README update, IAM update for AWS Marketplace

in4it · Jun 5, 2024 · 74483e6 · 74483e6
1 parent f9729a8
commit 74483e6
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 1 deletion.
diff --git a/README-install.md b/README-install.md
@@ -38,4 +38,16 @@ To change the configuration, upload a configuration yaml file to the s3 bucket (
 aws s3 cp resources/example-proxy/mocky.yaml s3://roxprox-examplecom/config/mocky.yaml
 ```
 
-To test the installation, hit the newly created loadbalancer endpoint with curl or a browser.
+To test the installation, hit the newly created loadbalancer endpoint with curl or a browser. If you used the example, you can use curl:
+```
+curl http://example.com -v -H "Host: test.example.com"
+```
+
+## Notes
+
+* No sensitive information is stored.
+* The configuration in your S3 bucket
+* The envoy config file is in the parameter store
+* TLS on the loadbalancer is enabled, encryption at rest of the configuration and s3 bucket can be configured
+* No cryptographic keys need to be rotated, you can use KMS as the key store
+* To verify container health, go to the ECS console and check whether the roxprox and envoy tasks are running. Use the logs in Cloudwatch Logs to see if no errors are present
diff --git a/terraform/iam.tf b/terraform/iam.tf
@@ -118,6 +118,13 @@ resource "aws_iam_role_policy" "roxprox-task-role" {
         "sqs:DeleteMessage"
       ],
       "Resource": "${aws_sqs_queue.roxprox-notifications.arn}"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "aws-marketplace:RegisterUsage"
+      ],
+      "Resource": "*"
     }
   ]
 }

diff --git a/terraform/templates/roxprox.json.tmpl b/terraform/templates/roxprox.json.tmpl
@@ -69,6 +69,12 @@
              "hostPort": 8080,
              "protocol": "tcp"
           }
+       ],
+       "environment" : [
+         {   
+             "name" : "PROD_CODE",
+             "value" : "dcd3uon2t2eff1rt7wmptmeoo"
+         }
        ]
     }
   ]