From 94f9af9f86f761c74a3b3f60f002682e7802ac93 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 6 May 2025 23:30:15 -0400 Subject: [PATCH] add certs --- buildspecs/census-pki.bundle.crt | 267 +++++++++++++++++++++++++++++++ buildspecs/deploy.terragrunt.yml | 11 ++ buildspecs/security.yml | 11 ++ buildspecs/terragrunt.yml | 11 ++ 4 files changed, 300 insertions(+) create mode 100644 buildspecs/census-pki.bundle.crt diff --git a/buildspecs/census-pki.bundle.crt b/buildspecs/census-pki.bundle.crt new file mode 100644 index 0000000..8aacf3b --- /dev/null +++ b/buildspecs/census-pki.bundle.crt @@ -0,0 +1,267 @@ +-----BEGIN CERTIFICATE----- +MIIFSDCCBDCgAwIBAgIJAMn9gqHMdnl3MA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD +VQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxGzAZBgNVBAoTElUuUy4gQ2Vuc3Vz +IEJ1cmVhdTEiMCAGA1UECxMZVGVsZWNvbW11bmljYXRpb25zIE9mZmljZTEaMBgG +A1UEAxMRY2EudGNvLmNlbnN1cy5nb3YxIDAeBgkqhkiG9w0BCQEWEWNhQHRjby5j +ZW5zdXMuZ292MB4XDTEyMDgxNTE2MTM0OFoXDTMyMDgxMDE2MTM0OFowgZ8xCzAJ +BgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEbMBkGA1UEChMSVS5TLiBDZW5z +dXMgQnVyZWF1MSIwIAYDVQQLExlUZWxlY29tbXVuaWNhdGlvbnMgT2ZmaWNlMRow +GAYDVQQDExFjYS50Y28uY2Vuc3VzLmdvdjEgMB4GCSqGSIb3DQEJARYRY2FAdGNv +LmNlbnN1cy5nb3YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSqB5S +s674S6Hnpnl+/cT3OLrUCmuM1KZs+Uo5EsFcZzm4Me/XiF8izGSydFtAKFRbyyk5 +j/K5WLGxo7Ix6eCA1PZXWu6aJOfMmPRb1LaeIst1IlSCpjUoZ8pl60fjYLtbEK79 +STM/nrdV0E2EqcJu7dfzMB1oK96NG6tu8C7m7UgIbSv15NDapgDhyril6J4wVQJU +DOUGRbWjv0Qo6Re0NPBkRFf3owToopNQlQSGZU2UnUehheqXPzk4VQisPrhcVsbg +iu4c98gjtGHK1k2DyJOwsFq2hWmAByLZLJXR7pTqv7Ue8gogFl/ggbvuWrKlVmCh +wKln1pPSLYZ/txTZAgMBAAGjggGDMIIBfzA4BgNVHR8EMTAvMC2gK6AphidodHRw +Oi8vY2EuYXBwcy50Y28uY2Vuc3VzLmdvdi9jZXJ0cy9jcmwwHQYDVR0OBBYEFA8x +pgy5aVvXWgTVO8E7yyO3kp9yMIHUBgNVHSMEgcwwgcmAFA8xpgy5aVvXWgTVO8E7 +yyO3kp9yoYGlpIGiMIGfMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQx +GzAZBgNVBAoTElUuUy4gQ2Vuc3VzIEJ1cmVhdTEiMCAGA1UECxMZVGVsZWNvbW11 +bmljYXRpb25zIE9mZmljZTEaMBgGA1UEAxMRY2EudGNvLmNlbnN1cy5nb3YxIDAe +BgkqhkiG9w0BCQEWEWNhQHRjby5jZW5zdXMuZ292ggkAyf2Cocx2eXcwDwYDVR0T +AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwLwYDVR0RBCgwJoERY2FAdGNvLmNlbnN1 +cy5nb3aCEWNhLnRjby5jZW5zdXMuZ292MA0GCSqGSIb3DQEBBQUAA4IBAQCLNU9/ +OxA2adbFXwiAh8XztL3MN7OUeXasSKtSDo00Ays/Sph1DXkUozSwx3B2JHtfrMj+ +A64qzjRm/Y7sDaM4SFa+Y3rdt7U9UY2UxQLo92zHQMqIbQhrdKBTiCVMrBvBzwWg +SI7KPi2lel499yb0vH/I6czuyQNTuYzHAsufYKeMMq4CeiBbboAegClpYJi5jJLl +dFQZpDUwSs+Pfb95CjPlfc0V3AH6GazbS3BNMMghECpL4rF0m7F7L3nDCklx1PsC +z2chyETY1X74Cg3D1mFV3iUjIvr6+eIZDQ3BStGwFjzxmdH2U2yh1nJnJzNXka9g +lUpluNENkgVZmOys +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0zCCA7ugAwIBAgITLgAAAA+ydH8TcbjZAgAAAAAADzANBgkqhkiG9w0BAQwF +ADBsMRMwEQYKCZImiZPyLGQBGRYDR292MRYwFAYKCZImiZPyLGQBGRYGQ2Vuc3Vz +MQwwCgYDVQQLEwNUQ08xDDAKBgNVBAsTA1BLSTEhMB8GA1UEAxMYVVMgQ2Vuc3Vz +IEJ1cmVhdSBSb290IENBMB4XDTIyMDkyMjE0NDQwOFoXDTI3MDkyMjE0NTQwOFow +YTETMBEGCgmSJomT8ixkARkWA2dvdjEWMBQGCgmSJomT8ixkARkWBmNlbnN1czES +MBAGCgmSJomT8ixkARkWAmFkMR4wHAYDVQQDExVVUyBDZW5zdXMgQnVyZWF1IENB +IDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiUqJa4e90dNdAFC0W +ju9arRst3FchtNxT0ZPdg/2UpDFN35PFBQ4G1RJxGVGuhpkRmqLdtI9t9BQHZ/tk +QZ6ELJRJVxQMPONBuoXlUbnS3CHwDT5+YIvVZr3jHjv96tq6C2SYJ1BNeqDYjhdK +gF3WXUJpb6lbAwZtv7aHZUSVXcnW/hCkfI2aRZoGXCcgi6hbcJRC74HCGW0eLtCZ +M0Y5+lEGdKLAOiIsl4kea+34Uh5eHjIp9LHCicIfx+5RT5xor4hOJldu2pOmjzrg +FBCz59/5wZHIyQCHOu92p/VGO9eeCxCDlT8DWa78c2HjCnf0FvymlxoHPdH89Rhv +idPFAgMBAAGjggF3MIIBczAQBgkrBgEEAYI3FQEEAwIBAjAjBgkrBgEEAYI3FQIE +FgQUFE9/OhOsohsjHyLcCd1NqTNkdQYwHQYDVR0OBBYEFMSLwaPcjo2CqYcxhzj8 +U1q1Px/KMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAP +BgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFMdeIHdBm/YaIFKQSuoag5Pxw6se +MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9wa2kudGNvLmNlbnN1cy5nb3YvQ2Vy +dEVucm9sbC9VUyUyMENlbnN1cyUyMEJ1cmVhdSUyMFJvb3QlMjBDQS5jcmwwZQYI +KwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklodHRwOi8vcGtpLnRjby5jZW5zdXMu +Z292L0NlcnRFbnJvbGwvVVMlMjBDZW5zdXMlMjBCdXJlYXUlMjBSb290JTIwQ0Eu +Y3J0MA0GCSqGSIb3DQEBDAUAA4ICAQCdYsU2TVWTAzVjqPqlO+PtxTcoDxBjlvo+ +L519/iTxzlcz0Kiao83fGhsSitzNf0LsSTOWrAuCprX0sn5If4pasZKqVp+ZJnjF +H9Wpi/4gsaCtvY3V4Hm5ZS1BffUHrre/kR//pn9f2Axu3tTVfHNAEVr0kRvq9wPD +yMe5BzLtm9amOwFvAYP/69zXk4ig88mbOmXjK+EC5AUzwBhg9oI/Kv2AeLbKx+nr +DuguMe6RCp4NXBS1X3/cjRN37+ayJEHynFdWKiVNcvxABVFLGVHBA4fMD9kTjT2a +cf413mhywUcVTfpoj/94Kcqvl3oxgHWGIig9RWExMkvmrkYT5hGqfws+NIGrCGaZ +GA0cUYAY5cbkAg8If3Htt4aSCdTu6g/RbatMFND2GURO2fHPajBILBiDxCJM6OmT +SUQPghQC3QvE48CM5J6KAjPosGh8Ay454FhKv0ShvhKTaHzN6anBih8AbwU5G8iP +XeoNY+jZbkv1gBJ4J+8nffm1n5aFbssbxazppqTLpFDXimduWUxSXZbjwGGwHc7G +FmLj14c8og+ItE+meToVXt6oFSF9hkri5Lmanen9SqU9IPgxiTv91olwmXW6d/3Y +D202odbWVpAIIjiVJngfyOulCeEQsz5WjmPyIjFkXNz8NiwAJSJu1XtBtAMdaCDe +6z6OUG7UaQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF1jCCA76gAwIBAgITLgAAAAmcP+bslIv04AAAAAAACTANBgkqhkiG9w0BAQwF +ADBsMRMwEQYKCZImiZPyLGQBGRYDR292MRYwFAYKCZImiZPyLGQBGRYGQ2Vuc3Vz +MQwwCgYDVQQLEwNUQ08xDDAKBgNVBAsTA1BLSTEhMB8GA1UEAxMYVVMgQ2Vuc3Vz +IEJ1cmVhdSBSb290IENBMB4XDTE5MDgwNjE1MDc0NVoXDTI0MDgwNjE1MTc0NVow +YTETMBEGCgmSJomT8ixkARkWA2dvdjEWMBQGCgmSJomT8ixkARkWBmNlbnN1czES +MBAGCgmSJomT8ixkARkWAmFkMR4wHAYDVQQDExVVUyBDZW5zdXMgQnVyZWF1IENB +IDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiUqJa4e90dNdAFC0W +ju9arRst3FchtNxT0ZPdg/2UpDFN35PFBQ4G1RJxGVGuhpkRmqLdtI9t9BQHZ/tk +QZ6ELJRJVxQMPONBuoXlUbnS3CHwDT5+YIvVZr3jHjv96tq6C2SYJ1BNeqDYjhdK +gF3WXUJpb6lbAwZtv7aHZUSVXcnW/hCkfI2aRZoGXCcgi6hbcJRC74HCGW0eLtCZ +M0Y5+lEGdKLAOiIsl4kea+34Uh5eHjIp9LHCicIfx+5RT5xor4hOJldu2pOmjzrg +FBCz59/5wZHIyQCHOu92p/VGO9eeCxCDlT8DWa78c2HjCnf0FvymlxoHPdH89Rhv +idPFAgMBAAGjggF6MIIBdjAQBgkrBgEEAYI3FQEEAwIBATAjBgkrBgEEAYI3FQIE +FgQUNDptGIuzWncMER7QFKnL+JZPMwswHQYDVR0OBBYEFMSLwaPcjo2CqYcxhzj8 +U1q1Px/KMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAS +BgNVHRMBAf8ECDAGAQH/AgEBMB8GA1UdIwQYMBaAFMdeIHdBm/YaIFKQSuoag5Px +w6seMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9wa2kudGNvLmNlbnN1cy5nb3Yv +Q2VydEVucm9sbC9VUyUyMENlbnN1cyUyMEJ1cmVhdSUyMFJvb3QlMjBDQS5jcmww +ZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklodHRwOi8vcGtpLnRjby5jZW5z +dXMuZ292L0NlcnRFbnJvbGwvVVMlMjBDZW5zdXMlMjBCdXJlYXUlMjBSb290JTIw +Q0EuY3J0MA0GCSqGSIb3DQEBDAUAA4ICAQAvLJiXBncvqEq2WjU4CtvB+g9GKgna +MIeu8D41/BdkhTpLR/Cus6Oq+N18cCyyBHNCPS4pz/cDzyzQvNMIDTP7tpcTwEfc +QW/WgPvfJtEmzOaRtNeSBBci1bySX4OMKnzB9ZQbGphaqYaVAG6n+NLCkg1MSvqK +cexAf8wkAJyjx2YOUh+xqwhXRE6UKlc9TVK0b2anVtg4FLNiUznZ6KerEKXx/wxv +XvOZRAY902P2FIRY9qbkEdAshNSA5HlY27pbdH4eZCTyk5uSTlIZQRtngL6w1Gy8 +Xh70AIv+kj38iKp8N4VgksHWS0Viw3Cg4h+3/hY08E/uLCzUKjdZt9I46bM1YKMv +K2LUA8xrWp0IN+wcdp2UUrAlVSHEp6LW+NR+VHtl0QiMYjXA+AvkoRvcoEotgeZP +mqfK9auR+3WiDUrkVLzPoPMQHWE9QXt+eErzBh+YXqqvPgPBGqA25CGwzyrs8iBT +jlhbJArFNO6KzQUwyf/Vw3dwX5oOebGuoh+KX9yRaN+q1ZqqWL1Jn40NXF8KQyLk +Ro4c9m+fpkTWhuxW6zW8YIbnmtNDk2X3YfAY1dIKAUIW24Si0SMka8pC2d9qaL2m +fyD0JoF+49cPDtTNHsUP5QR3a+JjqAT8haladoSyiNmO24ysueI7sg9A+zY8oJrM +Gi2tB39Jg7J6/w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0zCCA7ugAwIBAgITLgAAABDGRuhzKgVoqQAAAAAAEDANBgkqhkiG9w0BAQwF +ADBsMRMwEQYKCZImiZPyLGQBGRYDR292MRYwFAYKCZImiZPyLGQBGRYGQ2Vuc3Vz +MQwwCgYDVQQLEwNUQ08xDDAKBgNVBAsTA1BLSTEhMB8GA1UEAxMYVVMgQ2Vuc3Vz +IEJ1cmVhdSBSb290IENBMB4XDTIyMDkyMjE0NDUxN1oXDTI3MDkyMjE0NTUxN1ow +YTETMBEGCgmSJomT8ixkARkWA2dvdjEWMBQGCgmSJomT8ixkARkWBmNlbnN1czES +MBAGCgmSJomT8ixkARkWAmFkMR4wHAYDVQQDExVVUyBDZW5zdXMgQnVyZWF1IENB +IDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFLt4b/8hnKu0yk7IC +C0qY8gAF20DZrbE6rILe2quYeSQcztIw3H6K2+uAsvpCRjRc4+ra+bKQWLpTv5gP +6l6iDMlun3po1+Qqlga4S4/kJMoYP52AbcdHog33vdvpmtRhL2WLBdHfXLfahVx3 +OB1WkrZMFP4T3L4mTo8SW4abdIf5Q7SmClrHzy+znv4jhKEU9tiY7NXJBCINETx3 +5B8PE8F0r1s0Mv+yhoDHWk2Poa/rC+CrXZ+NdzWfI2ajUc1Nb2b+6f4Wrpc9qC+a +kxYywDcrUoGnwqJYDoIFZY2ErqTQUw7JGQkG/i+7gYs+VaHPcD3DNQq3iFzab26I +0vG5AgMBAAGjggF3MIIBczAQBgkrBgEEAYI3FQEEAwIBAjAjBgkrBgEEAYI3FQIE +FgQUxgMHEbdrxtDC64yaqubXVeW060owHQYDVR0OBBYEFOpnUT2Oc868n6qxmUrj +FdfUn3tOMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAP +BgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFMdeIHdBm/YaIFKQSuoag5Pxw6se +MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9wa2kudGNvLmNlbnN1cy5nb3YvQ2Vy +dEVucm9sbC9VUyUyMENlbnN1cyUyMEJ1cmVhdSUyMFJvb3QlMjBDQS5jcmwwZQYI +KwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklodHRwOi8vcGtpLnRjby5jZW5zdXMu +Z292L0NlcnRFbnJvbGwvVVMlMjBDZW5zdXMlMjBCdXJlYXUlMjBSb290JTIwQ0Eu +Y3J0MA0GCSqGSIb3DQEBDAUAA4ICAQB/Kn2/ohaTr4XDgu5msLiKzjA3Rqb4Wf4r +FmzpJXcaB9N4Tyg19qgZ9l57AVDO6DWlXBENY+FXERe/qrvhFawZqActT7dPqJJv +Z30hwBcXc8ELjNxVp54MDJfd2oHUkXwJ46i1GphHfie0Q/csoraRpf/DjXuaruxM +Vgt4Roo6zBGf2nSCfqVLR2NZ93orfSybg5g2eutYuftkd5tzbcxdhHlTlhhbNpIV +quVaT46hN1h/q1bMmS4bGBdLUQggY5BtY9RM4gDhcyh1K8k5auM+uPyWqnnd10wI +vuRSu2zNueWlqVstSTbnZdf138nssj+MzN8xcmn+mXH7z8COXwhJLBKRr7Xg7l7G +UMmc86eYbmpphs3LhzZNMooAGUedm15Ln1u9wgywtP6CbpvBVIcSxmjJeiN6bXy6 +dtbZCCziijO1UehOqc81jZy/jdG158D0WfOumNkx1biGwZ/YR+oGslaSkMr58e/7 +abPBMlQmDwvlTWeiUqMZJAzNHk13c8jSeMtaGXtE9D9Sv2oPVGwjeB2krn1Lb8uU +YeEl0YmQ2W1GpoYC4zU7gnnNjSbLr13L8Gjsmk9FYy4HWDRgJvAvF2O3DldldxP2 +MurPmXriFtEUNo4e1UKJciPJlYChWz1/0Hwncab8AWaw3MPkyYpELKis+vTELriO +iHAYOPwOJg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF1jCCA76gAwIBAgITLgAAAApfi2u0+zjcuQAAAAAACjANBgkqhkiG9w0BAQwF +ADBsMRMwEQYKCZImiZPyLGQBGRYDR292MRYwFAYKCZImiZPyLGQBGRYGQ2Vuc3Vz +MQwwCgYDVQQLEwNUQ08xDDAKBgNVBAsTA1BLSTEhMB8GA1UEAxMYVVMgQ2Vuc3Vz +IEJ1cmVhdSBSb290IENBMB4XDTE5MDgwNjE1MDc0M1oXDTI0MDgwNjE1MTc0M1ow +YTETMBEGCgmSJomT8ixkARkWA2dvdjEWMBQGCgmSJomT8ixkARkWBmNlbnN1czES +MBAGCgmSJomT8ixkARkWAmFkMR4wHAYDVQQDExVVUyBDZW5zdXMgQnVyZWF1IENB +IDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFLt4b/8hnKu0yk7IC +C0qY8gAF20DZrbE6rILe2quYeSQcztIw3H6K2+uAsvpCRjRc4+ra+bKQWLpTv5gP +6l6iDMlun3po1+Qqlga4S4/kJMoYP52AbcdHog33vdvpmtRhL2WLBdHfXLfahVx3 +OB1WkrZMFP4T3L4mTo8SW4abdIf5Q7SmClrHzy+znv4jhKEU9tiY7NXJBCINETx3 +5B8PE8F0r1s0Mv+yhoDHWk2Poa/rC+CrXZ+NdzWfI2ajUc1Nb2b+6f4Wrpc9qC+a +kxYywDcrUoGnwqJYDoIFZY2ErqTQUw7JGQkG/i+7gYs+VaHPcD3DNQq3iFzab26I +0vG5AgMBAAGjggF6MIIBdjAQBgkrBgEEAYI3FQEEAwIBATAjBgkrBgEEAYI3FQIE +FgQU6ZLQoy5LJaVqTI5Em9TBptKdLmAwHQYDVR0OBBYEFOpnUT2Oc868n6qxmUrj +FdfUn3tOMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAS +BgNVHRMBAf8ECDAGAQH/AgEBMB8GA1UdIwQYMBaAFMdeIHdBm/YaIFKQSuoag5Px +w6seMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9wa2kudGNvLmNlbnN1cy5nb3Yv +Q2VydEVucm9sbC9VUyUyMENlbnN1cyUyMEJ1cmVhdSUyMFJvb3QlMjBDQS5jcmww +ZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklodHRwOi8vcGtpLnRjby5jZW5z +dXMuZ292L0NlcnRFbnJvbGwvVVMlMjBDZW5zdXMlMjBCdXJlYXUlMjBSb290JTIw +Q0EuY3J0MA0GCSqGSIb3DQEBDAUAA4ICAQCYQm6VusLYzHy9PM0P4dSkHSUVGug+ +8Q/Gn1qQ+pejTpx0fR+pxq8DP8Ua3qgWsIz3scrONairxWVUW5AA4E0VXU0fO6n+ +4DLdJnwwIEIkV410p5w79l9Dl2NiI31Ijv0Y8PwEzXmcSvcz1Qc05TyRV+1yv6Uh +nHfnu4kHXj26NOOsPjrEJ60l0tcOT4p3edkwYRf3XzQ19k4ITEBeYF76y1FX8H+W +RTIjQNr8BXUVt+afJZXgUgSB0xHfSRBhTUXiFvKbs1BpICNQmhbFIaz7GJZkvx9r +b+7Um2EQNIQKxoe4rG4mar62Ux3k0i9o8O9nccQSl9VCuSvTyCmtpKpsKRRitMf2 +vBQ9D14p5pzDdFZQC75B8lkibXpuk8fQ3/CIMqK4547wIO8tgz4wqN8ID4tEBgqZ +Fot9XSJpDAZHYKx5GWVwKmhqwefACqqASjHR8NVakAd3EkcQ06SEzGYTTq2duWhi +fOxpJKtMtw9JTfbOG9Az28rRWGCk1vVHmtkVHApD3XdAV3RG6w/AqjNu/IY70fmd +wULhegJxbVdQucgwR4WyNbx7hCJYvoEyL5L7ZQwBpFXHnOI7wJFGw2eo5xIUehUS +4jPpb2OolWHEOjMkEkRfgfrJsnt/blpKXRmYRFUd1+c5VBOtsaYv3iYArxZziQxf +pR508zEDCd9cRQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF1DCCA7ygAwIBAgITLgAAAA4zbBR3VlxWyAAAAAAADjANBgkqhkiG9w0BAQwF +ADBsMRMwEQYKCZImiZPyLGQBGRYDR292MRYwFAYKCZImiZPyLGQBGRYGQ2Vuc3Vz +MQwwCgYDVQQLEwNUQ08xDDAKBgNVBAsTA1BLSTEhMB8GA1UEAxMYVVMgQ2Vuc3Vz +IEJ1cmVhdSBSb290IENBMB4XDTIyMDIyODE3NTUxOFoXDTI3MDIyODE4MDUxOFow +YjETMBEGCgmSJomT8ixkARkWA2dvdjEWMBQGCgmSJomT8ixkARkWBmNlbnN1czET +MBEGCgmSJomT8ixkARkWA2VhZDEeMBwGA1UEAxMVVVMgQ2Vuc3VzIEJ1cmVhdSBD +QSAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA+7bWM9ZExFO/ZN +uFodd+ktg0TWojeV8QJTYAdtwzMquqDl/zMLgkHPD8xC730qMdKB6Df74i3moN5c +6h9S087T0tdf02U0J95AfO06oZiaGNzq/zacINhfbxWf2ZAyZCiwpcQL3w3uAjS1 +MK++iC8ZWDBnd5z64ewCDFS8d9FD5RrJ0GxGCcC4IJ8DyhOq7i3a/Td29wLTP1wz +QuFLVD/5JFWirqnJwgqVVEUdzf8ZK3MSk9DAZcIjY/mIZgnnZ+ukcD0TtYkOnPU7 +j7EGeqo6Jby3T75p4x3uRlNaEKAqXBqiu7bVx+T0cTtuJEjtw4l/8WEGEFGI6Jfs +0Du9+QIDAQABo4IBdzCCAXMwEAYJKwYBBAGCNxUBBAMCAQEwIwYJKwYBBAGCNxUC +BBYEFE2wPwIWNvlAbZy05X4kklJu09q8MB0GA1UdDgQWBBQgeDnrT+0C8IDam1yA +6LKRQtYpxDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTHXiB3QZv2GiBSkErqGoOT8cOr +HjBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vcGtpLnRjby5jZW5zdXMuZ292L0Nl +cnRFbnJvbGwvVVMlMjBDZW5zdXMlMjBCdXJlYXUlMjBSb290JTIwQ0EuY3JsMGUG +CCsGAQUFBwEBBFkwVzBVBggrBgEFBQcwAoZJaHR0cDovL3BraS50Y28uY2Vuc3Vz +Lmdvdi9DZXJ0RW5yb2xsL1VTJTIwQ2Vuc3VzJTIwQnVyZWF1JTIwUm9vdCUyMENB +LmNydDANBgkqhkiG9w0BAQwFAAOCAgEAjDWz6k+6ModUkHRJgTjv8nHfPJv1qI9d +WUejF3YSwU6ExE44C5C2oEXPtEAWR+LiEsW+U4ZZ8Zgi/F5qI3AblQbNXDplAbo/ +6UoKeieBftV5cf7WgbdFoVFuX2HppSVrDQPf4t6DpCM6qVs8/EIrBQOeKhVckhB1 +XgiuFTb3sRoOmWvRramBf3xp7WJ1P4T76gBUg2I6GMFV3EO/mv8XWM9QzFZ1nFOQ +z8/zRa1x53WuAc36d8ESGqL0ZxjNjSNU/HtpJnwtYj3hzJIsYgm938nU5p1diF00 +C89+a0CKkVnL7JW6tC8MQqnyE7TBBWjSmssxa4FHT753W/NaU6JVIJqOwuGTTenv +bQlHi+NxfqL0alNXX3ukUNDPB5XfGWCEBMGZ9xUNDXdxTS7lJzZGAddjqu94e5gd +KgDiEq52RQgkbZ8d+DYwpo/4XY7rj/bC4jvVXUhVd8E/NAbzTSo3VppK0pi/wDri +lm4p8WlzrCoGTVPeiZdCApa/bOoaq+X7/vN4HDUakJZFEPfxIwznfJbDEu7hrVE3 +fck3YuSBrQx6yYtmpLEnybaB5so0w+djeswxBVQSlBODYhrMFW+l3VIRa9PqHQWw +8TvAglbHxFUWWtlHBbwXgVdOqAVlh1LHU8mfbtkY8D4h+iXk+4nvBY1aKdDaZFTB +kDgqyXZwIww= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFsjCCA5qgAwIBAgITLgAAAAvaREPe3QGJiAAAAAAACzANBgkqhkiG9w0BAQwF +ADBsMRMwEQYKCZImiZPyLGQBGRYDR292MRYwFAYKCZImiZPyLGQBGRYGQ2Vuc3Vz +MQwwCgYDVQQLEwNUQ08xDDAKBgNVBAsTA1BLSTEhMB8GA1UEAxMYVVMgQ2Vuc3Vz +IEJ1cmVhdSBSb290IENBMB4XDTE5MDgwNjE1MDc0MVoXDTI0MDgwNjE1MTc0MVow +YjETMBEGCgmSJomT8ixkARkWA2dvdjEWMBQGCgmSJomT8ixkARkWBmNlbnN1czET +MBEGCgmSJomT8ixkARkWA2VhZDEeMBwGA1UEAxMVVVMgQ2Vuc3VzIEJ1cmVhdSBD +QSAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA+7bWM9ZExFO/ZN +uFodd+ktg0TWojeV8QJTYAdtwzMquqDl/zMLgkHPD8xC730qMdKB6Df74i3moN5c +6h9S087T0tdf02U0J95AfO06oZiaGNzq/zacINhfbxWf2ZAyZCiwpcQL3w3uAjS1 +MK++iC8ZWDBnd5z64ewCDFS8d9FD5RrJ0GxGCcC4IJ8DyhOq7i3a/Td29wLTP1wz +QuFLVD/5JFWirqnJwgqVVEUdzf8ZK3MSk9DAZcIjY/mIZgnnZ+ukcD0TtYkOnPU7 +j7EGeqo6Jby3T75p4x3uRlNaEKAqXBqiu7bVx+T0cTtuJEjtw4l/8WEGEFGI6Jfs +0Du9+QIDAQABo4IBVTCCAVEwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFCB4 +OetP7QLwgNqbXIDospFC1inEMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsG +A1UdDwQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEBMB8GA1UdIwQYMBaAFMdeIHdB +m/YaIFKQSuoag5Pxw6seMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9wa2kudGNv +LmNlbnN1cy5nb3YvQ2VydEVucm9sbC9VUyUyMENlbnN1cyUyMEJ1cmVhdSUyMFJv +b3QlMjBDQS5jcmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklodHRwOi8v +cGtpLnRjby5jZW5zdXMuZ292L0NlcnRFbnJvbGwvVVMlMjBDZW5zdXMlMjBCdXJl +YXUlMjBSb290JTIwQ0EuY3J0MA0GCSqGSIb3DQEBDAUAA4ICAQCGmm3uxuTvZcWm +ihlWtSa/0H88MM3ubcOAqYmNHWCzynemR9CxUZfuR/qi8HvRKHm5HwDVT1LtL3Wf +K+9Lc7mcBHStZUdNgINVsqZzNi1L54v/UD3lAu79M/yh16DREvEnWLlc1CUhti+Q +P6aooRfF1VIAzoNZz3iUBj43uRJLewYhlFYRy8GFzRhoKJ/HNZI9nqlV7notKtvV +P2Ae++stlTGzrUEYi91tgJdoSOKweDg4EDjEr4y51yY2l8eJJTXtRRIMDdtv1wbF +XVpxcbWDvAFmYKFjpspaEiD3gAEdSDGcCv23KGFxZCMw5Chblg2drWCSCbJQ2VE/ +XiHcHGxrTQVru+ocZgEqH600BDAC+/nrVP1lJyfKsY2KUh9X/vzbAbx7r45l7LJh +Q173miuG1Hjm60OEtUsNobtVOG/TCxqHflRuMgVK5mGb00Hu5SxMel/ma5bhvWCS +ZQIYEIwo2b6GBicTuhHhBo0e4BdA3vvz8WroUTiezmMo8BveyYViqyWFCB26Wvhy +NB4pfg+GFfTl0wiHSpc1RfBFuoohkGgUMt0ci0jJp1ofb6MeK+p3DqBfKyhQiz+7 +EsgudLUeALpj38b5mWjvN17YBby5suRJnH8lv7+Z1nooo+MqapZZyrRu56PtEBJM +3m7NDAL9JACMk8yF5WDToKtcPuTgpg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIQGVCQdFyalIVHZ1OchWiMYDANBgkqhkiG9w0BAQwFADBs +MRMwEQYKCZImiZPyLGQBGRYDR292MRYwFAYKCZImiZPyLGQBGRYGQ2Vuc3VzMQww +CgYDVQQLEwNUQ08xDDAKBgNVBAsTA1BLSTEhMB8GA1UEAxMYVVMgQ2Vuc3VzIEJ1 +cmVhdSBSb290IENBMB4XDTE5MDcyNTE4MTAyOVoXDTI5MDcyNTE4MjAyN1owbDET +MBEGCgmSJomT8ixkARkWA0dvdjEWMBQGCgmSJomT8ixkARkWBkNlbnN1czEMMAoG +A1UECxMDVENPMQwwCgYDVQQLEwNQS0kxITAfBgNVBAMTGFVTIENlbnN1cyBCdXJl +YXUgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMWX8I9p +slFaUueuPpEFExgqKcGgoyTOBxFUCXNBnucL3cKRx9MC47kWOwQ94WYvI3LMcehC +6pOwIf5AuhrIdVrJaHSz317ENuDaiur9/qN3fBRidijHphynR/rwJSxiI3VQtj8G +SO4JmCA8dMsKayIl1RiKlQHPoNnSWyDEspAfenr0qq7PzbjKOEPXoO4eXO0plfB3 +aYd+qMRwHKQre4gRGpMfWu1w5JZqFItbXE/RSC38SoZWjkcMcjyTCDTSGY+j/aJw +SHx98riQ8SLQszL5Be0AmF0KHwMZNOsoaa5u/bF++g207W9guLVgO2Ak5D4Unyo3 +D7kcFSuBOVYdeT0XRi3iD0AwEkoCsVzeEOIqjAasj6hYD43O8GjfHpwGpAeASqTT +nbDajtuTsJrrBlLwpz49J5dihJ3Ah7jTirzQciEUZTXv3L7XpdBlt3/sv73Gn0F6 +jZPDANmHIfNHz0xWa9iES9sLPKln9cjnkJs/QlpooTJSrVuovGyzsbu1mb7PfBji +IMF8lVptjQYaWvvMXqXNx2+L6+uBVkEfmuZIs7Xen4ZNz4NP5MixTs3Tq2h81Hym +TbIlJUtSdwZ98jsX6YLerBYYMPawtSIH4Yfdq/Wpt7IHED47dTWdFfC0peqYfHIN +PoRG+eFYq5nHxadkGaifElPnNdvGblRLDj27AgMBAAGjUTBPMAsGA1UdDwQEAwIB +hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTHXiB3QZv2GiBSkErqGoOT8cOr +HjAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQwFAAOCAgEAdXsv6igAKGnq +VS79nePbjGj2Z+SFdM2jRVibv06mWR3uVqFNCz2zqlIXzX7PJmK7HycWDK82UWMh +8J0cn1O+PYWFalzhPWk7t1c6EK8wV63/iKj+voqNwZWL7L1/EQiQ8B4OPIyf7v5Y +j3/jqrvufLgGCyz+0JhBY8CBEGZ1knijrHxTv0DOV0ykKI0OpUIes+8SOTdszTDb +XujzE4ekSRTDqWJOCbsQb3KbBUr/k8APVq/Ir/xmS1WmauyP3zBIxMlPMmu9XTw/ +5nRUKKQe8FrVHELLO32iS+6bqdTNmkD7z/VyzWmBA0FVt8upD6Bs8U/bHjoiL/Jk +W3BQ6owq7u+B5w/Cl+WsgQcgVlDLlBZWMKnEng1n2MhqUnzf0dDGA99vrzLPVcPT +yoexQe1E1Y2EoORgaGbsnjkRTwppUnpnxkWrzObBieYB1ir0rRTbKS5hgwXu55Uc +6ypmCLUnQaDVWIZyKKwtmr4n/rX5KJPxj/zT0F+jH1WDyMDVg6jYyu1HIPcABkAU +OlsSr7Tfct75/JGf18oPSFMkV1kzeLUK21vflcMp+ZK0m2TRZyCLvMB/lEsRjsSM +wrgYk7cR14RqJ+RTA7IJqFQfNAXqV1ra+stZYYoLI83oK4shOhHLiO9lR6hSi43f +0w7ALm+8qd1Ih+E5BjmKBJAEFB5Zyzs= +-----END CERTIFICATE----- diff --git a/buildspecs/deploy.terragrunt.yml b/buildspecs/deploy.terragrunt.yml index 3dfeda7..07173bf 100644 --- a/buildspecs/deploy.terragrunt.yml +++ b/buildspecs/deploy.terragrunt.yml @@ -6,12 +6,14 @@ env: TF_VERSION: "1.5.5" TG_VERSION: "0.72.0" TOOLS_DIR: "/tmp/build-tools" + CERT_DIR: "/tmp/certs" exported-variables: - TERRAGRUNT_PATH cache: paths: - '/tmp/build-tools/**/*' + - '/tmp/certs/**/*' phases: install: @@ -22,6 +24,15 @@ phases: - export http_proxy=$PROXY_CONFIG - export https_proxy=$PROXY_CONFIG - export NO_PROXY=.census.gov,169.254.169.254,148.129.0.0/16,10.0.0.0/8,172.16.0/12,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev + + # Set up certificate for proxy access + - mkdir -p $CERT_DIR + - cp buildspecs/census-pki.bundle.crt $CERT_DIR/bundle.crt + - export SSL_CERT_FILE=$CERT_DIR/bundle.crt + - export REQUESTS_CA_BUNDLE=$CERT_DIR/bundle.crt + - export NODE_EXTRA_CA_CERTS=$CERT_DIR/bundle.crt + - export CURL_CA_BUNDLE=$CERT_DIR/bundle.crt + - export AWS_CA_BUNDLE=$CERT_DIR/bundle.crt # Create tools directory if it doesn't exist - mkdir -p $TOOLS_DIR/bin diff --git a/buildspecs/security.yml b/buildspecs/security.yml index 37a42cf..93b9263 100644 --- a/buildspecs/security.yml +++ b/buildspecs/security.yml @@ -3,10 +3,12 @@ version: 0.2 env: variables: TOOLS_DIR: "/tmp/build-tools" + CERT_DIR: "/tmp/certs" cache: paths: - '/tmp/build-tools/**/*' + - '/tmp/certs/**/*' phases: install: @@ -18,6 +20,15 @@ phases: - export https_proxy=$PROXY_CONFIG - export NO_PROXY=.census.gov,169.254.169.254,148.129.0.0/16,10.0.0.0/8,172.16.0/12,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev + # Set up certificate for proxy access + - mkdir -p $CERT_DIR + - cp buildspecs/bundle.crt $CERT_DIR/ + - export SSL_CERT_FILE=$CERT_DIR/bundle.crt + - export REQUESTS_CA_BUNDLE=$CERT_DIR/bundle.crt + - export NODE_EXTRA_CA_CERTS=$CERT_DIR/bundle.crt + - export CURL_CA_BUNDLE=$CERT_DIR/bundle.crt + - export AWS_CA_BUNDLE=$CERT_DIR/bundle.crt + # Install security scanning tools - mkdir -p $TOOLS_DIR/bin - pip install checkov -q diff --git a/buildspecs/terragrunt.yml b/buildspecs/terragrunt.yml index 7cbdfe8..4bb4a58 100644 --- a/buildspecs/terragrunt.yml +++ b/buildspecs/terragrunt.yml @@ -6,12 +6,14 @@ env: TF_VERSION: "1.5.5" TG_VERSION: "0.72.0" TOOLS_DIR: "/tmp/build-tools" + CERT_DIR: "/tmp/certs" exported-variables: - TERRAGRUNT_PATH cache: paths: - '/tmp/build-tools/**/*' + - '/tmp/certs/**/*' phases: install: @@ -22,6 +24,15 @@ phases: - export http_proxy=$PROXY_CONFIG - export https_proxy=$PROXY_CONFIG - export NO_PROXY=.census.gov,169.254.169.254,148.129.0.0/16,10.0.0.0/8,172.16.0/12,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev + + # Set up certificate for proxy access + - mkdir -p $CERT_DIR + - cp buildspecs/bundle.crt $CERT_DIR/ + - export SSL_CERT_FILE=$CERT_DIR/bundle.crt + - export REQUESTS_CA_BUNDLE=$CERT_DIR/bundle.crt + - export NODE_EXTRA_CA_CERTS=$CERT_DIR/bundle.crt + - export CURL_CA_BUNDLE=$CERT_DIR/bundle.crt + - export AWS_CA_BUNDLE=$CERT_DIR/bundle.crt # Create tools directory if it doesn't exist - mkdir -p $TOOLS_DIR/bin