At Fluid Attacks, we have integrated our platform into the AWS Marketplace to facilitate its acquisition. Below is a detailed description of the infrastructure and configuration required to manage the platform on the AWS Marketplace.
The relevant repository can be found at this link.
idp.tf: Configures identity providers for Okta and GitLab.
Okta: Allows users with assigned roles to access the AWS console.
GitLab: Allows the GitLab runner to assume the necessary role for Terraform deployment permissions.
main.tf and outputs.tf: General configuration files that define Terraform resources and outputs.
main.tf: Specifies the resources to be scared.
otputs.tf: Defines the outputs that can be used by other modules or for reference.
roles.tf: Defines roles and permissions in the AWS account.
MarketplaceAdmin: Full access to Billing and the Marketplace. Assigned to marketing and product management personnel.
Admin: Full access to the account. Exclusively assigned to one person for any administrative needs.
Development: Allows the Terraform test runner to have read-only permissions.
Deployment: Allows the Terraform production runner to have the necessary read and write permissions.
IntegratesMarketplaceCrossAccount: Allows Integrates to connect with the Marketplace API and integrate from the platform.
sops.tf: Configuration of KMS keys for using SOPS and storing encrypted secrets in the repository.
SOPS (Secret Operations): Tool for managing and encrypting secrets.
KMS (Key Management Service): AWS service for managing cryptographic keys.
sqs.tf: Configuration of an SWS queue to receive messages from AWS SNS resources when a product is created in the Marketplace.
Use of SWS (Simple Queue Service): Message queue that enables decoupling and scaling of microservices, distributed systems, and serverless applications.
Received Messages: Updates on user subscriptions, renewals, cancellations, modifications, etc.
state.tf: Manages the Terraform state.
Backend: Configuration of state storage in a remote backend, such as an S3 bucket.
storage.tf: Configuration of a public S3 bucket to store files necessary for product configuration.
Public Files: Logo, terms of use, and other configuration files that must be publicly accessible.
users.tf: Creation of users for Okta integration with the account via SAML.
SAML (Security Assertion Markup Language): Protocol for single sign-on (SSO) in login systems.
variables.tf: Configuration file that defines the variables used in other Terraform files.
Defined Variables: Reusable parameters to avoid repetition and facilitate configuration management.
With detailed insights into each component, users can ensure smooth integration and operation.