6.8 KiB
Instant ⚡ Secure 🔒 Cloud ☁️ Docker Deployment 💻
Automated secure docker images deployment and virtual machine management using (mainly) the libcloud 
library to connect to 
, 
and 
.
Description 📔 and motivation 🧐
Have you ever wanted to instantly deploy a simple virtual machine (or multiple) using one or more of the IaaS that the top 🔝 3 cloud providers offer? 🤔 If yes 🙌💡, you might have noticed some things that tip you off like the fact that their web portals are bloated 🫃 for your use case or confusing 😕. Or that more often than not the same goes for their official cli tools 🤦. In the case you want to manage more than one provider's virtual machines, it becomes a hassle having to head over to their web portal, or tool and do the same thing in a different manner.
That's where SecDep comes in 💪. With SecDep, you can manage your virtual machines across all three cloud providers with ease 😎 without having to think of where to go and how to get there to do what you want 🥳.
Features and roadmap 🗺️
- Virtual machine creation
- GCE
- Azure
- AWS
- Virtual machine actions (delete, start, stop, reboot)
- GCE
- Azure
- AWS
- Virtual machine simple ssh connection
- Interactive
.envfile editing - Provider image, location, size and instance listing
- GCE
- Azure
- AWS
- Choice to perform above actions and instance listing on a single or all providers
- Hardening during creation
- Docker deployment during hardening
Prerequisites 📋
Even though we want to avoid using the tools or the web portals we actually have to do it just once to have everything set up to go 😐.
GCE
First and foremost, you need to have a Google account. If you don't have one, you can create one here.
Then follow the instructions 👉 here to set up your GCE account.
Instructions based on libcloud's documentation.
Azure
For Azure you need to be a part of an organization that has an Azure subscription 🏢.
Then follow the instructions here to set up your Azure account.
Instructions based on libcloud's documentation.
AWS
For AWS you firstly need an account and then to follow the instructions here 👈.
Dependencies 📦
We would have 4 external dependecies but due to missing functionality in libcloud when it comes to Azure management we need 7.
- libcloud which is the main dependency to connect to the cloud providers
- python-dotenv which is used to read the
.envfile - paramiko which is actually needed for the deployment of libcloud
- azure-sdk-for-python from which we need
- azure-identity to authenticate with Azure
- azure-mgmt-resource to manage Azure resources
- azure-mgmt-network to manage Azure networks
- shtab which is used to generate bash and zsh completion scripts
Installation 🛠️
Cloning the repository 📁
You can clone the repository by running git clone https://git.konsthol.eu/konsthol/SecDep.git in the directory you want the files to reside.
It goes without saying that you need to have git installed and that you need python to run it since it is a python script afterall.
Installing the dependencies 📥
The simplest way to install them is to run pip install -r requirements.txt in the root directory of the project.
If you don't have pip installed you can install it by running sudo apt install python3-pip on Debian based systems or sudo dnf install python3-pip on Fedora based systems.
For other systems you can check here 👈 for more information.
Walkthrough 🚶
Assuming you have set up your accounts and have the dependencies installed, you can now start using SecDep.
Check this page to get more familiar with the program.
Some program outputs 📊
Images and videos of common tasks will reside here
Connecting to the virtual machines 🛰️ 🖥️
If you want to connect using your ssh client you will be able to run ssh -i ~/Path/To/SecDep/secdep secdep@<ip>.
On instance creation the actual ssh command will be outputted once so you'll able to just copy and paste to connect 😎
To use PuTTY you will need to probably add the key to the program.
The ip will be outputted after the creation of the virtual machine.
If for any reason you delete either the public or the private key they will both be regenerated and you should probably delete the virtual machines that use it or find another way to log in and manually put the secdep.pub key to the authorized_keys file of the secdep user.
Tips and tricks 🤩
For some tips and tricks to make your life easier check this out.
Important disclaimers ⚠️
Carefully select the machine sizes
- Get a little familiar with the provider's pricing to not get caught by surprise 💸
According to the libcloud's documentation "unlimited" attributes like for example amazon's bandwidth get displayed as 0
- Don't blindly trust the scraped prices of the program output as they are not scraped by me but libcloud's library