Skip to content

vastly improved integration settings page #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ccbrown merged 1 commit into from
Apr 19, 2025
Merged

vastly improved integration settings page #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions aws/lib/regional-stack.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,8 @@ export class RegionalStack extends Stack {
const integrationTemplateUpload = new s3deploy.BucketDeployment(this, 'UploadIntegrationTemplate', {
sources: [
s3deploy.Source.data(
'integration-v2.cfn.yaml',
fs.readFileSync(path.join(__dirname, '../../frontend/public/integration-v2.cfn.yaml'), 'utf8'),
'integration-v3.cfn.yaml',
fs.readFileSync(path.join(__dirname, '../../frontend/public/integration-v3.cfn.yaml'), 'utf8'),
),
],
destinationBucket: publicS3Bucket,
Expand Down
1 change: 1 addition & 0 deletions backend/api/aws_integration.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ func AWSIntegrationFromModel(integration *model.AWSIntegration) apispec.AWSInteg
CreationTime: integration.CreationTime,
TeamId: integration.TeamId.String(),
Name: integration.Name,
RoleArn: integration.RoleARN,
GetAccountNamesFromOrganizations: integration.GetAccountNamesFromOrganizations,
ManageScps: integration.ManageSCPs,
}
Expand Down
71 changes: 70 additions & 1 deletion frontend/public/integration-v2.cfn.yaml → frontend/public/integration-v3.cfn.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
# Typically we would use the AWS CDK instead of writing CloudFormation templates directly, but CDK
# output is much less readable, and we feel it's important that you can review the templates you're
# deploying with ease.
Description: Cloud Snitch AWS Integration (V1)
Description: Cloud Snitch AWS Integration (V3)
#
# These are the input parameters you'll need to provide us.
Parameters:
Expand All @@ -61,6 +61,13 @@ Parameters:
- 'Yes'
- 'No'
Description: Whether to allow read access to AWS Organizations data such as account names.
AllowSCPManagement:
Type: String
Default: 'No'
AllowedValues:
- 'Yes'
- 'No'
Description: Whether to allow the creation of additional service control policies for accounts.
S3BucketName:
Type: String
Default: ''
Expand All @@ -75,6 +82,7 @@ Parameters:
Conditions:
HasOrganizationsAccess: !Equals [!Ref AllowOrganizationsAccess, 'Yes']
HasS3BucketName: !Not [!Equals [!Ref S3BucketName, '']]
HasSCPManagement: !Equals [!Ref AllowSCPManagement, 'Yes']
#
# Now for the resources...
Resources:
Expand Down Expand Up @@ -116,6 +124,67 @@ Resources:
PolicyName: organizations
Roles:
- !Ref IntegrationRole
# If you specify that you want to allow Cloud Snitch to manage service control policies, we
# create a policy and attach it to the role.
IntegrationSCMManagementPolicy:
Condition: HasSCPManagement
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
# These actions allow us to get general information about the organization.
- Action:
- organizations:ListAccounts
- organizations:ListParents
- organizations:ListRoots
- iam:GenerateOrganizationsAccessReport
- iam:GetOrganizationsAccessReport
Effect: Allow
Resource: '*'
# Allow enumerating and attaching service control policies to accounts. Note
# that attaching and detaching policies also requires permissions on the policy
# resource, which are granted in the next statement.
- Action:
- organizations:AttachPolicy
- organizations:DetachPolicy
- organizations:ListPoliciesForTarget
Effect: Allow
Resource: !Sub 'arn:aws:organizations::${AWS::AccountId}:account/*'
Condition:
StringEquals:
organizations:PolicyType: SERVICE_CONTROL_POLICY
# Allow operating on service control policies that are tagged as being managed
# by Cloud Snitch. Permission is not granted to operate on any other policies.
- Action:
- organizations:AttachPolicy
- organizations:DetachPolicy
- organizations:CreatePolicy
- organizations:DescribePolicy
- organizations:DeletePolicy
- organizations:UpdatePolicy
Effect: Allow
Resource: '*'
Condition:
StringEquals:
aws:ResourceTag/CloudSnitchManaged: 'true'
organizations:PolicyType: SERVICE_CONTROL_POLICY
# Lastly, we need to be able to assign the Cloud Snitch managed tag to policies,
# but only on creation. We cannot add the tag to existing policies.
- Action: organizations:TagResource
Effect: Allow
Resource: !Sub 'arn:aws:organizations::${AWS::AccountId}:policy/*'
Condition:
# There's an important subtlety at play here: When the policy is created,
# aws:ResourceTag is based on the tags in the request. Otherwise, the
# aws:ResourceTag is based on the tags already on the resource. This
# allows us to have full control over our policies without being able to
# touch existing policies.
StringEquals:
aws:ResourceTag/CloudSnitchManaged: 'true'
Version: '2012-10-17'
PolicyName: scp-management
Roles:
- !Ref IntegrationRole
# If you specify an S3 bucket name, we create a policy for read access and attach it to the role.
IntegrationS3Policy:
Condition: HasS3BucketName
Expand Down
2 changes: 1 addition & 1 deletion frontend/src/app/(public-area)/cookie-policy/page.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ const Page = () => {
<div className="translucent-snow p-4 rounded-lg">
<h1>Cookie Policy</h1>
<div className="text-sm border-b border-platinum pb-4">
<span className="uppercase text-english-violet font-semibold">Revision:</span> {REVISION}
<span className="uppercase label">Revision:</span> {REVISION}
</div>
<div className="flex flex-col gap-4 mt-4">
<p>
Expand Down
13 changes: 6 additions & 7 deletions frontend/src/app/(public-area)/pricing/page.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,13 +80,12 @@ const Page = () => {
credits.
</p>
<p>
<strong className="uppercase text-english-violet">Example:</strong> You sign up at the begining of
the month and create your one-person team using an Individual plan. You then set up an AWS
integration and begin ingesting CloudTrail data for 3 AWS accounts. This results in a charge of 3 x
$0.99 = $2.97. Halfway through the month, you upgrade to the Team plan, resulting in a charge of 3 x
($9.99 - $0.99) x 50% = $13.50. You also decide to add another account, which results in an
additional $9.99 x 50% = $4.98 charge. At the beginning of future billing cycles, you simply pay 4 x
$9.99 = $39.96.
<span className="uppercase label">Example:</span> You sign up at the begining of the month and
create your one-person team using an Individual plan. You then set up an AWS integration and begin
ingesting CloudTrail data for 3 AWS accounts. This results in a charge of 3 x $0.99 = $2.97. Halfway
through the month, you upgrade to the Team plan, resulting in a charge of 3 x ($9.99 - $0.99) x 50%
= $13.50. You also decide to add another account, which results in an additional $9.99 x 50% = $4.98
charge. At the beginning of future billing cycles, you simply pay 4 x $9.99 = $39.96.
</p>
<p className="text-xs">*This example excludes any applicable taxes.</p>
</div>
Expand Down
2 changes: 1 addition & 1 deletion frontend/src/app/(public-area)/privacy-policy/page.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ const Page = () => {
<div className="translucent-snow p-4 rounded-lg">
<h1>Privacy Policy</h1>
<div className="text-sm border-b border-platinum pb-4">
<span className="uppercase text-english-violet font-semibold">Revision:</span> {REVISION}
<span className="uppercase label">Revision:</span> {REVISION}
</div>
<div className="flex flex-col gap-4 mt-4">
<p>
Expand Down
2 changes: 1 addition & 1 deletion frontend/src/app/(public-area)/terms-of-service/page.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ const Page = () => {
<div className="translucent-snow p-4 rounded-lg">
<h1>Terms of Service</h1>
<div className="text-sm border-b border-platinum pb-4">
<span className="uppercase text-english-violet font-semibold">Revision:</span> {REVISION}
<span className="uppercase label">Revision:</span> {REVISION}
</div>
<div className="flex flex-col gap-4 mt-4">
<p>
Expand Down
4 changes: 1 addition & 3 deletions frontend/src/app/(user-area)/teams/[teamId]/Header.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,7 @@ export const Header = (props: Props) => {
)}
{memberships && memberships.length > 1 && (
<div className="p-2 border-b border-platinum">
<div className="p-2 font-semibold uppercase text-sm text-english-violet">
Switch Team
</div>
<div className="p-2 uppercase text-sm label">Switch Team</div>
{memberships
.filter((membership) => membership.team.id !== teamId)
.map((membership) => (
Expand Down
8 changes: 2 additions & 6 deletions frontend/src/app/(user-area)/teams/[teamId]/page.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -339,9 +339,7 @@ const Page = () => {
<p>There&apos;s nothing here, but we can fix that!</p>
{needsSubscriptionSetup && (
<>
<p className="uppercase text-english-violet font-semibold">
Activate a subscription
</p>
<p className="uppercase label">Activate a subscription</p>
<p>
Head over to your team&apos;s{' '}
<Link href={`/teams/${teamId}/settings/billing`} className="link">
Expand All @@ -354,9 +352,7 @@ const Page = () => {
)}
{needsAwsIntegrationSetup && (
<>
<p className="uppercase text-english-violet font-semibold">
Integrate with your AWS account
</p>
<p className="uppercase label">Integrate with your AWS account</p>
<p>
Go to your team&apos;s{' '}
<Link href={`/teams/${teamId}/settings/integrations`} className="link">
Expand Down
8 changes: 4 additions & 4 deletions frontend/src/app/(user-area)/teams/[teamId]/settings/billing/page.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -373,7 +373,7 @@ const Page = () => {
<div className="flex flex-col">
{billingProfile?.balance && (
<div>
<strong className="text-english-violet font-semibold">Balance:</strong>{' '}
<span className="label">Balance:</span>{' '}
<Tooltip
content={
<div className="w-sm">
Expand All @@ -393,7 +393,7 @@ const Page = () => {
) : (
<>
<div>
<strong className="text-english-violet font-semibold">Accounts:</strong>{' '}
<span className="label">Accounts:</span>{' '}
<Tooltip
content={
<div className="w-sm">
Expand All @@ -407,8 +407,8 @@ const Page = () => {
</div>
{subscription.price?.accountMonth && (
<div>
<strong className="text-english-violet font-semibold">Monthly Price:</strong>{' '}
{subscription.price.accountMonth.text} per AWS account
<span className="label">Monthly Price:</span> {subscription.price.accountMonth.text}{' '}
per AWS account
</div>
)}
</>
Expand Down
Loading
Loading