Comments (10)
@BohdanPetryshyn yes, that is the case. The AWS API will simply deny e.g. ec2:RunInstances
operations or similar (depending on the SCP)
from basti.
We need to add tags configuration to both interactive mode and CLI arguments.
In the interactive mode, we need to introduce an optional "Advanced configuration" step, where the user will input custom tags one by one.
For the CLI arguments, we can add a --tags
argument that will accept values aws ec2 create-tags
command accepts (docs).
I think using the same tags for all the resources created by Basti should be enough for the first implementation. We can add the ability to set separate tags for each resource later if needed.
@DrFunk-n-stein what do you think?
from basti.
@BohdanPetryshyn it's rather uncommon to set different set of tag-keys for resources that belong together.
Adding different tags per resource is super optional in my eyes and one-set-for-all should cover us well 👍
from basti.
As this will be moving to cdk or terraform anyways, we could use stack-tags (CF/CDK) or default tags (tf, aws provider) to male this easier and consistent (later ofc - not necessary for the first iteration)
from basti.
@DrFunk-n-stein sounds like a really valuable enhancement! Currently, the only option is to set the tags manually after setting up the bastion instance with basti init
. This is actually the solution we use at my current company.
This feature will be added to Basti CLI when the turn comes according to the current priorities.
Meanwhile, I'd like to ask you if you're using any infrastructure-as-code solution. Basti setup using CDK construct will be introduced very soon (#48). The Basti Terraform module will come next.
from basti.
The solution you mentioned with manual applying of tags won't work in any setup that enforces tags via Service Control Policies+Tagging Policies, that's why I mentioned it explicitely.
And... you know lazy devs: many of them will simply forget adding tags (I'm thinking of setups at scale with several teams and different knowledge levels), so you could end up with a zoo of stopped bastion hosts that accumulate cost (-> e.g. EBS volumes).
from basti.
To be honest, I have never used SCPs or Tagging Policies before. Does this mean that you cannot run basti init
at all because resources without specific tags cannot be created? If that is the case, the feature seems to be of high priority, and I will try to implement a solution ASAP. Providing the tags to the basti init command as a JSON file appears to be the best minimal valuable solution here.
from basti.
I just started work on the CDK implementation. I was considering whether to add native support for adding tags. But seeing this, I'll add support for it. The additional work is negligible.
from basti.
Thank you, @bobveringa!
from basti.
Hey @DrFunk-n-stein 👋
Custom tags support was introduced in v1.4.0
. I'd really love to know if this helps in the situations you described above!
from basti.
Related Issues (20)
- Document required permissions to run basti init HOT 1
- Support multiple simultaneous connections
- First-class EC2 support
- Bug report, Feature request and PR templates HOT 1
- Improve error messages structure HOT 2
- AWS CDK Support HOT 26
- Instance randomly not connecting to SSM HOT 15
- Optionally setting instance family of EC2 instance HOT 6
- basti: Permissions too broad HOT 1
- basti: Store configuration in ~/.basti HOT 2
- basti-cdk: Instance has insufficient permissions HOT 1
- basti: Add option to save logs HOT 2
- Monorepo versioning HOT 2
- Please specify a preferred security contact HOT 2
- homebrew formula to use `brew install basti`
- Documentation site
- Default Encryption for ec2 instances volumes HOT 2
- shell completion issue HOT 6
- mismatched arch session-manager-plugin got bundled HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from basti.