AWS Marketplace integration

The AWS Marketplace is a digital catalog for buying, selling, and deploying software, data and services that run on Amazon Web Services (AWS). Fluid Attacks  has integrated its platform into the AWS Marketplace  to facilitate its acquisition. Below is a detailed description of the infrastructure and configuration required to manage the platform on the AWS Marketplace.

Marketplace infrastructure

The relevant repository can be found on GitLab .

Configuration files

1. idp.tf: Configures identity providers for Okta and GitLab.
2. Okta: Allows users with assigned roles to access the AWS console.
3. GitLab: Allows the GitLab runner to assume the necessary role for Terraform deployment permissions.
4. main.tf and outputs.tf: These are general configuration files that define Terraform resources and outputs.
5. main.tf: Specifies the resources to be scanned.
6. outputs.tf: Defines the outputs that can be used by other modules or for reference.
7. roles.tf: Defines roles and permissions in the AWS account. This ensures that users and applications have the appropriate access levels.
8. MarketplaceAdmin: Grants full access to Billing and the Marketplace. This role is assigned to marketing and product management personnel.
9. Admin: Provides full access to the account. It is exclusively assigned to one person for any administrative needs.
10. Development: Allows the Terraform test runner to have read-only permissions.
11. Deployment: Allows the Terraform production runner to have the necessary read and write permissions.
12. IntegratesMarketplaceCrossAccount: Allows Integrates (Fluid Attacks’ platform) to connect with the Marketplace API and perform the integration.
13. sops.tf: Configuration of KMS keys for using SOPS and storing encrypted secrets in the repository.
14. SOPS (Secret Operations): Tool for managing and encrypting secrets.
15. KMS (Key Management Service): AWS service for managing cryptographic keys.
16. sqs.tf: Configuration of an SWS queue to receive messages from AWS SNS resources when a product is created in the Marketplace.
17. SQS (Simple Queue Service): Message queue that enables decoupling and scaling of microservices, distributed systems, and serverless applications.
18. Received Messages: Updates on user subscriptions, renewals, cancellations, modifications, etc.
19. state.tf: Manages the Terraform state.
20. Backend: Configuration of state storage in a remote backend, such as an S3 bucket.
21. storage.tf: Configuration of a public S3 bucket to store files necessary for product configuration.
22. Public Files: Logo, terms of use, and other configuration files that must be publicly accessible.
23. users.tf: Creation of users for Okta integration with the account via SAML.
24. SAML (Security Assertion Markup Language): Protocol for single sign-on (SSO) in login systems.
25. variables.tf: Configuration file that defines the variables used in other Terraform files.
26. Defined Variables: Reusable parameters to avoid repetition and facilitate configuration management.

With detailed insights into each component, users can ensure smooth integration and operation.