The highest tagged major version is v2.

extension-aws

command module

v1.2.0 Latest Latest Go to latest Published: Aug 5, 2022 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/steadybit/extension-aws

Links

Open Source Insights

README ¶

Steadybit extension-aws

A Steadybit discovery and attack implementation to inject HTTP faults into various AWS services.

Capabilities

Amazon Elastic Cloud Compute (EC2)
- Attacks
  - State change of EC2 instances, e.g., stop, hibernate, terminate and reboot.
Amazon Relational Database Service (RDS)
- Discoveries
  - RDS instances
- Attacks
  - Reboot of RDS instances

Configuration

The process requires valid access credentials to interact with various AWS APIs.

When Deployed in AWS EKS

IAM Policy

Create an IAM policy called steadybit-extension-aws with the following content. You can optionally restrict for which resources the extension may become active by tweaking the Resource clause.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "rds:RebootDBCluster",
        "rds:ListTagsForResource",
        "rds:RebootDBInstance",
        "rds:DescribeDBInstances",
        "rds:DescribeDBClusters"
      ],
      "Resource": "*"
    },

    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeTags",
        "ec2:StopInstances",
        "ec2:RebootInstances",
        "ec2:TerminateInstances"
      ],
      "Resource": "*"
    }
  ]
}

IAM Role

An IAM role is necessary that the AWS extension Kubernetes pod can assume in order to interact with the AWS APIs.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Principal": {
                "Federated": "arn:aws:iam::{{AWS account number}:oidc-provider/{{OpenID Connect provider URL without scheme}}"
            },
            "Condition": {
                "StringEquals": {
                    "{{OpenID Connect provider URL without scheme}}:aud": [
                        "sts.amazonaws.com"
                    ],
                    "{{OpenID Connect provider URL without scheme}}:sub": [
                      "system:serviceaccount:{{Kubernetes namespace}}:{{Kubernetes service account name}}"
                    ]
                }
            }
        }
    ]
}

Deployment

We recommend that you deploy the extension with our official Helm chart. Please note that the Steadybit AWS agent currently needs to be configured to interact this the AWS extension.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
extec2
extrds
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL