AWS

Overview

Amazon Web Services, Inc. (AWS) provides on-demand cloud computing platforms and APIs. The AWS App integration with Tempest allows you to manage several key AWS resources, providing a comprehensive set of tools for cloud infrastructure management.

Available Resources

• CodeBuild Project: Allows configuration of a link between a GitHub Repository and an AWS CodeBuild Project, facilitating CI build pipelines.
  • CodeBuild Trigger: Allows programmatically generating build images based on the configuration defined by the Project.
• ECR Repository: Supports creation and management of AWS ECR Repositories, primarily used to store images built by CodeBuild.
• Elasticache Redis: Allows management of Elasticache Redis instances within AWS.
• Fargate Service: Enables the creation and management of containerized applications using AWS Fargate, including configuration of CPU, memory, networking, and scaling options.
• RDS Instance: Supports the creation and management of database instances in Amazon Relational Database Service (RDS), with options for different database engines, versions, and instance classes.
• Route53 Zone: Allows management of DNS zones in AWS Route53, supporting both public and private hosted zones.
  • Route53 Record: This includes the ability to create and manage individual DNS records within these zones.
• S3 Bucket: Enables the creation and configuration of S3 buckets for object storage, including options for versioning and regional placement.

Authentication

AWS Access Key

In order to allow Tempest to orchestrate and manage AWS resources, the AWS App currently supports API Key authentication using an AWS Access Key. This includes the AWS Key ID, as well as the Secret Access Key.

To authenticate:

1. Generate an AWS Access Key following the instructions available here.
   1. Note: Make sure your access key has read, create, and delete accesses to the services or resources you expect to manage for Tempest. For example, if you want your key to manage Elasticache Redis in Tempest, ensure your AWS IAM roles and policies allow for those policies.
2. Go to Recipes and either click “Create Recipe” or select a pre-existing recipe.
3. Click an existing AWS resource in your recipe, or add a new resource by selecting “+” next to your preferred environment and selecting an AWS resource.
4. Select “Add credentials” and then “+Link credentials.”
5. Select “Access Key.”
6. Input a name for your credential. This will be used to identify the credential when you authenticate.
7. Input the Access Key ID and the Secret Access Key.
8. Select “Connect.”

Resources

The following AWS resources can be managed in Tempest.

CodeBuild Project

A CodeBuild Project resource represents a configuration link between a GitHub Repository and an AWS CodeBuild Project. This is a parent resource of CodeBuild Trigger.

Create Input

• Region (required): A string field that specifies the AWS region where the resource will be created. The default value is "us-east-1". This field uses a data source to populate available regions.
• Repository (required): A string field representing the full name of the repository. An example value would be "org/repo". By default, this field will be autofilled with the Project’s GitHub repository's full name.

Properties

Name	Description
Public Key	The public key associated with the Build configuration and the generated Deploy Key.
Secret ARN	The unique identifier for the Private Key within AWS.
Region	The AWS region where the resource is located.

CodeBuild Trigger

A CodeBuild Trigger resource can be linked to a CodeBuild Project. Creating a Trigger will result in a single run of the CodeBuild pipeline. This is a sub-resource of CodeBuild Project.

Create Input

• Region (required): A string field that specifies the AWS region where the resource will be created. The default value is "us-east-1". This field uses a data source to populate available regions.
• Repository (required): A string field representing the full name of the repository. An example value would be "org/repo". This field will be autofilled with the GitHub repository's full name.
• ECR Repository URI (required): A string field containing the URI of the Docker registry to push the built image(s) to. An example value would be "123456789012.dkr.ecr.us-east-1.amazonaws.com/repo". This field will be autofilled with the first AWS ECR repository resource in the Recipe.
• Branch: A string field specifying the branch to build. If not provided, it defaults to the target repository's default branch.
• Commit Hash: A string field representing the specific commit hash to build. If not provided, it defaults to the newest commit in the specified branch.
• Dockerfile: The relative path to the Dockerfile in the repository. Default is "Dockerfile."

Properties

Name	Description
Image (Fully Qualified)	The fully qualified image name that was built. Example: 1234567890.dkr.ecr.us-west-2.amazonaws.com/image:tag
Images	An array of strings containing the images that were built.
ID	The unique identifier for the build.
ARN	The unique Amazon Resource Name (ARN) that identifies the resource within AWS.
Region	The AWS region where the resource is located.

ECR Repository

An ECR Repository resource represents an Elastic Container Registry Repository in AWS.

Create Input

• Region (required): A string field that specifies the AWS region where the resource will be created. The default value is "us-east-1". This field uses a data source to populate available regions.
• Name (required): A string field for the name of the ECR repository. A random identifier will be appended to ensure uniqueness. Example: "tempest-managed-repository". This field will be auto-suggested with the GitHub repository name, but can be changed as desired.
• Image Tag Mutability: A string field to set the tag mutability for the repository. Options are "MUTABLE" (default) or "IMMUTABLE".

Properties

Name	Description
ARN	The unique Amazon Resource Name (ARN) that identifies the resource within AWS.
Name	The name of the repository.
URI	The URI to the repository.
Image Tag Mutability	The tag mutability setting for the repository.
Region	The AWS region where the resource is located.

Elasticache Redis

An Elasticache Redis resource will create and manage a single Redis instance within AWS.

Create Input

• Region (required): A string field that specifies the AWS region where the resource will be created. The default value is "us-east-1". This field uses a data source to populate available regions.
• Name (required): A string field for the name of the Redis instance. A random identifier will be appended to ensure uniqueness. The default value is "tempest-managed-redis".
• Size: An integer field specifying the size of the instance in GB. The minimum value is 1 GB, with a default of 1 GB.

Properties

Name	Description
ARN	The unique Amazon Resource Name (ARN) that identifies the resource within AWS.
Name	The name of the Elasticache instance.
Endpoint	The endpoint of the Elasticache instance.
Status	Indicates the current status of the Elasticache instance.
FQDN	The fully qualified domain name (FQDN) of the Elasticache instance.
Region	The AWS region where the resource is located.

Fargate Service

A Fargate Service resource will generate all of the required components to launch a container image within Fargate in AWS.

Create Input

• Region (required): A string field that specifies the AWS region where the resource will be created. The default value is "us-east-1". This field uses a data source to populate available regions.
• Name (required): A string field for the name of the service to launch in AWS Fargate. Example: "my-service". This field will be auto-suggested with the GitHub repository name.
• Image (required): A string field for the Docker image to launch in AWS Fargate. Example: "nginx:latest". This field can be auto-filled from an AWS CodeBuild Trigger image.
• VPC (required): A string field to select the VPC where the service will launch. Example: "vpc-12345678". This field uses a data source to populate available VPCs based on the selected region.
• Desired Instances: An integer field specifying the number of instances to launch in AWS Fargate. The minimum value is 1, with a default of 1.
• Visibility: A string field to set the visibility of the service. Options are "private" (default) or "public". Public services are assigned a public IP address.
• CPU: An integer field for CPU units to allocate for the service. Options are 256, 512, 1024, 2048, or 4096, with a default of 256.
• Memory: An integer field for memory in MB to allocate for the service. Options are 512, 1024, 2048, 3072, or 4096, with a default of 512.
• Port: An integer field for the port to expose in the container. The value must be between 1 and 65535, with a default of 8080.

Properties

Name	Description
Addresses	An array of IP addresses associated with the service.
ARN	The unique Amazon Resource Name (ARN) that identifies the resource within AWS.
Cluster ARN	The Amazon Resource Name (ARN) of the cluster that the service is associated with.
Desired Instance Count	The desired number of instances to run.
Name	The name of the service.
Primary Address	The primary address of the service. If the service has a Public Address, this will be the Public Address. Otherwise, it will be the first address in the Addresses array.
Region	The AWS region where the resource is located.
Running Instance Count	The number of instances that are currently running.
Status	The current status of the service.
Public DNS Names	An array of public DNS names of the service.
Private DNS Names	An array of private DNS names of the service.
FQDN	The fully qualified domain name (FQDN) of the service.

RDS Instance

An RDS Instance resource represents a single database instance hosted in Amazon Relational Database Service (RDS).

Create Input

• Region (required): A string field that specifies the AWS region where the resource will be created. The default value is "us-east-1". This field uses a data source to populate available regions.
• Name: A string field for the name of the database instance. A random identifier will be appended to ensure uniqueness. The default value is "tempest-managed-instance".
• Database Version: A string field to select the database version. Options include various versions of MySQL and PostgreSQL, with PostgreSQL 15 as the default.
• Size: An integer field specifying the size of the instance in GB. The minimum value is 1 GB, with a default of 20 GB.
• Database Instance Class (required): A string field to select the class for the database instance. The default value is "db.t3.micro". This field uses a data source to populate available instance classes.

Properties

Name	Description
ARN	The unique Amazon Resource Name (ARN) that identifies the resource within AWS.
Address	The endpoint address of the instance.
Port	The port number on which te instance accepts connections.
Name	The name of the instance.
Engine	The name of the database engine.
Engine Version	The version of the database engine.
Instance Class	The instance class of the instance.
Storage	The amount of storage allocated to the instnce in GB.
Region	The AWS region where the resource is located.

Route53 Zone

A Route53 Zone represents a DNS zone served by AWS Route53. This can be a private or public zone. This is a parent resource of Route53 Record.

Create Input

• DNS Name (required): A string field for the DNS name of the zone. Example: "example.com".
• Description: A string field for the description of the zone. Default value is "Managed by Tempest."
• Visibility: A string field to set the visibility of the zone. Options are "private" (default) or "public".
• Region: A string field that specifies the AWS region where the resource will be created. Required only for private zones. This field uses a data source to populate available regions.
• VPC: A string field to select the VPC to associate with the private hosted zone. Required only for private zones. This field uses a data source to populate available VPCs based on the selected region.

Properties

Name	Description
ARN	The unique Amazon Resource Name (ARN) that identifies the resource within AWS.
Domain Name	The domain name of the hosted zone.
Hosted Zone ID	The ID of the hosted zone.

Route53 Record

An individual record within a specified Parent Route53 Zone. This is a sub-resource of a Route53 Zone.

Create Input

• Name (required): A string field for the name of the record to create. This is the domain name for the record, without the domain suffix. If not provided, a random name will be generated.
• Record Type (required): A string field to specify the record type. Options are "A", "AAAA", "CNAME", or "TXT". The default value is "CNAME".
• Target (required): An array of strings representing the content of the record. For CNAME records, this should be a fully-qualified domain name. For A or AAAA records, this should be an IP address. At least one item is required.
• TTL: An integer field for the TTL (time-to-live) value of the record in seconds. The value must be between 1 and 86400, with a default of 300 seconds.

Properties

Name	Description
FQDN	The fully qualified domain name of the record.
Record Contents	An array of DNS records in this set.
TTL	The time-to-live of the record in seconds.
Type	The record type.

S3 Bucket

A single S3 Bucket in AWS Simple Storage Service (S3).

Create Input

• Region (required): A string field that specifies the AWS region where the resource will be created. The default value is "us-east-1". This field uses a data source to populate available regions.
• Name: A string field for the name of the bucket. A random identifier will be appended to ensure uniqueness. The default value is "tempest-managed-bucket".
• Versioning: A boolean field to enable or disable versioning for the bucket. The default value is false.

Properties

Name	Description
ARN	The unique Amazon Resource Name (ARN) that identifies the resource within AWS.
Bucket Domain Name	The bucket domain name. This is the domain of the S3 endpoint used to access the bucket.
Region	The AWS region where the bucket is located.