg'
         ssh-access:
+          packages:
+            yum:
+              'aws-cli': []
           files:
             '/opt/authorized_keys_command.sh':
               content: !Sub |
@@ -455,7 +479,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: !Sub |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   if id -u "$User" >/dev/null 2>&1; then
                     echo "$User exists"

diff --git a/jenkins/jenkins2-ha-agents.yaml b/jenkins/jenkins2-ha-agents.yaml
@@ -546,7 +546,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}
@@ -1191,7 +1191,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}

diff --git a/jenkins/jenkins2-ha.yaml b/jenkins/jenkins2-ha.yaml
@@ -452,7 +452,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}

diff --git a/security/auth-proxy-ha-github-orga.yaml b/security/auth-proxy-ha-github-orga.yaml
@@ -389,7 +389,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}

diff --git a/vpc/vpc-nat-instance.yaml b/vpc/vpc-nat-instance.yaml
@@ -282,7 +282,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}

diff --git a/vpc/vpc-ssh-bastion.yaml b/vpc/vpc-ssh-bastion.yaml
@@ -222,7 +222,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}

diff --git a/wordpress/wordpress-ha.yaml b/wordpress/wordpress-ha.yaml
@@ -404,7 +404,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}