From 74483e6106784147d07ead74d8f58e24293e7332 Mon Sep 17 00:00:00 2001
From: Edward Viaene <ward@in4it.io>
Date: Wed, 5 Jun 2024 15:47:56 -0500
Subject: [PATCH] README update, IAM update for AWS Marketplace

---
 README-install.md                     | 14 +++++++++++++-
 terraform/iam.tf                      |  7 +++++++
 terraform/templates/roxprox.json.tmpl |  6 ++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/README-install.md b/README-install.md
index e4102aa..53d6850 100644
--- a/README-install.md
+++ b/README-install.md
@@ -38,4 +38,16 @@ To change the configuration, upload a configuration yaml file to the s3 bucket (
 aws s3 cp resources/example-proxy/mocky.yaml s3://roxprox-examplecom/config/mocky.yaml
 ```
 
-To test the installation, hit the newly created loadbalancer endpoint with curl or a browser.
\ No newline at end of file
+To test the installation, hit the newly created loadbalancer endpoint with curl or a browser. If you used the example, you can use curl:
+```
+curl http://example.com -v -H "Host: test.example.com"
+```
+
+## Notes
+
+* No sensitive information is stored.
+* The configuration in your S3 bucket
+* The envoy config file is in the parameter store
+* TLS on the loadbalancer is enabled, encryption at rest of the configuration and s3 bucket can be configured
+* No cryptographic keys need to be rotated, you can use KMS as the key store
+* To verify container health, go to the ECS console and check whether the roxprox and envoy tasks are running. Use the logs in Cloudwatch Logs to see if no errors are present
\ No newline at end of file
diff --git a/terraform/iam.tf b/terraform/iam.tf
index defb725..1790ef4 100644
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -118,6 +118,13 @@ resource "aws_iam_role_policy" "roxprox-task-role" {
         "sqs:DeleteMessage"
       ],
       "Resource": "${aws_sqs_queue.roxprox-notifications.arn}"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "aws-marketplace:RegisterUsage"
+      ],
+      "Resource": "*"
     }
   ]
 }
diff --git a/terraform/templates/roxprox.json.tmpl b/terraform/templates/roxprox.json.tmpl
index 786e7f9..bc9be2f 100644
--- a/terraform/templates/roxprox.json.tmpl
+++ b/terraform/templates/roxprox.json.tmpl
@@ -69,6 +69,12 @@
              "hostPort": 8080,
              "protocol": "tcp"
           }
+       ],
+       "environment" : [
+         {   
+             "name" : "PROD_CODE",
+             "value" : "dcd3uon2t2eff1rt7wmptmeoo"
+         }
        ]
     }
   ]
\ No newline at end of file