From c55cf2dec5e44e21ed501e8be19b365aee8961f5 Mon Sep 17 00:00:00 2001 From: bhoff Date: Wed, 6 Nov 2024 17:17:07 -0800 Subject: [PATCH 1/3] Run nessus script installation daily, not hourly --- org-formation/090-systems-manager/_tasks.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/org-formation/090-systems-manager/_tasks.yaml b/org-formation/090-systems-manager/_tasks.yaml index 07b5faec..5119e239 100644 --- a/org-formation/090-systems-manager/_tasks.yaml +++ b/org-formation/090-systems-manager/_tasks.yaml @@ -83,7 +83,7 @@ StackArmorAgentInstallation: Account: '*' IncludeMasterAccount: true Parameters: - EventBridgeRuleSchedule: "cron(0 * * * ? *)" + EventBridgeRuleSchedule: "cron(0 2 * * ? *)" TargetRegionIds: "us-east-1" TargetTagName: execute-script TargetTagValue: install-stack-armor-agent From f81ef23799f4c2723dd71669f4e37b9495ed1623 Mon Sep 17 00:00:00 2001 From: bhoff Date: Tue, 16 Sep 2025 16:40:33 -0700 Subject: [PATCH 2/3] PLFM-9092: OIDC integration allowing developer forks of Synapse repo to acess Synapse dev' account --- .../650-identity-providers/_tasks.yaml | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/org-formation/650-identity-providers/_tasks.yaml b/org-formation/650-identity-providers/_tasks.yaml index cf482cca..9f7b9b74 100644 --- a/org-formation/650-identity-providers/_tasks.yaml +++ b/org-formation/650-identity-providers/_tasks.yaml @@ -166,6 +166,44 @@ GithubOidcSageBionetworksSynapse: - !Ref SynapseProdAccount Region: us-east-1 +GithubOidcSageBionetworksSynapseBuild: + Type: update-stacks + DependsOn: GithubOidcSageBionetworks + Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.4/templates/IAM/github-oidc-provider.j2 + StackName: !Sub ${resourcePrefix}-${appName}-sage-bionetworks-synapse-build + Parameters: + ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ] + ProviderRoleName: !Sub ${resourcePrefix}-${appName}-sage-bionetworks-synapse-build + ManagedPolicyArns: + - "arn:aws:iam::aws:policy/AdministratorAccess" + TemplatingContext: + Repositories: + - owner: "Sage-Bionetworks" + name: "Synapse-Repository-Services" + branches: ["*"] + - owner: "brucehoff" + name: "Synapse-Repository-Services" + branches: ["*"] + - owner: "SandhraSokhal" + name: "Synapse-Repository-Services" + branches: ["*"] + - owner: "marcomarasca" + name: "Synapse-Repository-Services" + branches: ["*"] + - owner: "john-hill" + name: "Synapse-Repository-Services" + branches: ["*"] + - owner: "xschildw" + name: "Synapse-Repository-Services" + branches: ["*"] + - owner: "nickgros" + name: "Synapse-Repository-Services" + branches: ["*"] + DefaultOrganizationBinding: + Account: + - !Ref SynapseDevAccount + Region: us-east-1 + GithubOidcSageBionetworksSynapseOpsDev: Type: update-stacks DependsOn: GithubOidcSageBionetworks From 9e4288033e87c57ca7b78e4e63e00e53f492dd56 Mon Sep 17 00:00:00 2001 From: bhoff Date: Wed, 17 Sep 2025 14:44:19 -0700 Subject: [PATCH 3/3] PLFM-9092 increase role session duration to 43200s --- org-formation/650-identity-providers/_tasks.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/org-formation/650-identity-providers/_tasks.yaml b/org-formation/650-identity-providers/_tasks.yaml index 9f7b9b74..6fc6e42d 100644 --- a/org-formation/650-identity-providers/_tasks.yaml +++ b/org-formation/650-identity-providers/_tasks.yaml @@ -176,6 +176,7 @@ GithubOidcSageBionetworksSynapseBuild: ProviderRoleName: !Sub ${resourcePrefix}-${appName}-sage-bionetworks-synapse-build ManagedPolicyArns: - "arn:aws:iam::aws:policy/AdministratorAccess" + MaxSessionDuration: 43200 TemplatingContext: Repositories: - owner: "Sage-Bionetworks"