forked from simp/inspec-profile-disa_stig-el7
-
Notifications
You must be signed in to change notification settings - Fork 14
/
kitchen.ec2.yml
47 lines (41 loc) · 1.17 KB
/
kitchen.ec2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
---
platforms:
- name: rhel-7
driver:
name: ec2
aws_ssh_key_id: <%= ENV['AWS_SSH_KEY_ID'] %>
user_data: ./user_data.sh
tags:
POC: <%= ENV['POC_TAG'] %>
security_group_ids: <%= ENV['SECURITY_GROUP_IDS'] %>
region: <%= ENV['AWS_REGION'] %>
subnet_id: <%= ENV['SUBNET_ID'] %>
instance_type: t2.large
associate_public_ip: true
transport:
name: ssh
username: <%= ENV['AWS_EC2_USER'] %>
ssh_key: <%= ENV['AWS_EC2_SSH_KEY'] %>
connection_timeout: 10
connection_retries: 5
verifier:
input_files:
- ec2.inputs.yml
reporter:
- cli
- json:spec/results/ec2_%{platform}_%{suite}.json
lifecycle:
post_create:
- remote: |
sudo yum -y install python3-pip
sudo python3 -m pip install --upgrade pip
pre_converge:
- remote: |
echo "NOTICE - Updating the ec2-user to keep sudo working"
sudo chage -d $(( $( date +%s ) / 86400 )) ec2-user
echo "NOTICE - updating ec2-user sudo config"
sudo chmod 600 /etc/sudoers && sudo sed -i'' "/ec2-user/d" /etc/sudoers && sudo chmod 400 /etc/sudoers
transport:
name: ssh
#https://github.com/neillturner/kitchen-ansible/issues/295
max_ssh_sessions: 2