remove dependency on aws-vault

deadlysyn · deadlysyn · commit a529ebb9e35c · 2024-03-31T19:59:18.000-04:00
diff --git a/README.md b/README.md
@@ -39,7 +39,6 @@ Psst: [Need IaC for your Keycloak clients?](https://github.com/deadlysyn/keycloa
 ## Prerequisites
 
 - [aws v2 CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
-- [aws-vault](https://github.com/99designs/aws-vault) installed and configured
 - Docker (container build/deploy)
 - UNIX-like OS (tested on Linux and MacOS)
 
diff --git a/build/Makefile b/build/Makefile
@@ -5,7 +5,7 @@ help:
 	@echo 'Build and Deploy Keycloak'
 	@echo ''
 	@echo 'Requirements:'
-	@echo '  aws, aws-vault, docker, terraform'
+	@echo '  aws, docker, terraform'
 	@echo ''
 	@echo 'Usage:'
 	@echo '  make <target> ENV=<environment_name>'
@@ -18,7 +18,6 @@ help:
 deps:
 	@echo 'Checking dependencies...'
 	@which aws
-	@which aws-vault
 	@which docker
 	@which terraform
 
@@ -28,4 +27,4 @@ build:
 	$(BUILD_CMD)
 
 deploy:
-	$(DEPLOY_CMD)
+	$(DEPLOY_CMD)
diff --git a/build/scripts/do.sh b/build/scripts/do.sh
@@ -5,18 +5,17 @@ set -eu
 BASENAME=$(basename "${0}")
 DIRNAME=$(dirname "${0}")
 REGION="${AWS_REGION}"
-VAULT="aws-vault exec ${AWS_PROFILE} --"
 
 build() {
   docker build -f "${DIRNAME}/../keycloak/Dockerfile" -t "${IMAGE}:latest" "${DIRNAME}/../keycloak"
   docker tag "${IMAGE}:latest" "${REPO}:latest"
 }
 
 deploy() {
-  ${VAULT} aws ecr get-login-password --region "${REGION}" \
+  aws ecr get-login-password --region "${REGION}" \
     | docker login --username AWS --password-stdin "${REPO_HOST}"
   docker push "${REPO}:latest"
-  ${VAULT} aws ecs update-service --region "${REGION}" \
+  aws ecs update-service --region "${REGION}" \
     --force-new-deployment --cluster "${CLUSTER}" --service "${CLUSTER}-svc"
 }
 
diff --git a/docs/bootstrapping.md b/docs/bootstrapping.md
@@ -9,12 +9,9 @@
 ## Bootstrapping
 
 This document covers additional steps required when bootstrapping new environments.
-
 Before continuing, be sure you have installed the [prerequisites](https://github.com/deadlysyn/terraform-keycloak-aws#prerequisites).
 
-Automation wraps aws-vault for security. It needs [installed and configured](https://github.com/99designs/aws-vault#quick-start),
-so be sure you have a working AWS CLI profile and have imported credentials.
-Once CLIs are installed and you have an AWS profile ready, export the following
+Once AWS CLI v2 is installed and you have an AWS profile ready, export the following
 (or use something like [direnv](https://direnv.net) and a top-level `.envrc`
 to export automatically):
 
@@ -23,8 +20,8 @@ export AWS_REGION="<aws_region>"
 export AWS_PROFILE="<aws_profile>"
 ```
 
-The region and profile variables are used by Terraform as well
-as the the build and deploy scripts.
+The region and profile variables are used by Terraform as well as the the build
+and deploy scripts.
 
 ### Preparation
 
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
@@ -11,7 +11,6 @@ or access them using a CLI from your machine.
 
 To follow along you'll need:
 
-- [aws-vault configured](https://github.com/99designs/aws-vault#quick-start)
 - [cw installed](https://www.lucagrulla.com/cw)
 - `AWS_PROFILE` and `AWS_REGION` exported
 
@@ -34,27 +33,27 @@ There is a log group per cluster, with naming convention of
 
 ```console
 # List log groups
-$ aws-vault exec $AWS_PROFILE -- cw --region $AWS_REGION ls groups
+$ cw --region $AWS_REGION ls groups
 /aws/ecs/cluster/n01113a46-keycloak-test
 /aws/ecs/containerinsights/n01113a46-keycloak-test/performance
 /aws/rds/cluster/n01113a46-keycloak-test-rds/error
 RDSOSMetrics
 
 # List log streams
-$ aws-vault exec $AWS_PROFILE -- cw --region $AWS_REGION ls streams /aws/ecs/cluster/n01113a46-keycloak-test
+$ cw --region $AWS_REGION ls streams /aws/ecs/cluster/n01113a46-keycloak-test
 test/keycloak/814585f5-52da-4544-a91c-1356606611af
 test/keycloak/fe353380-f9dd-4ff4-a837-0c309f50f541
 
 # Tail specific stream (isolate a specific container ID)
-$ aws-vault exec $AWS_PROFILE -- cw --region $AWS_REGION tail -f /aws/ecs/cluster/n01113a46-keycloak-test:test/keycloak/814585f5-52da-4544-a91c-1356606611af
+$ cw --region $AWS_REGION tail -f /aws/ecs/cluster/n01113a46-keycloak-test:test/keycloak/814585f5-52da-4544-a91c-1356606611af
 ...
 
 # Tail all streams in group (may be noisy, since it may include sidecars)
-$ aws-vault exec $AWS_PROFILE -- cw --region $AWS_REGION tail -f /aws/ecs/cluster/n01113a46-keycloak-test
+$ cw --region $AWS_REGION tail -f /aws/ecs/cluster/n01113a46-keycloak-test
 ...
 
 # Tail all logs with specified stream prefix (probably what you want)
-$ aws-vault exec $AWS_PROFILE -- cw --region $AWS_REGION tail -f /aws/ecs/cluster/n01113a46-keycloak-test:test/keycloak
+$ cw --region $AWS_REGION tail -f /aws/ecs/cluster/n01113a46-keycloak-test:test/keycloak
 auth-staging-keycloak 2020-10-15 19:26:35,596 INFO  [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync of federation mapper 'group' finished. Status: UserFederationSyncResult [ 0 imported groups, 116 updated groups, 0 removed groups ]
 auth-staging-keycloak 2020-10-15 19:26:35,597 INFO  [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users from LDAP to local store: realm: test, federation provider: test.ldap.domain.tld, last sync time: Thu Oct 15 19:21:35 GMT 2020
 auth-staging-keycloak 2020-10-15 19:26:38,296 INFO  [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (Timer-2) Sync changed users finished: 0 imported users, 0 updated users
diff --git a/environments/template/Makefile b/environments/template/Makefile
@@ -1,7 +1,4 @@
 REGION := $(AWS_REGION)
-VAULT_CMD := aws-vault exec $(AWS_PROFILE) --duration=1h --
-TF_CMD := terraform
-CMD := $(VAULT_CMD) $(TF_CMD)
 
 UNAME := $(shell uname)
 ifeq ($(UNAME), Darwin)
@@ -16,7 +13,7 @@ help:
 	@echo 'Manage Keycloak Infrastructure'
 	@echo ''
 	@echo 'Requirements:'
-	@echo '  aws-vault, terraform'
+	@echo '  terraform'
 	@echo ''
 	@echo 'Usage:'
 	@echo '  make all             create environment with remote state'
@@ -27,11 +24,10 @@ all: deps init applyandmigrate
 
 deps:
 	@echo 'Checking dependencies...'
-	@which aws-vault
 	@which terraform
 
 init:
-	$(CMD) init
+	terraform init
 
 applyprep:
 	@sed $(SED_ARGS) \
@@ -40,11 +36,11 @@ applyprep:
 		-e 's/\(force_destroy.*=\).*/\1 false/g' main.tf
 
 applyandmigrate: applyprep
-	$(CMD) apply -parallelism=20 -auto-approve
-	$(CMD) init -force-copy
+	terraform apply -parallelism=20 -auto-approve
+	terraform init -force-copy
 
 update: applyprep
-	$(CMD) apply -parallelism=20
+	terraform apply -parallelism=20
 
 destroyprep:
 	@sed $(SED_ARGS) \
@@ -53,9 +49,9 @@ destroyprep:
 		-e 's/\(force_destroy.*=\).*/\1 true/g' main.tf
 
 destroy: destroyprep
-	$(CMD) apply -target module.terraform_state_backend -auto-approve
-	$(CMD) init -force-copy
-	$(CMD) destroy -parallelism=20
+	terraform apply -target module.terraform_state_backend -auto-approve
+	terraform init -force-copy
+	terraform destroy -parallelism=20
 
 clean: applyprep
 	@rm -f backend.tf
