This repository has been archived by the owner on Jan 12, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
11 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,17 +1,17 @@ | ||
| version: 1 | ||
| # proxy information | ||
| # You only need to configure this, if you plan on white listing proxy boxes and will need to jump | ||
| # through them to talk to the instances that will live in the cerberus VPC | ||
| # through them to talk to the instances that will live in the Cerberus VPC | ||
| # If your not using a proxy either delete this section or make type = DIRECT for direct connecting | ||
| proxy-config: | ||
| host: localhost | ||
| port: 9000 | ||
| # [DIRECT, HTTP, SOCKS] | ||
| type: SOCKS | ||
|
|
||
| # The name of the envirnment | ||
| # The name of the environment | ||
| environment-name: demo | ||
| # The region the environemnt will run in | ||
| # The region the environment will run in | ||
| region: us-west-2 | ||
| # Costcenter for where to bill provisioned resources. Will be tagged on all resources. | ||
| cost-center: 11111 | ||
|
|
@@ -21,16 +21,16 @@ owner-email: [email protected] | |
| owner-group: cloud platform engineering | ||
|
|
||
| # A IAM role ARN that will be given elevated privileges for the KMS CMK created., | ||
| # If you dont seperate root access from admins just use the root role here | ||
| # If you don't separate root access from admins just use the root role here | ||
| admin-role-arn: arn:aws:iam::111111111:role/onelogin-roles-OneLoginAdminRole-2222222222 | ||
| # The Route 53 hosted zone name that will be created for CNAME records used by internal ELBs. | ||
| vpc-hosted-zone-name: demo.internal.cerberus-oss.io | ||
| # The hostname that will be exposed for cerberus | ||
| # The hostname that will be exposed for Cerberus | ||
| hostname: demo.cerberis-oss.io | ||
| # The hostedZoneId that will allow the registration of the hostname | ||
| hosted-zone-id: X5CT6JROG9F2DR | ||
|
|
||
| # Here we can define the ports and cidrs that we want to allow ingress into the cerberus env VPC | ||
| # Here we can define the ports and CIDRs that we want to allow ingress into the Cerberus env VPC | ||
| # You can add your current ip or proxy boxes here and use the above proxy config | ||
| vpc-access-whitelist: | ||
| ports: | ||
|
|
@@ -77,7 +77,7 @@ gateway: | |
| key-pair-name: cerberus-test | ||
|
|
||
| dashboard: | ||
| # The url of the dashboard artifact, probably the newest release on the dashboard github release page | ||
| # The url of the dashboard artifact, probably the newest release on the dashboard Github release page | ||
| artifact-url: https://github.com/Nike-Inc/cerberus-management-dashboard/releases/download/v0.8.0/cerberus-dashboard.tar.gz | ||
| # The secondary artifact that will get merged into the above artifact before getting uploaded to s3, we use this for custom help page. | ||
| override-artifact-url: https://someplace.com/where/you/want/to/store/this.tar.gz | ||
|
|
@@ -87,13 +87,13 @@ dashboard: | |
| edge-security: | ||
| # The artifact url for the CloudFront Lambda that process CloudFront Logs to enable things like rate limiting and KPI reporting | ||
| cloudfront-lambda-artifact-url: https://github.com/Nike-Inc/cerberus-cloudfront-lambda/releases/download/v1.1.0/cerberus-cloudfront-lambda.jar | ||
| # The artifact url to the lambda that ensures only CloudFront IPs are whitelisted to talk to the origin ELB | ||
| # The artifact url to the lambda that ensures only CloudFront IPs are white listed to talk to the origin ELB | ||
| cloudfront-security-group-ip-sync-lambda-artifact-url: https://github.com/Nike-Inc/cerberus-lifecycle-cli/raw/master/update_security_groups.zip | ||
| # The maximum number of requests from an IP per minute that can flow through the gateway before being auto blocked. | ||
| rate-limit-per-minute: 100 | ||
| # Time in minutes to block an ip that violates the rate limit. | ||
| rate-limit-violation-block-period-in-minutes: 60 | ||
| # [Optional delete if you do not need] If you provide a Google Analytics tracking id, the KPI processer will send events to that GA Account. | ||
| # [Optional delete if you do not need] If you provide a Google Analytics tracking id, the KPI processor will send events to that GA Account. | ||
| google-analytics-tracking-id: abc123 | ||
| # [Optional delete if you do not need] If you provide a web hook url for slack the cloudfront lambda will send messages on errors and summary info. | ||
| slack-web-hook-url: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX | ||
|
|
||