From a73ebb6c31ff24bc641b1c681761547d47647744 Mon Sep 17 00:00:00 2001 From: Marco Lancini Date: Thu, 31 Oct 2024 20:25:45 +0000 Subject: [PATCH] [TERRAFORM] Add aws-ec2-zero-trust (#202) --- terraform/README.md | 22 +++++++++++----------- terraform/aws-ec2-zero-trust/README.md | 4 ++-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/terraform/README.md b/terraform/README.md index 527ad43..494c8e9 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -5,14 +5,14 @@ This folder contains the relevant sources needed by a few custom Terraform modul ## Modules -| Module | Description | -| --------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [aws-ec2-zero-trust](aws-ec2-zero-trust/) | Automates the setup needed to use CloudFlare Access Applications and Tunnels to securely access webapps running on an EC2 instance, as described in [Building a Self-Hosted App Runner on EC2 with Cloudflare Zero Trust Access](http://blog.marcolancini.it/2024/blog-building-selfhosted-apprunner-ec2-cloudflare-zero-trust-access/) | -| [aws-ecs-zero-trust](aws-ecs-zero-trust/) | Automates the setup needed to use CloudFlare Tunnel to securely access a Flask webapp running in a private subnet in ECS on Fargate, as described in [Zero Trust Access to Private Webapps on AWS ECS with Cloudflare Tunnel](http://blog.marcolancini.it/2023/blog-cloudflare-tunnel-zero-trust-ecs/) | -| [aws-gdrive-backups](aws-gdrive-backups/) | Automates the setup of an ECS Task needed to backup a GDrive folder, as described in [Automated GDrive Backups with ECS and S3](https://www.marcolancini.it/2021/blog-gdrive-backups-with-ecs/) | -| [aws-github-backups](aws-github-backups/) | Automates the setup of an ECS Task needed to backup a Github account, as described in [Automated Github Backups with ECS and S3](https://www.marcolancini.it/2021/blog-github-backups-with-ecs/) | -| [aws-oidc-ci](aws-oidc-ci/) | Automates the setup of OIDC federation between AWS and Github Actions/Gitlab CI | -| [aws-security-reviewer](aws-security-reviewer/) | Setup roles and users needed to perform a security audit of AWS accounts, as described in [Cross Account Auditing in AWS and GCP](https://www.marcolancini.it/2019/blog-cross-account-auditing/) | -| [cloudflare-gateway-adblocking](cloudflare-gateway-adblocking/) | Mimic the Pi-hole's behaviour using only serverless technologies (Cloudflare Gateway, to be precise), as described in [Serverless Ad Blocking with Cloudflare Gateway](https://blog.marcolancini.it/2022/blog-serverless-ad-blocking-with-cloudflare-gateway/) | -| [cloudflare-pages](cloudflare-pages/) | Creates a Cloudflare Pages application with Zero Trust Authentication, where only the `allowed_emails` are allowed to access the application | -| [digitalocean-algovpn](digitalocean-algovpn/) | DigitalOcean droplet hosting an Algo VPN server | +| Module | Description | +| --------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [aws-ec2-zero-trust](aws-ec2-zero-trust/) | Automates the setup needed to use CloudFlare Access Applications and Tunnels to securely access webapps running on an EC2 instance, as described in [Building an App Runner on EC2 with Cloudflare Zero Trust Access](http://blog.marcolancini.it/2024/blog-building-apprunner-ec2-cloudflare-zero-trust-access/) | +| [aws-ecs-zero-trust](aws-ecs-zero-trust/) | Automates the setup needed to use CloudFlare Tunnel to securely access a Flask webapp running in a private subnet in ECS on Fargate, as described in [Zero Trust Access to Private Webapps on AWS ECS with Cloudflare Tunnel](http://blog.marcolancini.it/2023/blog-cloudflare-tunnel-zero-trust-ecs/) | +| [aws-gdrive-backups](aws-gdrive-backups/) | Automates the setup of an ECS Task needed to backup a GDrive folder, as described in [Automated GDrive Backups with ECS and S3](https://www.marcolancini.it/2021/blog-gdrive-backups-with-ecs/) | +| [aws-github-backups](aws-github-backups/) | Automates the setup of an ECS Task needed to backup a Github account, as described in [Automated Github Backups with ECS and S3](https://www.marcolancini.it/2021/blog-github-backups-with-ecs/) | +| [aws-oidc-ci](aws-oidc-ci/) | Automates the setup of OIDC federation between AWS and Github Actions/Gitlab CI | +| [aws-security-reviewer](aws-security-reviewer/) | Setup roles and users needed to perform a security audit of AWS accounts, as described in [Cross Account Auditing in AWS and GCP](https://www.marcolancini.it/2019/blog-cross-account-auditing/) | +| [cloudflare-gateway-adblocking](cloudflare-gateway-adblocking/) | Mimic the Pi-hole's behaviour using only serverless technologies (Cloudflare Gateway, to be precise), as described in [Serverless Ad Blocking with Cloudflare Gateway](https://blog.marcolancini.it/2022/blog-serverless-ad-blocking-with-cloudflare-gateway/) | +| [cloudflare-pages](cloudflare-pages/) | Creates a Cloudflare Pages application with Zero Trust Authentication, where only the `allowed_emails` are allowed to access the application | +| [digitalocean-algovpn](digitalocean-algovpn/) | DigitalOcean droplet hosting an Algo VPN server | diff --git a/terraform/aws-ec2-zero-trust/README.md b/terraform/aws-ec2-zero-trust/README.md index e2c1842..0c3b514 100644 --- a/terraform/aws-ec2-zero-trust/README.md +++ b/terraform/aws-ec2-zero-trust/README.md @@ -1,10 +1,10 @@ -# Building a Self-Hosted AppRunner on EC2 with Cloudflare Zero Trust Access +# Building an AppRunner on EC2 with Cloudflare Zero Trust Access This module automates the setup needed to use CloudFlare Access Applications and Tunnels to securely access webapps running on an EC2 instance, without exposing them to the public internet, as described in -[Building a Self-Hosted App Runner on EC2 with Cloudflare Zero Trust Access](http://blog.marcolancini.it/2024/blog-building-selfhosted-apprunner-ec2-cloudflare-zero-trust-access/). +[Building an AppRunner on EC2 with Cloudflare Zero Trust Access](http://blog.marcolancini.it/2024/blog-building-apprunner-ec2-cloudflare-zero-trust-access/). ![](https://blog.marcolancini.it/images/posts/blog_apprunner_highlevel.png)