Merge branch 'master' into add-spatial

Signed-off-by: Alex Pickering <[email protected]>
hms-dbmi-cellenics · Dec 6, 2024 · d073cf5 · d073cf5
2 parents 5aec18a + b15049b
commit d073cf5
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 4 deletions.
diff --git a/.github/workflows/deploy-changed-cf.yaml b/.github/workflows/deploy-changed-cf.yaml
@@ -239,7 +239,7 @@ jobs:
           capabilities: "CAPABILITY_IAM,CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND"
 
       - id: deploy-batch-job-definition-template
-        name: Deploy CloudFormation PostRegisterLambda template
+        name: Deploy CloudFormation batch-job-definition template
         if: ${{ matrix.template == 'cf/batch-job-definition.yaml' }}
         uses: aws-actions/aws-cloudformation-github-deploy@v1
         with:
@@ -422,6 +422,54 @@ jobs:
         env:
           REGION: ${{ secrets.AWS_REGION }}
 
+      - id: install-crowdstrike-on-rds
+        name: Install CrowdStrike Sensor for default RDS instances
+        run: |-
+
+          if [[ -n "${{ secrets.FALCON_CID }}" ]];
+          then
+
+            INSTANCE_ID=$(aws ec2 describe-instances \
+            --filters "Name=tag:Name,Values=rds-${CLUSTER_ENV}-ssm-agent" \
+            --output text \
+            --query 'Reservations[*].Instances[*].InstanceId')
+            if [ -z $INSTANCE_ID ]; then
+              echo "Can not connect to RDS agent: No instances found for $CLUSTER_ENV"
+              exit 1
+            fi
+
+            CLUSTER_NAME=aurora-cluster-${CLUSTER_ENV}-default
+
+            RDSHOST=$(aws rds describe-db-cluster-endpoints \
+              --region $REGION \
+              --db-cluster-identifier $CLUSTER_NAME \
+              --filter Name=db-cluster-endpoint-type,Values='writer' \
+              --query 'DBClusterEndpoints[0].Endpoint' \
+              --output text)
+            if [ -z $RDSHOST ]; then
+              echo "Failed getting RDS host with name $CLUSTER_NAME"
+              exit 1
+            fi
+
+            INSTALL_SCRIPT_URL="https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.6.0/bash/install/falcon-linux-install.sh"
+            INSTALL_FALCON_COMMAND="
+              export FALCON_CLIENT_ID=${{ secrets.FALCON_CLIENT_ID }} && \
+              export FALCON_CLIENT_SECRET=${{ secrets.FALCON_CLIENT_SECRET }} && \
+              curl -O ${INSTALL_SCRIPT_URL} && \
+              bash falcon-linux-install.sh
+            "
+
+            aws ssm send-command --instance-ids "$INSTANCE_ID" \
+              --document-name AWS-RunShellScript \
+              --parameters "commands='$INSTALL_FALCON_COMMAND'"
+              
+          else
+            echo "CrowdStrike CID missing, skipping falcon sensor setup"
+          fi
+
+        env:
+          REGION: ${{ secrets.AWS_REGION }}
+
   report-if-failed:
     name: Report if workflow failed
     runs-on: ubuntu-20.04

diff --git a/.github/workflows/deploy-infra.yaml b/.github/workflows/deploy-infra.yaml
@@ -256,13 +256,18 @@ jobs:
       - id: install-eksctl
         name: Install eksctl
         run: |-
-          curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
+          ARCH=amd64
+          PLATFORM=$(uname -s)_$ARCH
+
+          curl -sLO "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_$PLATFORM.tar.gz"
+          tar -xzf eksctl_$PLATFORM.tar.gz -C /tmp && rm eksctl_$PLATFORM.tar.gz
+
           sudo mv /tmp/eksctl /usr/local/bin
 
       - id: deploy-load-balancer-role
         name: Deploy permissions for AWS load balancer controller
         run: |-
-          curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.7.2/docs/install/iam_policy.json
+          curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.10.1/docs/install/iam_policy.json
           aws iam create-policy \
             --policy-name AWSLoadBalancerControllerIAMPolicy-$CLUSTER_ENV \
             --policy-document file://iam-policy.json || true
@@ -283,7 +288,7 @@ jobs:
         uses: nick-invision/retry@v2
         with:
           timeout_seconds: 600
-          max_attempts: 20
+          max_attempts: 5
           retry_on: error
           on_retry_command: sleep $(shuf -i 5-15 -n 1)
           command: |-

diff --git a/cf/rds.yaml b/cf/rds.yaml
@@ -158,3 +158,4 @@ Resources:
       AutoMinorVersionUpgrade: true
       PubliclyAccessible: false
 
+
Original file line number	Diff line number	Diff line change
Expand Up		@@ -158,3 +158,4 @@ Resources:
		AutoMinorVersionUpgrade: true
		PubliclyAccessible: false