brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(aws,gitlab): improve on tagging

Browse Source
This commit is contained in:
Michele Cereda
2024-10-14 18:08:18 +02:00
parent c8323579a2
commit d2b3aa7c35
2 changed files with 56 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
examples/pulumi/aws/gitlab-runner using docker-autoscaler/index.ts
View File

@@ -171,9 +171,29 @@ const gitlab_runners_launchTemplate = new aws.ec2.LaunchTemplate(
"gitlab-runners", "gitlab-runners",
{ {
name: "GitlabRunners", name: "GitlabRunners",
description: "Gitlab Runner instances managed using the docker-autoscaler executor",
updateDefaultVersion: true,
imageId: ami_amazonLinux_x86_64_latest.apply(amis => amis.id), imageId: ami_amazonLinux_x86_64_latest.apply(amis => amis.id),
vpcSecurityGroupIds: [ gitlab_runners_securityGroup.id ], vpcSecurityGroupIds: [ gitlab_runners_securityGroup.id ],
userData: gitlab_runners_userData.rendered, userData: gitlab_runners_userData.rendered,
tagSpecifications: [
{
resourceType: "instance",
tags: {
Name: "Gitlab Runner",
Owner: "infra@example.org",
Team: "Infra",
},
},
{
resourceType: "volume",
tags: {
Name: "Gitlab Runner",
Owner: "infra@example.org",
Team: "Infra",
},
},
],
}, },
); );
const gitlab_runners_autoScalingGroup = new aws.autoscaling.Group( const gitlab_runners_autoScalingGroup = new aws.autoscaling.Group(
@@ -182,8 +202,13 @@ const gitlab_runners_autoScalingGroup = new aws.autoscaling.Group(
name: "GitlabRunners", name: "GitlabRunners",
tags: [ tags: [
{ {
key: "Owner", key: "AutoScalingGroup",
value: "infra@example.org", value: "GitlabRunners",
propagateAtLaunch: true,
},
{
key: "Executor",
value: "docker-autoscaler",
propagateAtLaunch: true, propagateAtLaunch: true,
}, },
], ],
@@ -214,6 +239,11 @@ const gitlab_runners_autoScalingGroup = new aws.autoscaling.Group(
}, },
}, },
}, },
{
ignoreChanges: [
"desiredCapacity", // managed by autoscaling manager
],
},
); );
// runners - end // runners - end

24
knowledge base/cloud computing/aws/README.md
View File

@@ -16,6 +16,7 @@
1. [Resource constraints](#resource-constraints) 1. [Resource constraints](#resource-constraints)
1. [Access control](#access-control) 1. [Access control](#access-control)
1. [Savings plans](#savings-plans) 1. [Savings plans](#savings-plans)
1. [Resource tagging](#resource-tagging)
1. [Further readings](#further-readings) 1. [Further readings](#further-readings)
1. [Sources](#sources) 1. [Sources](#sources)
@@ -287,6 +288,23 @@ percentages, Savings Plans are applied to the first usage with the lowest Saving
Savings Plans continue to apply until there are no more remaining usages, or one's commitment is exhausted. Any Savings Plans continue to apply until there are no more remaining usages, or one's commitment is exhausted. Any
remaining usage is then charged at the On-Demand rates. remaining usage is then charged at the On-Demand rates.
## Resource tagging
Suggested:
| Tag | Purpose | Example | Notes |
| ----------------------- | ------- | --------------------------------------------------------------- | ----- |
| `Name` | AWS UI | `GitlabRunner` | |
| `Owner` | | `SecurityLead`, `SecOps`, `Workload-1-Development-team` | |
| `BusinessUnitId` | | `Finance`, `Retail`, `API-1`, `DevOps` | |
| `Environment` | | `Sandbox`, `Dev`, `PreProd`, `QA`, `Prod`, `Testing` | |
| `CostCenter` | | `FIN123`, `Retail-123`, `Sales-248`, `HR-333` | |
| `FinancialOwner` | | `HR`, `SecurityLead`, `DevOps-3`, `Workload-1-Development-team` | |
| `ComplianceRequirement` | | `NIST`, `HIPAA`, `GDPR` | |
[Create tag policies][creating organization policies with aws organizations] to enforce values, and to prevent the
creation of non-compliant resources.
## Further readings ## Further readings
- [EC2] - [EC2]
@@ -315,6 +333,9 @@ remaining usage is then charged at the On-Demand rates.
- [Savings Plans user guide] - [Savings Plans user guide]
- [AWS Savings Plans Vs. Reserved Instances: When To Use Each] - [AWS Savings Plans Vs. Reserved Instances: When To Use Each]
- [How can I use AWS KMS asymmetric keys to encrypt a file using OpenSSL?] - [How can I use AWS KMS asymmetric keys to encrypt a file using OpenSSL?]
- [A guide to tagging resources in AWS]
- [Guidance for Tagging on AWS]
- [Creating organization policies with AWS Organizations]
<!-- <!--
Reference Reference
@@ -352,8 +373,10 @@ remaining usage is then charged at the On-Demand rates.
[best practices for tagging aws resources]: https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/tagging-best-practices.html [best practices for tagging aws resources]: https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/tagging-best-practices.html
[connect to the internet using an internet gateway]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html [connect to the internet using an internet gateway]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
[constraints tag]: https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html [constraints tag]: https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html
[creating organization policies with aws organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_policies_create.html
[elastic ip addresses]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html [elastic ip addresses]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
[exporting db snapshot data to amazon s3]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ExportSnapshot.html [exporting db snapshot data to amazon s3]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ExportSnapshot.html
[guidance for tagging on aws]: https://aws.amazon.com/solutions/guidance/tagging-on-aws/
[how can i use aws kms asymmetric keys to encrypt a file using openssl?]: https://repost.aws/knowledge-center/kms-openssl-encrypt-key [how can i use aws kms asymmetric keys to encrypt a file using openssl?]: https://repost.aws/knowledge-center/kms-openssl-encrypt-key
[i'm trying to export a snapshot from amazon rds mysql to amazon s3, but i'm receiving an error. why is this happening?]: https://repost.aws/knowledge-center/rds-mysql-export-snapshot [i'm trying to export a snapshot from amazon rds mysql to amazon s3, but i'm receiving an error. why is this happening?]: https://repost.aws/knowledge-center/rds-mysql-export-snapshot
[nat gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html [nat gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
@@ -367,6 +390,7 @@ remaining usage is then charged at the On-Demand rates.
[what is cloudwatch]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html [what is cloudwatch]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html
<!-- Others --> <!-- Others -->
[a guide to tagging resources in aws]: https://medium.com/@staxmarketing/a-guide-to-tagging-resources-in-aws-8f4311afeb46
[automating dns-challenge based letsencrypt certificates with aws route 53]: https://johnrix.medium.com/automating-dns-challenge-based-letsencrypt-certificates-with-aws-route-53-8ba799dd207b [automating dns-challenge based letsencrypt certificates with aws route 53]: https://johnrix.medium.com/automating-dns-challenge-based-letsencrypt-certificates-with-aws-route-53-8ba799dd207b
[aws config tutorial by stephane maarek]: https://www.youtube.com/watch?v=qHdFoYSrUvk [aws config tutorial by stephane maarek]: https://www.youtube.com/watch?v=qHdFoYSrUvk
[aws savings plans vs. reserved instances: when to use each]: https://www.cloudzero.com/blog/savings-plans-vs-reserved-instances/ [aws savings plans vs. reserved instances: when to use each]: https://www.cloudzero.com/blog/savings-plans-vs-reserved-instances/