aws-deployer - npm Package Compare versions

Comparing version 0.0.1 to 0.0.2

lib/aws.js

@@ -16,6 +16,6 @@ 'use strict';
 
-var AWS = function Aws(config) {
+var AWS = function Aws(aws_profile, config) {
 
     if (!(this instanceof Aws)) {
-        return new Aws(config);
+        return new Aws(aws_profile, config);
     }
@@ -25,2 +25,4 @@
 
+    aws.config.credentials = new aws.SharedIniFileCredentials({ profile: aws_profile });
+
     this.autoscaling = new aws.AutoScaling(config);
@@ -27,0 +29,0 @@ this.ec2 = new aws.EC2(config);

lib/deploy.js

@@ -5,2 +5,3 @@ 'use strict';
 var async = require('async');
+var fs = require('fs');
 var uuid = require('node-uuid');
@@ -10,2 +11,3 @@ var util = require('util');
 var SSH2Shell = require ('ssh2shell');
+var osenv = require('osenv');
 var aws = require('./aws.js');
@@ -20,6 +22,36 @@
     this.config = config;
-    this.aws = aws(config.aws);
 
+    if(!config.aws){
+        config.aws = {};
+    }
+
+    if(!config.aws.region){
+        config.aws.region = 'us-east-1';
+    }
+    if(!config.aws.sslEnabled){
+        config.aws.sslEnabled = true;
+    }
+    if(!config.aws.maxRetries){
+        config.aws.maxRetries = 2;
+    }
+    if(!config.aws.convertResponseTypes){
+        config.aws.convertResponseTypes = true;
+    }
+    if(!config.aws.apiVersion){
+        config.aws.apiVersion = '2014-11-11';
+    }
+
+    this.aws = aws(config.aws_profile, config.aws);
+
+    if(!config.pem){
+        var pem_location = osenv.home() + '/.aws/' + config.aws_profile + '.pem';
+        if(fs.existsSync(pem_location)){
+            config.pem = fs.readFileSync(pem_location);
+        }else{
+            throw('PEM was not passed in and does not exist at ' + pem_location);
+        }
+    }else{
+        config.pem = config.pem.replace(/\\n/g,"\n");
+    }
     this.emit('ready', config);
-
 };
@@ -152,3 +184,3 @@
                         userName:     ssh.username,
-                        privateKey:   ssh.pem.replace(/\\n/g,"\n")
+                        privateKey:   ssh.pem
                     },
@@ -155,0 +187,0 @@ commands:      command.split(';'),

package.json

 {
   "name": "aws-deployer",
-  "version": "0.0.1",
+  "version": "0.0.2",
   "description": "Handles automated deployment to all servers in an AWS autoscaling group.",
@@ -16,2 +16,3 @@ "main": "index.js",
     "node-uuid": "^1.4.3",
+    "osenv": "^0.1.3",
     "ssh2shell": "^1.4.1"
@@ -18,0 +19,0 @@ },

README.md

@@ -8,3 +8,17 @@ # AWS Deployer
 
+## Setup
+In order to have things working properly a few different setup items need to be handled.  The primary reason for this is to ensure the AWS resources are properly setup for [secure access](http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs).
 
+* A directory at ~/.aws.  If you have the aws-cli tools installed this directory should already be created.
+* In the ~/.aws directory, a profile file called "credentials" should be created.
+* Add a new profile item with your access information.
+
+```
+[my-profile]
+aws_access_key_id = key
+aws_secret_access_key = secret
+```
+
+*  Using the profile name from the credentials file, copy the pem to a file in the directory called my-profile.pem.  
+
 ## Sample Usage
@@ -30,7 +44,9 @@
 {
-	aws : 'The sandard configuration options for the aws-sdk',
-	pem : 'String value of the AWS pem that is required to connect to the servers.'
+	aws : 'The standard configuration options for the aws-sdk.  This is not required',
+	pem : 'String value of the AWS pem that is required to connect to the servers. This is not required',
+	aws_profile : 'name of the profile to use.'
 }
 ```
 
+> NOTE: The AWS IAM User will need to have EC2ReadOnly access.
 
@@ -128,13 +144,4 @@ ##Public Functions
 var config = {
-    aws : {
-        accessKeyId: process.env.AWS_KEY ,
-        secretAccessKey: process.env.AWS_SECRET,
-        region: "us-east-1",
-        maxRetries: 2,
-        sslEnabled: true,
-        convertResponseTypes: true,
-        apiVersion: "2014-11-11"
-    },
-    pem : process.env.AWS_PEM
-};
+    aws_profile : 'my-profile'
+    };
 
@@ -145,3 +152,3 @@ var Deploy = require('aws-deployer')(config);
     "parallel_groups": "availability_zone",
-    "auto_scaling_groups": "SQL-Proxy-ASG",
+    "auto_scaling_groups": "My-AutoScaling-Group-Name",
     "command" : "sudo su;cd /data/application;git reset --hard;git pull;npm install;pm2 reload all;pm2 jlist;"
@@ -148,0 +155,0 @@ };

sample.js

 
 var config = {
-    aws : {
-        accessKeyId: process.env.AWS_KEY ,
-        secretAccessKey: process.env.AWS_SECRET,
-        region: "us-east-1",
-        maxRetries: 2,
-        sslEnabled: true,
-        convertResponseTypes: true,
-        apiVersion: "2014-11-11"
-    },
-    pem : process.env.AWS_PEM
+    aws_profile: 'smarterservices-deployment'
 };
@@ -14,0 +5,0 @@

New alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Improved metrics

Total package byte prevSize

29294

increased by5.26%

Lines of code

612

increased by3.73%

Number of lines in readme file

209

increased by3.47%

Number of low supply chain risk alerts

1

decreased by-66.67%

Worsened metrics

Dependency count

6

increased by20%

Dependency changes

• + Addedosenv@^0.1.3

• + Addedos-homedir@1.0.2(transitive)

• + Addedos-tmpdir@1.0.2(transitive)

• + Addedosenv@0.1.5(transitive)