From 1c5a7b1b66c350060a9ffaf57045b2ed63348942 Mon Sep 17 00:00:00 2001 From: Nithya Thokala Date: Thu, 3 Jul 2025 10:54:42 -0400 Subject: [PATCH 1/2] Added aws credentials via oidc --- .../healthcheck-app-existingVpc-Ubuntu-Thurs.yml | 14 ++++++++++---- .../healthcheck-app-existingVpc-Win-Tue.yml | 14 ++++++++++---- .../healthcheck-app-newVpc-Ubuntu-Mon.yml | 14 ++++++++++---- .../workflows/healthcheck-app-newVpc-Win-Wed.yml | 14 ++++++++++---- healthcheck/refarch_testtools/deploy.py | 2 +- 5 files changed, 41 insertions(+), 17 deletions(-) diff --git a/.github/workflows/healthcheck-app-existingVpc-Ubuntu-Thurs.yml b/.github/workflows/healthcheck-app-existingVpc-Ubuntu-Thurs.yml index f4f798a..6bef751 100644 --- a/.github/workflows/healthcheck-app-existingVpc-Ubuntu-Thurs.yml +++ b/.github/workflows/healthcheck-app-existingVpc-Ubuntu-Thurs.yml @@ -6,6 +6,9 @@ on: workflow_dispatch: schedule: - cron: '0 15 * * 4' +permissions: + id-token: write + contents: read jobs: build: runs-on: ubuntu-latest @@ -16,6 +19,12 @@ jobs: uses: actions/setup-python@v4 with: python-version: '3.13' + - name: Configure AWS credentials via OIDC + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.oidc_role_arn }} + aws-region: us-east-1 + role-duration-seconds: 7200 - name: Install dependencies run: | python -m pip install --upgrade pip @@ -31,7 +40,4 @@ jobs: - name: MATLAB Web App Server Reference Architecture Health Check Test Ubuntu Existing VPC Ubuntu us-east-1 region run: | cd healthcheck - export AWS_ACCESS_KEY_ID=${{ secrets.aws_access_key_id }} - export AWS_SECRET_ACCESS_KEY=${{ secrets.aws_secret_access_key }} - export AWS_REGION="us-east-1" - python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.KeyPairName }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "us-east-1" "Ubuntu" + python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameVirginia }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "us-east-1" "Ubuntu" diff --git a/.github/workflows/healthcheck-app-existingVpc-Win-Tue.yml b/.github/workflows/healthcheck-app-existingVpc-Win-Tue.yml index 049f4d2..eb878c5 100644 --- a/.github/workflows/healthcheck-app-existingVpc-Win-Tue.yml +++ b/.github/workflows/healthcheck-app-existingVpc-Win-Tue.yml @@ -6,6 +6,9 @@ on: workflow_dispatch: schedule: - cron: '0 15 * * 2' +permissions: + id-token: write + contents: read jobs: build: runs-on: ubuntu-latest @@ -16,6 +19,12 @@ jobs: uses: actions/setup-python@v4 with: python-version: '3.13' + - name: Configure AWS credentials via OIDC + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.oidc_role_arn }} + aws-region: eu-west-1 + role-duration-seconds: 7200 - name: Install dependencies run: | python -m pip install --upgrade pip @@ -31,7 +40,4 @@ jobs: - name: MATLAB Web App Server Reference Architecture Health Check Test Windows Existing VPC Windows eu-west-1 region run: | cd healthcheck - export AWS_ACCESS_KEY_ID=${{ secrets.aws_access_key_id }} - export AWS_SECRET_ACCESS_KEY=${{ secrets.aws_secret_access_key }} - export AWS_REGION="eu-west-1" - python test_webappserver_refarch_existingvpc.py ${{ secrets.KeyPairNameIreland }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "eu-west-1" "Windows" + python test_webappserver_refarch_existingvpc.py ${{ secrets.OIDCKeyPairNameIreland }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "eu-west-1" "Windows" diff --git a/.github/workflows/healthcheck-app-newVpc-Ubuntu-Mon.yml b/.github/workflows/healthcheck-app-newVpc-Ubuntu-Mon.yml index c39319b..a29c096 100644 --- a/.github/workflows/healthcheck-app-newVpc-Ubuntu-Mon.yml +++ b/.github/workflows/healthcheck-app-newVpc-Ubuntu-Mon.yml @@ -8,6 +8,9 @@ on: push: schedule: - cron: '0 15 * * 1' +permissions: + id-token: write + contents: read jobs: build: runs-on: ubuntu-latest @@ -18,6 +21,12 @@ jobs: uses: actions/setup-python@v4 with: python-version: '3.13' + - name: Configure AWS credentials via OIDC + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.oidc_role_arn }} + aws-region: us-east-1 + role-duration-seconds: 7200 - name: Install dependencies run: | python -m pip install --upgrade pip @@ -33,7 +42,4 @@ jobs: - name: MATLAB Web App Server Reference Architecture Health Check Test Ubuntu New VPC Ubuntu us-east-1 region run: | cd healthcheck - export AWS_ACCESS_KEY_ID=${{ secrets.aws_access_key_id }} - export AWS_SECRET_ACCESS_KEY=${{ secrets.aws_secret_access_key }} - export AWS_REGION="us-east-1" - python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.KeyPairName }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "us-east-1" "Ubuntu" + python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameVirginia }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "us-east-1" "Ubuntu" diff --git a/.github/workflows/healthcheck-app-newVpc-Win-Wed.yml b/.github/workflows/healthcheck-app-newVpc-Win-Wed.yml index 8f3217f..c83a679 100644 --- a/.github/workflows/healthcheck-app-newVpc-Win-Wed.yml +++ b/.github/workflows/healthcheck-app-newVpc-Win-Wed.yml @@ -6,6 +6,9 @@ on: workflow_dispatch: schedule: - cron: '0 15 * * 3' +permissions: + id-token: write + contents: read jobs: build: runs-on: ubuntu-latest @@ -16,6 +19,12 @@ jobs: uses: actions/setup-python@v4 with: python-version: '3.13' + - name: Configure AWS credentials via OIDC + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.oidc_role_arn }} + aws-region: ap-northeast-1 + role-duration-seconds: 7200 - name: Install dependencies run: | python -m pip install --upgrade pip @@ -31,7 +40,4 @@ jobs: - name: MATLAB Web App Server Reference Architecture Health Check Test Windows New VPC Windows ap-northeast region run: | cd healthcheck - export AWS_ACCESS_KEY_ID=${{ secrets.aws_access_key_id }} - export AWS_SECRET_ACCESS_KEY=${{ secrets.aws_secret_access_key }} - export AWS_REGION="ap-northeast-1" - python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.KeyPairNameTokyo }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "ap-northeast-1" "Windows" + python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameTokyo }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "ap-northeast-1" "Windows" diff --git a/healthcheck/refarch_testtools/deploy.py b/healthcheck/refarch_testtools/deploy.py index afbb69e..9ca1720 100644 --- a/healthcheck/refarch_testtools/deploy.py +++ b/healthcheck/refarch_testtools/deploy.py @@ -5,7 +5,7 @@ from botocore.exceptions import WaiterError _logger = logging.getLogger("deploy") - +logging.basicConfig(level=logging.INFO) def deploy_stack(template_url, template_parameters, region, stack_base_name="refArchTest", extra_parameters={}): stack_name = _create_stack_name(stack_base_name) From 61cd026c3b72d82e8a01469e460f8b54c6353133 Mon Sep 17 00:00:00 2001 From: Nithya Thokala Date: Mon, 21 Jul 2025 17:39:50 -0400 Subject: [PATCH 2/2] Added code to fetch IP --- .../workflows/healthcheck-app-existingVpc-Ubuntu-Thurs.yml | 2 +- .github/workflows/healthcheck-app-existingVpc-Win-Tue.yml | 2 +- .github/workflows/healthcheck-app-newVpc-Ubuntu-Mon.yml | 2 +- .github/workflows/healthcheck-app-newVpc-Win-Wed.yml | 2 +- healthcheck/test_mwasrefarch_healthcheck_newvpc.py | 5 +++-- healthcheck/test_webappserver_refarch_existingvpc.py | 5 +++-- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/healthcheck-app-existingVpc-Ubuntu-Thurs.yml b/.github/workflows/healthcheck-app-existingVpc-Ubuntu-Thurs.yml index 6bef751..a2cd6ae 100644 --- a/.github/workflows/healthcheck-app-existingVpc-Ubuntu-Thurs.yml +++ b/.github/workflows/healthcheck-app-existingVpc-Ubuntu-Thurs.yml @@ -40,4 +40,4 @@ jobs: - name: MATLAB Web App Server Reference Architecture Health Check Test Ubuntu Existing VPC Ubuntu us-east-1 region run: | cd healthcheck - python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameVirginia }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "us-east-1" "Ubuntu" + python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameVirginia }} ${{ secrets.lmpassword }} "us-east-1" "Ubuntu" diff --git a/.github/workflows/healthcheck-app-existingVpc-Win-Tue.yml b/.github/workflows/healthcheck-app-existingVpc-Win-Tue.yml index eb878c5..242b314 100644 --- a/.github/workflows/healthcheck-app-existingVpc-Win-Tue.yml +++ b/.github/workflows/healthcheck-app-existingVpc-Win-Tue.yml @@ -40,4 +40,4 @@ jobs: - name: MATLAB Web App Server Reference Architecture Health Check Test Windows Existing VPC Windows eu-west-1 region run: | cd healthcheck - python test_webappserver_refarch_existingvpc.py ${{ secrets.OIDCKeyPairNameIreland }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "eu-west-1" "Windows" + python test_webappserver_refarch_existingvpc.py ${{ secrets.OIDCKeyPairNameIreland }} ${{ secrets.lmpassword }} "eu-west-1" "Windows" diff --git a/.github/workflows/healthcheck-app-newVpc-Ubuntu-Mon.yml b/.github/workflows/healthcheck-app-newVpc-Ubuntu-Mon.yml index a29c096..a4e8237 100644 --- a/.github/workflows/healthcheck-app-newVpc-Ubuntu-Mon.yml +++ b/.github/workflows/healthcheck-app-newVpc-Ubuntu-Mon.yml @@ -42,4 +42,4 @@ jobs: - name: MATLAB Web App Server Reference Architecture Health Check Test Ubuntu New VPC Ubuntu us-east-1 region run: | cd healthcheck - python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameVirginia }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "us-east-1" "Ubuntu" + python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameVirginia }} ${{ secrets.lmpassword }} "us-east-1" "Ubuntu" diff --git a/.github/workflows/healthcheck-app-newVpc-Win-Wed.yml b/.github/workflows/healthcheck-app-newVpc-Win-Wed.yml index c83a679..ca6bb72 100644 --- a/.github/workflows/healthcheck-app-newVpc-Win-Wed.yml +++ b/.github/workflows/healthcheck-app-newVpc-Win-Wed.yml @@ -40,4 +40,4 @@ jobs: - name: MATLAB Web App Server Reference Architecture Health Check Test Windows New VPC Windows ap-northeast region run: | cd healthcheck - python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameTokyo }} ${{ secrets.lmpassword }} ${{ secrets.ipaddress }} "ap-northeast-1" "Windows" + python test_mwasrefarch_healthcheck_newvpc.py ${{ secrets.OIDCKeyPairNameTokyo }} ${{ secrets.lmpassword }} "ap-northeast-1" "Windows" diff --git a/healthcheck/test_mwasrefarch_healthcheck_newvpc.py b/healthcheck/test_mwasrefarch_healthcheck_newvpc.py index 32a75d0..8164f8c 100644 --- a/healthcheck/test_mwasrefarch_healthcheck_newvpc.py +++ b/healthcheck/test_mwasrefarch_healthcheck_newvpc.py @@ -10,9 +10,10 @@ from datetime import date import json -def main(keypairname, password, ipAddress, location_arg, platform_arg): +def main(keypairname, password, location_arg, platform_arg): # Reference architectures in production. ref_arch_name = 'matlab-web-app-server-on-aws' + ipAddress = requests.get("https://api.ipify.org").text + "/32" parameters = [{'ParameterKey': 'KeyPairName', 'ParameterValue': keypairname}, {'ParameterKey': 'AdminIPAddress', 'ParameterValue': ipAddress}, {'ParameterKey': 'Password', 'ParameterValue': password}, @@ -62,4 +63,4 @@ def main(keypairname, password, ipAddress, location_arg, platform_arg): print("\n\n") if __name__ == '__main__': - main(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5]) + main(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4]) diff --git a/healthcheck/test_webappserver_refarch_existingvpc.py b/healthcheck/test_webappserver_refarch_existingvpc.py index 67cccde..cc31012 100644 --- a/healthcheck/test_webappserver_refarch_existingvpc.py +++ b/healthcheck/test_webappserver_refarch_existingvpc.py @@ -14,10 +14,11 @@ from datetime import date import sys -def main(keypairname, password, ipAddress, location_arg, platform_arg): +def main(keypairname, password, location_arg, platform_arg): # Reference architectures in production. # Deploy a stack for creating VPC with 2 subnets existing_template_url = "https://matlab-web-app-server-templates.s3.amazonaws.com/r2022a_refarch/VPCStack.yml" + ipAddress = requests.get("https://api.ipify.org").text + "/32" vpc_parameters = [{"ParameterKey": "AllowPublicIP", "ParameterValue": "Yes"}] existingstack = deploy.deploy_stack(existing_template_url, vpc_parameters, location_arg, "existingvpc") @@ -88,4 +89,4 @@ def main(keypairname, password, ipAddress, location_arg, platform_arg): if __name__ == '__main__': - main(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5]) + main(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])