In order to audit other accounts, an IAM role needs to be created with a cross-account trust from the BOVI(n)E account.
A DynamoDB table for account metadata.
Cognito user pools for user management.
This is optional. Custom domain name to be used instead of having to use the ugly API Gateway URL.
The Serverless Framework is used to control deployments and abstract away Cloudformation complexities.
BOVI(n)E leverages the Serverless Framework found at Serverless.
Install the Serverless Framework:
$ npm install serverless -gPrior to calling the deployment scripts, the following items must already be deployed on AWS:
- Setup BOVI(n)E Role A role in security account that has a trust relation with an assumable role in the target accounts. This role needs readonly rights in the target account.
- Cognito user pool setup.
- Custom Domain Name setup in Amazon Certificate Manager, API Gateway, and Route 53 (or other DNS provider)
- Dynamo table called AWS-Accounts-Table with accountNum as the primary key
You must also have proper serverless config files built:
In the backend directory:
$ serverless deploy --profile [aws credentials profile] --stage [deployment stage (dev/prod)]The profile arg is your AWS credentials profile. The stage arg is the deployment stage.
After deploying, you need to add binary content support in API Gateway:
- In the AWS Console under API Gateway, click the newly deployed BOVI(n)E API endpoint -> settings. Under "Binary Media Types" add the following content-types: image/png, image/x-icon, image/*, /
- NOTE: After making this change, you will need to redeploy the API for the changes to take affect.
In the tools directory:
$ sh deploy-content.sh [aws profile] [s3 bucket name for BOVI(n)E html]