dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

A Whole bunch of readme

Browse Source
This commit is contained in:
Nicholas J. Parks 2017-04-22 22:13:27 -04:00 committed by Nanne Baars
parent 70625ff5a2
commit 086e674bf4
4 changed files with 90 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
platformQuickStarts/AWS/README.md
View File

@ -8,17 +8,24 @@
- Deploying to ECS - Deploying to ECS
It is Assumed:
- You have an AWS Account
- You know what an S3 bucket is
- You have seen the IAM console and have permissions to create IAM Roles
## Code Pipeline and Build ## Code Pipeline and Build
This Quickstart is for those that just want to perform builds with AWS. It uses CodeCommit but can be modified to use GitHub This Quickstart is for those that just want to perform builds with AWS. It Triggers off of Github to perform builds of `webgoat-server`
## EC2 ## EC2
This uses AWS CodePipeline, CodeBuild, and CodeDeploy to land WebGoat to Running EC2 instances (WIP) This uses AWS CodePipeline, CodeBuild, and CodeDeploy to land WebGoat to Running EC2 instances
## ECS ## ECS
This uses AWS CodePipeline, CodeBuild, CodeDeploy, ECR, to update an ECS cluster (WIP) This uses AWS CodePipeline, CodeBuild, ECR, to land a container onto an ECS cluster

64
platformQuickStarts/AWS/codepipelinebuild/README.md Normal file
View File

@ -0,0 +1,64 @@
= Serverless MVN builds Featuring AWS
This Quick Start is the foundation where other of the AWS quickstarts begin. This quickstart only BUILDS the `webgoat-server` spring boot jar. If you want to also run it on AWS skip to the other AWS quickstarts
Before you Begin
1. Do you have an AWS Account?
2. Can you create an S3 Bucket?
3. Can you create a KMS Key?
4. Do you know that Cloud Formation is?
5. Do you have enough permissions to do any real work in said AWS Account?
If you said no to any of those...hope over to [docs](https://aws.amazon.com/documentation/) and learn (but don't do) how to create those.
You will also need:
1. A GitHub Account
2. Fork of WebGoat
3. Personal access Token with `Admin:repo_hook` and `repo`
== Create Pre-requisites
First pick and AWS region and stick with it for ALL the quickstarts. This one was mostly executed on US-east-1/2 but any region with KMS, CodePipeline, and CodeBuild will work. Eu-Central-1, ap-southeast-1 and sa-east-1 have reported success also.
1. Create an S3 bucket and call it something meaningfull like `webgoat-stash-username` or something or use an existing bucket you have access to.
2. Create a KMS Key. Make sure you are a key administrator so you can add key users later.
== Deploy IAM role Cloud Formation Stacks
In this folder there are two json cloudformation templates:
-`01_IAM_codebuild.json`
-`01_IAM_codepipeline.json`
You will use the CloudFormation templates to create two roles. One for CodePipeline and the Other for CodeBuild. You will use the name of the bucket you just created as a parameter.
== Update KMS Key
Access the KMS key you created earlier...add the two IAM roles you just created and Key Users
== Finally the Pipeline
You will use the yaml cloudformation template `01_codepiplinebuild.yml` to create the code building pipeline.
Some of the parameters you will need to pass:
1. The S3 bucket (twice)
2. The Github Branch name (master? develop? yourbranchname?)
3. The Github user (if you forked it would be your username)
4. You personal access token for GitHub
5. The name or the repo (WebGoat! ...unless you forked and rename and did a whole bunch of fancy git magic)
6. The ARN of the KMS key
7. The ARN of the role for the codebuild (qsCodeRoleArn)
8. The ARN for codepipeline (01_codepiplinebuild.yml)
If this Stack successfully deploys a build will begin based on the lates commit automatically. You will have a funky named zip file (without the .zip) in a folder in the S3 bucket in a few minutes.
Congratulations. You just Deployed a two step AWS Codepipeline that looks for codechanges and then performs a build.
... ON to the next AWS Quickstart

9
platformQuickStarts/GCP/README.md
View File

@ -6,3 +6,12 @@ It is assumed:
1. You have a Google Cloud Platform Account 1. You have a Google Cloud Platform Account
2. You can use Git 2. You can use Git
3. You can use a Shell Linux/Mac/Google Cloud Shell 3. You can use a Shell Linux/Mac/Google Cloud Shell
== GKE Docker
Uses GKE to run the latest DockerHub version of WebGoat8
== AppEngine
WIP

10
platformQuickStarts/README.md
View File

@ -4,16 +4,18 @@ Want to Run WebGoat? Want to run WebGoat in the Cloud? Don't want to be cloud Ex
Do we have a solution for you! Do we have a solution for you!
Through April to June 2017 Several IaaS (and a couple PaaSs) will be added to allow anyone to run WebGoat about anywhere.
Additionally, Each IaaS/PaaS have their deployment steps broken down giving the *app-guy-new-to-cloud* an opportunity to learn how said platform works.
Additionally, Each IaaS/PaaS will have their deployment steps broken down giving the *app-guy-new-to-cloud* an opportunity to learn how said platform works.
## AWS ## AWS
Multi-Part Quickstart. Starts with simple pipeline for code building to deploying to EC2/ECS continiously Multi-Part Quickstart. Starts with simple pipeline that just builds code to a deploying onto EC2 instances and then containers using ECS/ECR
## GCP
Get WebGoat Running on GKE and AppEngine