[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/14: cdn: Initial commit of Terraform configuration.
From: |
Chris Marusich |
Subject: |
01/14: cdn: Initial commit of Terraform configuration. |
Date: |
Sat, 29 Dec 2018 02:04:53 -0500 (EST) |
marusich pushed a commit to branch master
in repository maintenance.
commit 176631a416d6360f68977cf0a8aa375605d940b9
Author: Chris Marusich <address@hidden>
Date: Wed Dec 26 21:48:35 2018 -0800
cdn: Initial commit of Terraform configuration.
* .gitignore (/cdn/terraform/terraform.tfstate)
(/cdn/terraform/terraform.tfstate.backup, /cdn/terraform/.terraform):
New ignore patterns.
* cdn/README.org: New file.
* cdn/terraform/main.tf: New file.
* cdn/terraform/variables.tf: New file.
---
.gitignore | 3 +
cdn/README.org | 850 +++++++++++++++++++++++++++++++++++++++++++++
cdn/terraform/main.tf | 86 +++++
cdn/terraform/variables.tf | 49 +++
4 files changed, 988 insertions(+)
diff --git a/.gitignore b/.gitignore
index 226f5ac..221c86e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -152,3 +152,6 @@
/talks/jcad-2018/talk.snm
/talks/jcad-2018/talk.toc
/talks/jcad-2018/talk.vrb
+/cdn/terraform/terraform.tfstate
+/cdn/terraform/terraform.tfstate.backup
+/cdn/terraform/.terraform
diff --git a/cdn/README.org b/cdn/README.org
new file mode 100644
index 0000000..ac505e5
--- /dev/null
+++ b/cdn/README.org
@@ -0,0 +1,850 @@
+* Software Environment
+
+The following software versions were used, on a GuixSD system:
+
+Guix: f5d4c46c2c0ccd62f5c5b44a486af4511d395f8f
+(Also known as "v0.16.0-177-gf5d4c46c2" by "git describe")
+
+IceCat: 60.3.0-gnu1
(/gnu/store/4p6nn4sbv1qw196wp55v5sgbhd4cpams-icecat-60.3.0-gnu1)
+
+IceCat plugins installed:
+
+- HTTPS Everywhere 2018.10.31
+- NoScript 10.2.1
+- Privacy Badger 2018.10.3.1
+- GNU LibreJS 7.18.1
+
+IceCat plugins explicitly disabled for the purpose of interacting with
+the AWS website, which breaks when they are enabled:
+
+- NoScript
+- GNU LibreJS
+
+Keepass XC: 2.3.4
+
+Some possibly relevant IceCat about:config details:
+
+network.http.referer.spoofSource;false
+privacy.resistFingerprinting;false
+
+* Create the AWS Account
+
+Website: https://aws.amazon.com/
+
+Click on the "Sign Up" button.
+
+Store the credentials in KeePass.
+
+The website doesn't work when NoScript and LibreJS are enabled. There
+might be a way to selectively enable a minimal set of scripts to allow
+the website to do its job, but I don't know what that set is.
+Instead, I temporarily disabled NoScript and LibreJS for this website
+so that I could get this portion of the job done.
+
+Click the box next to the sentence: "Check here to indicate that you
+have read and agree to the terms of the AWS Customer Agreement" - the
+link goes here:
+
+https://aws.amazon.com/agreement/
+
+Here is a copy of the agreement in full as it appeared on 2018-12-26:
+
+#+BEGIN_QUOTE
+
+
+*If your address is in India, please review the AISPL Customer Agreement,
which governs your access to and use of the Service Offerings.
+
+*Please note that as of July 1, 2018, customers located in Europe, the Middle
East, or Africa contract with our European based AWS Contracting Party, as
provided in Section 14. See the AWS Europe FAQ for more information.
+AWS Customer Agreement
+Last Updated: November 1, 2018
+See What's Changed
+
+This AWS Customer Agreement (this “Agreement”) contains the terms and
conditions that govern your access to and use of the Service Offerings (as
defined below) and is an agreement between the applicable AWS Contracting Party
specified in Section 14 below (also referred to as “AWS,” “we,” “us,” or “our”)
and you or the entity you represent (“you” or “your”). This Agreement takes
effect when you click an “I Accept” button or check box presented with these
terms or, if earlier, when you use [...]
+1. Use of the Service Offerings.
+
+1.1 Generally. You may access and use the Service Offerings in accordance with
this Agreement. Service Level Agreements and Service Terms apply to certain
Service Offerings. You will comply with the terms of this Agreement and all
laws, rules and regulations applicable to your use of the Service Offerings.
+
+1.2 Your Account. To access the Services, you must have an AWS account
associated with a valid email address and a valid form of payment. Unless
explicitly permitted by the Service Terms, you will only create one account per
email address.
+
+1.3 Third-Party Content. Third-Party Content may be used by you at your
election. Third-Party Content is governed by this Agreement and, if applicable,
separate terms and conditions accompanying such Third-Party Content, which
terms and conditions may include separate fees and charges.
+2. Changes.
+
+2.1 To the Service Offerings. We may change or discontinue any or all of the
Service Offerings or change or remove functionality of any or all of the
Service Offerings from time to time. We will notify you of any material change
to or discontinuation of the Service Offerings.
+
+2.2 To the APIs. We may change or discontinue any APIs for the Services from
time to time. For any discontinuation of or material change to an API for a
Service, we will use commercially reasonable efforts to continue supporting the
previous version of such API for 12 months after the change or discontinuation
(except if doing so (a) would pose a security or intellectual property issue,
(b) is economically or technically burdensome, or (c) would cause us to violate
the law or requests of [...]
+
+2.3 To the Service Level Agreements. We may change, discontinue or add Service
Level Agreements from time to time in accordance with Section 12.
+3. Security and Data Privacy.
+
+3.1 AWS Security. Without limiting Section 10 or your obligations under
Section 4.2, we will implement reasonable and appropriate measures designed to
help you secure Your Content against accidental or unlawful loss, access or
disclosure.
+
+3.2 Data Privacy. You may specify the AWS regions in which Your Content will
be stored. You consent to the storage of Your Content in, and transfer of Your
Content into, the AWS regions you select. We will not access or use Your
Content except as necessary to maintain or provide the Service Offerings, or as
necessary to comply with the law or a binding order of a governmental body. We
will not (a) disclose Your Content to any government or third party or (b)
subject to Section 3.3, move [...]
+
+3.3 Service Attributes. To provide billing and administration services, we may
process Service Attributes in the AWS region(s) where you use the Service
Offerings and the AWS regions in the United States. To provide you with support
services initiated by you and investigate fraud, abuse or violations of this
Agreement, we may process Service Attributes where we maintain our support and
investigation personnel.
+4. Your Responsibilities.
+
+4.1 Your Accounts. Except to the extent caused by our breach of this
Agreement, (a) you are responsible for all activities that occur under your
account, regardless of whether the activities are authorized by you or
undertaken by you, your employees or a third party (including your contractors,
agents or End Users), and (b) we and our affiliates are not responsible for
unauthorized access to your account.
+
+4.2 Your Content. You will ensure that Your Content and your and End Users’
use of Your Content or the Service Offerings will not violate any of the
Policies or any applicable law. You are solely responsible for the development,
content, operation, maintenance, and use of Your Content.
+
+4.3 Your Security and Backup. You are responsible for properly configuring and
using the Service Offerings and otherwise taking appropriate action to secure,
protect and backup your accounts and Your Content in a manner that will provide
appropriate security and protection, which might include use of encryption to
protect Your Content from unauthorized access and routinely archiving Your
Content.
+
+4.4 Log-In Credentials and Account Keys. AWS log-in credentials and private
keys generated by the Services are for your internal use only and you will not
sell, transfer or sublicense them to any other entity or person, except that
you may disclose your private key to your agents and subcontractors performing
work on your behalf.
+
+4.5 End Users. You will be deemed to have taken any action that you permit,
assist or facilitate any person or entity to take related to this Agreement,
Your Content or use of the Service Offerings. You are responsible for End
Users’ use of Your Content and the Service Offerings. You will ensure that all
End Users comply with your obligations under this Agreement and that the terms
of your agreement with each End User are consistent with this Agreement. If you
become aware of any violati [...]
+5. Fees and Payment.
+
+5.1 Service Fees. We calculate and bill fees and charges monthly. We may bill
you more frequently for fees accrued if we suspect that your account is
fraudulent or at risk of non-payment. You will pay us the applicable fees and
charges for use of the Service Offerings as described on the AWS Site using one
of the payment methods we support. All amounts payable by you under this
Agreement will be paid to us without setoff or counterclaim, and without any
deduction or withholding. Fees and [...]
+
+5.2 Taxes. Each party will be responsible, as required under applicable law,
for identifying and paying all taxes and other governmental fees and charges
(and any penalties, interest, and other additions thereto) that are imposed on
that party upon or with respect to the transactions and payments under this
Agreement. All fees payable by you are exclusive of Indirect Taxes. We may
charge and you will pay applicable Indirect Taxes that we are legally obligated
or authorized to collect fro [...]
+6. Temporary Suspension.
+
+6.1 Generally. We may suspend your or any End User’s right to access or use
any portion or all of the Service Offerings immediately upon notice to you if
we determine:
+
+(a) your or an End User’s use of the Service Offerings (i) poses a security
risk to the Service Offerings or any third party, (ii) could adversely impact
our systems, the Service Offerings or the systems or Content of any other AWS
customer, (iii) could subject us, our affiliates, or any third party to
liability, or (iv) could be fraudulent;
+
+(b) you are, or any End User is, in breach of this Agreement;
+
+(c) you are in breach of your payment obligations under Section 5; or
+
+(d) you have ceased to operate in the ordinary course, made an assignment for
the benefit of creditors or similar disposition of your assets, or become the
subject of any bankruptcy, reorganization, liquidation, dissolution or similar
proceeding.
+
+6.2 Effect of Suspension. If we suspend your right to access or use any
portion or all of the Service Offerings:
+
+(a) you remain responsible for all fees and charges you incur during the
period of suspension; and
+
+(b) you will not be entitled to any service credits under the Service Level
Agreements for any period of suspension.
+7. Term; Termination.
+
+7.1 Term. The term of this Agreement will commence on the Effective Date and
will remain in effect until terminated under this Section 7. Any notice of
termination of this Agreement by either party to the other must include a
Termination Date that complies with the notice periods in Section 7.2.
+
+7.2 Termination.
+
+(a) Termination for Convenience. You may terminate this Agreement for any
reason by providing us notice and closing your account for all Services for
which we provide an account closing mechanism. We may terminate this Agreement
for any reason by providing you at least 30 days’ advance notice.
+
+(b) Termination for Cause.
+
+(i) By Either Party. Either party may terminate this Agreement for cause if
the other party is in material breach of this Agreement and the material breach
remains uncured for a period of 30 days from receipt of notice by the other
party. No later than the Termination Date, you will close your account.
+
+(ii) By Us. We may also terminate this Agreement immediately upon notice to
you (A) for cause if we have the right to suspend under Section 6, (B) if our
relationship with a third-party partner who provides software or other
technology we use to provide the Service Offerings expires, terminates or
requires us to change the way we provide the software or other technology as
part of the Services, or (C) in order to comply with the law or requests of
governmental entities.
+
+7.3 Effect of Termination.
+
+(a) Generally. Upon the Termination Date:
+
+(i) except as provided in Section 7.3(b), all your rights under this Agreement
immediately terminate;
+
+(ii) you remain responsible for all fees and charges you have incurred through
the Termination Date and are responsible for any fees and charges you incur
during the post-termination period described in Section 7.3(b);
+
+(iii) you will immediately return or, if instructed by us, destroy all AWS
Content in your possession; and
+
+(iv) Sections 4.1, 5, 7.3, 8 (except the license granted to you in Section
8.3), 9, 10, 11, 13 and 14 will continue to apply in accordance with their
terms.
+
+(b) Post-Termination. Unless we terminate your use of the Service Offerings
pursuant to Section 7.2(b), during the 30 days following the Termination Date:
+
+(i) we will not take action to remove from the AWS systems any of Your Content
as a result of the termination; and
+
+(ii) we will allow you to retrieve Your Content from the Services only if you
have paid all amounts due under this Agreement.
+
+For any use of the Services after the Termination Date, the terms of this
Agreement will apply and you will pay the applicable fees at the rates under
Section 5.
+8. Proprietary Rights.
+
+8.1 Your Content. Except as provided in this Section 8, we obtain no rights
under this Agreement from you (or your licensors) to Your Content. You consent
to our use of Your Content to provide the Service Offerings to you and any End
Users.
+
+8.2 Adequate Rights. You represent and warrant to us that: (a) you or your
licensors own all right, title, and interest in and to Your Content and
Suggestions; (b) you have all rights in Your Content and Suggestions necessary
to grant the rights contemplated by this Agreement; and (c) none of Your
Content or End Users’ use of Your Content or the Service Offerings will violate
the Acceptable Use Policy.
+
+8.3 Service Offerings License. We or our licensors own all right, title, and
interest in and to the Service Offerings, and all related technology and
intellectual property rights. Subject to the terms of this Agreement, we grant
you a limited, revocable, non-exclusive, non-sublicensable, non-transferrable
license to do the following: (a) access and use the Services solely in
accordance with this Agreement; and (b) copy and use the AWS Content solely in
connection with your permitted use [...]
+
+8.4 License Restrictions. Neither you nor any End User will use the Service
Offerings in any manner or for any purpose other than as expressly permitted by
this Agreement. Neither you nor any End User will, or will attempt to (a)
modify, distribute, alter, tamper with, repair, or otherwise create derivative
works of any Content included in the Service Offerings (except to the extent
Content included in the Service Offerings is provided to you under a separate
license that expressly permi [...]
+
+8.5 Suggestions. If you provide any Suggestions to us or our affiliates, we
and our affiliates will be entitled to use the Suggestions without restriction.
You hereby irrevocably assign to us all right, title, and interest in and to
the Suggestions and agree to provide us any assistance we require to document,
perfect, and maintain our rights in the Suggestions.
+9. Indemnification.
+
+9.1 General. You will defend, indemnify, and hold harmless us, our affiliates
and licensors, and each of their respective employees, officers, directors, and
representatives from and against any Losses arising out of or relating to any
third-party claim concerning: (a) your or any End Users’ use of the Service
Offerings (including any activities under your AWS account and use by your
employees and personnel); (b) breach of this Agreement or violation of
applicable law by you, End Users o [...]
+
+9.2 Intellectual Property.
+
+(a) Subject to the limitations in this Section 9, AWS will defend you and your
employees, officers, and directors against any third-party claim alleging that
the Services infringe or misappropriate that third party’s intellectual
property rights, and will pay the amount of any adverse final judgment or
settlement.
+
+(b) Subject to the limitations in this Section 9, you will defend AWS, its
affiliates, and their respective employees, officers, and directors against any
third-party claim alleging that any of Your Content infringes or
misappropriates that third party’s intellectual property rights, and will pay
the amount of any adverse final judgment or settlement.
+
+(c) Neither party will have obligations or liability under this Section 9.2
arising from infringement by combinations of the Services or Your Content, as
applicable, with any other product, service, software, data, content or method.
In addition, AWS will have no obligations or liability arising from your or any
End User’s use of the Services after AWS has notified you to discontinue such
use. The remedies provided in this Section 9.2 are the sole and exclusive
remedies for any third-par [...]
+
+(d) For any claim covered by Section 9.2(a), AWS will, at its election,
either: (i) procure the rights to use that portion of the Services alleged to
be infringing; (ii) replace the alleged infringing portion of the Services with
a non-infringing alternative; (iii) modify the alleged infringing portion of
the Services to make it non-infringing; or (iv) terminate the allegedly
infringing portion of the Services or this Agreement.
+
+9.3 Process. The obligations under this Section 9 will apply only if the party
seeking defense or indemnity: (a) gives the other party prompt written notice
of the claim; (b) permits the other party to control the defense and settlement
of the claim; and (c) reasonably cooperates with the other party (at the other
party’s expense) in the defense and settlement of the claim. In no event will a
party agree to any settlement of any claim that involves any commitment, other
than the payment [...]
+10. Disclaimers.
+
+THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” EXCEPT TO THE EXTENT PROHIBITED BY
LAW, OR TO THE EXTENT ANY STATUTORY RIGHTS APPLY THAT CANNOT BE EXCLUDED,
LIMITED OR WAIVED, WE AND OUR AFFILIATES AND LICENSORS (A) MAKE NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY
OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD-PARTY CONTENT, AND
(B) DISCLAIM ALL WARRANTIES, INCLUDING ANY IMPLIED OR EXPRESS WARRANTIES (I) OF
MERCHANTABILITY, SATISFACTORY QUALIT [...]
+11. Limitations of Liability.
+
+WE AND OUR AFFILIATES AND LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING
DAMAGES FOR LOSS OF PROFITS, REVENUES, CUSTOMERS, OPPORTUNITIES, GOODWILL, USE,
OR DATA), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
FURTHER, NEITHER WE NOR ANY OF OUR AFFILIATES OR LICENSORS WILL BE RESPONSIBLE
FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING IN CONNECTION WITH: (A)
YOUR INABILITY TO U [...]
+12. Modifications to the Agreement.
+
+We may modify this Agreement (including any Policies) at any time by posting a
revised version on the AWS Site or by otherwise notifying you in accordance
with Section 13.10; provided, however, that we will provide at least 90 days’
advance notice in accordance with Section 13.10 for adverse changes to any
Service Level Agreement. Subject to the 90 day advance notice requirement with
respect to adverse changes to Service Level Agreements, the modified terms will
become effective upon pos [...]
+13. Miscellaneous.
+
+13.1 Assignment. You will not assign or otherwise transfer this Agreement or
any of your rights and obligations under this Agreement, without our prior
written consent. Any assignment or transfer in violation of this Section 13.1
will be void. We may assign this Agreement without your consent (a) in
connection with a merger, acquisition or sale of all or substantially all of
our assets, or (b) to any Affiliate or as part of a corporate reorganization;
and effective upon such assignment, [...]
+
+13.2 Entire Agreement. This Agreement incorporates the Policies by reference
and is the entire agreement between you and us regarding the subject matter of
this Agreement. This Agreement supersedes all prior or contemporaneous
representations, understandings, agreements, or communications between you and
us, whether written or verbal, regarding the subject matter of this Agreement
(but does not supersede prior commitments to purchase Services such as Amazon
EC2 Reserved Instances). We wi [...]
+
+13.3 Force Majeure. We and our affiliates will not be liable for any delay or
failure to perform any obligation under this Agreement where the delay or
failure results from any cause beyond our reasonable control, including acts of
God, labor disputes or other industrial disturbances, electrical or power
outages, utilities or other telecommunications failures, earthquake, storms or
other elements of nature, blockages, embargoes, riots, acts or orders of
government, acts of terrorism, or war.
+
+13.4 Governing Law. The Governing Laws, without reference to conflict of law
rules, govern this Agreement and any dispute of any sort that might arise
between you and us. The United Nations Convention for the International Sale of
Goods does not apply to this Agreement.
+
+13.5 Disputes. Any dispute or claim relating in any way to your use of the
Service Offerings, or to any products or services sold or distributed by AWS
will be adjudicated in the Governing Courts, and you consent to exclusive
jurisdiction and venue in the Governing Courts; except, if the applicable AWS
Contracting Party is Amazon Web Services, Inc., any such dispute will be
resolved by binding arbitration as provided in this Section 13.5, rather than
in court, except that you may assert [...]
+
+13.6 Trade Compliance. In connection with this Agreement, each party will
comply with all applicable import, re-import, sanctions, anti-boycott, export,
and re-export control laws and regulations, including all such laws and
regulations that apply to a U.S. company, such as the Export Administration
Regulations, the International Traffic in Arms Regulations, and economic
sanctions programs implemented by the Office of Foreign Assets Control. For
clarity, you are solely responsible for co [...]
+
+13.7 Independent Contractors; Non-Exclusive Rights. We and you are independent
contractors, and this Agreement will not be construed to create a partnership,
joint venture, agency, or employment relationship. Neither party, nor any of
their respective affiliates, is an agent of the other for any purpose or has
the authority to bind the other. Both parties reserve the right (a) to develop
or have developed for it products, services, concepts, systems, or techniques
that are similar to or [...]
+
+13.8 Language. All communications and notices made or given pursuant to this
Agreement must be in the English language. If we provide a translation of the
English language version of this Agreement, the English language version of the
Agreement will control if there is any conflict.
+
+13.9 Confidentiality and Publicity. You may use AWS Confidential Information
only in connection with your use of the Service Offerings as permitted under
this Agreement. You will not disclose AWS Confidential Information during the
Term or at any time during the 5-year period following the end of the Term. You
will take all reasonable measures to avoid disclosure, dissemination or
unauthorized use of AWS Confidential Information, including, at a minimum,
those measures you take to protec [...]
+
+13.10 Notice.
+
+(a) To You. We may provide any notice to you under this Agreement by: (i)
posting a notice on the AWS Site; or (ii) sending a message to the email
address then associated with your account. Notices we provide by posting on the
AWS Site will be effective upon posting and notices we provide by email will be
effective when we send the email. It is your responsibility to keep your email
address current. You will be deemed to have received any email sent to the
email address then associated w [...]
+
+(b) To Us. To give us notice under this Agreement, you must contact AWS by
facsimile transmission or personal delivery, overnight courier or registered or
certified mail to the facsimile number or mailing address, as applicable,
listed for the applicable AWS Contracting Party in Section 14 below. We may
update the facsimile number or address for notices to us by posting a notice on
the AWS Site. Notices provided by personal delivery will be effective
immediately. Notices provided by facs [...]
+
+13.11 No Third-Party Beneficiaries. Except as set forth in Section 9, this
Agreement does not create any third-party beneficiary rights in any individual
or entity that is not a party to this Agreement.
+
+13.12 U.S. Government Rights. The Service Offerings are provided to the U.S.
Government as “commercial items,” “commercial computer software,” “commercial
computer software documentation,” and “technical data” with the same rights and
restrictions generally applicable to the Service Offerings. If you are using
the Service Offerings on behalf of the U.S. Government and these terms fail to
meet the U.S. Government’s needs or are inconsistent in any respect with
federal law, you will immedi [...]
+
+13.13 No Waivers. The failure by us to enforce any provision of this Agreement
will not constitute a present or future waiver of such provision nor limit our
right to enforce such provision at a later time. All waivers by us must be in
writing to be effective.
+
+13.14 Severability. If any portion of this Agreement is held to be invalid or
unenforceable, the remaining portions of this Agreement will remain in full
force and effect. Any invalid or unenforceable portions will be interpreted to
effect and intent of the original portion. If such construction is not
possible, the invalid or unenforceable portion will be severed from this
Agreement but the rest of the Agreement will remain in full force and effect.
+14. Definitions.
+
+“Acceptable Use Policy” means the policy located at http://aws.amazon.com/aup
(and any successor or related locations designated by us), as it may be updated
by us from time to time.
+
+“Account Country” is the country associated with your account. If you have
provided a valid tax registration number for your account, then your Account
Country is the country associated with your tax registration. If you have not
provided a valid tax registration, then your Account Country is the country
where your billing address is located, except if your credit card account is
issued in a different country and your contact address is also in that country,
then your Account Country is [...]
+
+“Account Information” means information about you that you provide to us in
connection with the creation or administration of your AWS account. For
example, Account Information includes names, usernames, phone numbers, email
addresses and billing information associated with your AWS account.
+
+“API” means an application program interface.
+
+“AWS Confidential Information” means all nonpublic information disclosed by
us, our affiliates, business partners or our or their respective employees,
contractors or agents that is designated as confidential or that, given the
nature of the information or circumstances surrounding its disclosure,
reasonably should be understood to be confidential. AWS Confidential
Information includes: (a) nonpublic information relating to our or our
affiliates or business partners’ technology, customer [...]
+
+“AWS Content” means Content we or any of our affiliates make available in
connection with the Services or on the AWS Site to allow access to and use of
the Services, including APIs; WSDLs; Documentation; sample code; software
libraries; command line tools; proofs of concept; templates; and other related
technology (including any of the foregoing that are provided by our personnel).
AWS Content does not include the Services or Third-Party Content.
+
+"AWS Contracting Party" means the party identified in the table below, based
on your Account Country. If you change your Account Country to one identified
to a different AWS Contracting Party below, you agree that this Agreement is
then assigned to the new AWS Contracting Party under Section 13.1 without any
further action required by either party.
+
+Account Country
+
+
+AWS Contracting Party
+
+
+Facsimile
+
+
+Mailing Address
+
+Any country within Europe, the Middle East, or Africa ("EMEA")*
+
+
+
+
+Amazon Web Services EMEA SARL
+
+
+352 2789 0057
+ 38 Avenue John F. Kennedy, L-1855, Luxembourg
+
+Any other country that is not in EMEA
+
+
+Amazon Web Services, Inc.
+
+
+206-266-7010
+ 410 Terry Avenue North,
+Seattle, WA 98109-5210
+U.S.A.
+
+*See https://aws.amazon.com/legal/aws-emea-countries for a full list of EMEA
countries.
+
+“AWS Marks” means any trademarks, service marks, service or trade names,
logos, and other designations of AWS and its affiliates that we may make
available to you in connection with this Agreement.
+
+“AWS Site” means http://aws.amazon.com (and any successor or related site
designated by us), as may be updated by us from time to time.
+“Content” means software (including machine images), data, text, audio, video
or images.
+
+“Documentation” means the user guides and admin guides (in each case exclusive
of content referenced via hyperlink) for the Services located at
http://aws.amazon.com/documentation (and any successor or related locations
designated by us), as such user guides and admin guides may be updated by AWS
from time to time.
+
+“End User” means any individual or entity that directly or indirectly through
another user: (a) accesses or uses Your Content; or (b) otherwise accesses or
uses the Service Offerings under your account. The term “End User” does not
include individuals or entities when they are accessing or using the Services
or any Content under their own AWS account, rather than under your account.
+
+"Governing Laws" and “Governing Courts” mean, for each AWS Contracting Party,
the laws and courts set forth in the following table:
+
+AWS Contracting Party
+
+
+Governing Laws
+
+
+Governing Courts
+
+Amazon Web Services EMEA SARL
+
+
+The laws of the Grand Duchy of Luxembourg
+
+
+The courts of the district of Luxembourg City
+
+Amazon Web Services, Inc.
+
+
+The laws of the State of Washington
+
+
+The state or Federal courts in King County, Washington
+
+“Indirect Taxes” means applicable taxes and duties, including, without
limitation, VAT, Service Tax, GST, excise taxes, sales and transactions taxes,
and gross receipts tax.
+
+“Losses” means any claims, damages, losses, liabilities, costs, and expenses
(including reasonable attorneys’ fees).
+
+“Policies” means the Acceptable Use Policy, Privacy Policy, the Site Terms,
the Service Terms, the Trademark Use Guidelines, all restrictions described in
the AWS Content and on the AWS Site, and any other policy or terms referenced
in or incorporated into this Agreement, but does not include whitepapers or
other marketing materials referenced on the AWS Site.
+
+“Privacy Policy” means the privacy policy located at
http://aws.amazon.com/privacy (and any successor or related locations
designated by us), as it may be updated by us from time to time.
+
+“Service” means each of the services made available by us or our affiliates,
including those web services described in the Service Terms. Services do not
include Third-Party Content.
+
+“Service Attributes” means Service usage data related to your account, such as
resource identifiers, metadata tags, security and access roles, rules, usage
policies, permissions, usage statistics and analytics.
+
+“Service Level Agreement” means all service level agreements that we offer
with respect to the Services and post on the AWS Site, as they may be updated
by us from time to time. The service level agreements we offer with respect to
the Services are located at
https://aws.amazon.com/legal/service-level-agreements/ (and any successor or
related locations designated by AWS), as may be updated by AWS from time to
time.
+
+“Service Offerings” means the Services (including associated APIs), the AWS
Content, the AWS Marks, and any other product or service provided by us under
this Agreement. Service Offerings do not include Third-Party Content.
+
+“Service Terms” means the rights and restrictions for particular Services
located at http://aws.amazon.com/serviceterms (and any successor or related
locations designated by us), as may be updated by us from time to time.
+
+“Site Terms” means the terms of use located at http://aws.amazon.com/terms/
(and any successor or related locations designated by us), as may be updated by
us from time to time.
+
+“Suggestions” means all suggested improvements to the Service Offerings that
you provide to us.
+
+“Term” means the term of this Agreement described in Section 7.1.
+
+“Termination Date” means the effective date of termination provided in
accordance with Section 7, in a notice from one party to the other.
+
+“Third-Party Content” means Content made available to you by any third party
on the AWS Site or in conjunction with the Services.
+
+“Trademark Use Guidelines” means the guidelines and trademark license located
at http://aws.amazon.com/trademark-guidelines/ (and any successor or related
locations designated by us), as they may be updated by us from time to time.
+
+“Your Content” means Content that you or any End User transfers to us for
processing, storage or hosting by the Services in connection with your AWS
account and any computational results that you or any End User derive from the
foregoing through their use of the Services. For example, Your Content includes
Content that you or any End User stores in Amazon Simple Storage Service. Your
Content does not include Account Information.
+
+#+END_QUOTE
+
+A telephone number is required to complete the default sign-up
+process. It may be possible to sign up without a phone, but I did not
+try that. AWS displays a number on the website, an automated system
+calls the phone number you provide, you enter the displayed number,
+and then the process is complete.
+
+First things first. To escape the need to run JavaScript in the AWS
+Management Console, let's create the bare minimum IAM resources
+required to get started without the AWS Management console. We'll
+create the following:
+
+User: marusich (a user with an API key)
+Group: Administrators (a group with full access to everything in the account)
+
+* Free Tier
+For first 12 months (from 2018-12-26), this AWS account will have
+access to the "free tier", which gives discounts on some services:
+
+https://aws.amazon.com/free/
+
+Notable parts:
+
+#+BEGIN_QUOTE
+Data Transfer
+
+ 15 GB of data transfer out and 1GB of regional data transfer aggregated
across all AWS services*
+
+Amazon CloudFront
+
+ 50 GB Data Transfer Out, 2,000,000 HTTP and HTTPS Requests of Amazon
CloudFront*
+#+END_QUOTE
+
+* Privacy Policy
+AWS has a privacy policy:
+
+https://aws.amazon.com/privacy/
+
+Here is the contents, as of 2018-12-26:
+
+#+BEGIN_QUOTE
+ Privacy Notice
+Last Updated: November 1, 2018
+
+This Privacy Notice describes how we collect and use your personal information
in relation to AWS websites, applications, products, services, events, and
experiences that reference this Privacy Notice (together, “AWS Offerings”).
+
+This Privacy Notice does not apply to the “content” processed, stored, or
hosted by our customers using AWS Offerings in connection with an AWS account.
See the agreement governing your access to your AWS account and the AWS Data
Privacy FAQ for more information about how we handle content and how our
customers can control their content through AWS Offerings. This Privacy Notice
also does not apply to any products, services, websites, or content that are
offered by third parties or have [...]
+
+ Personal Information We Collect
+ How We Use Personal Information
+ Cookies
+ How We Share Personal Information
+ Location of Personal Information
+ How We Secure Information
+ Internet Advertising and Third Parties
+ Access and Choice
+ Children’s Personal Information
+ Retention of Personal Information
+ Contacts, Notices, and Revisions
+ EU-US and Swiss-US Privacy Shield
+ Additional Information for Certain Jurisdictions
+ Examples of Information Collected
+
+Personal Information We Collect
+
+We collect your personal information in the course of providing AWS Offerings
to you.
+
+Here are the types of information we gather:
+
+ Information You Give Us: We collect any information you provide in
relation to AWS Offerings. Click here to see examples of information you give
us.
+ Automatic Information: We automatically collect certain types of
information when you interact with AWS Offerings. Click here to see examples of
information we collect automatically.
+ Information from Other Sources: We might collect information about you
from other sources, including service providers, partners, and publicly
available sources. Click here to see examples of information we collect from
other sources.
+
+How We Use Personal Information
+
+We use your personal information to operate, provide, and improve AWS
Offerings. Our purposes for using personal information include:
+
+ Provide AWS Offerings: We use your personal information to provide and
deliver AWS Offerings and process transactions related to AWS Offerings,
including registrations, subscriptions, purchases, and payments.
+ Measure, Support, and Improve AWS Offerings: We use your personal
information to measure use of, analyze performance of, fix errors in, provide
support for, improve, and develop AWS Offerings.
+ Recommendations and Personalization: We use your personal information to
recommend AWS Offerings that might be of interest to you, identify your
preferences, and personalize your experience with AWS Offerings.
+ Comply with Legal Obligations: In certain cases, we have a legal
obligation to collect, use, or retain your personal information. For example,
we collect bank account information from AWS Marketplace sellers for identity
verification.
+ Communicate with You: We use your personal information to communicate with
you in relation to AWS Offerings via different channels (e.g., by phone, email,
chat) and to respond to your requests.
+ Marketing: We use your personal information to market and promote AWS
Offerings. We might display interest-based ads for AWS Offerings. To learn
more, please read our Interest-Based Ads notice.
+ Fraud and Abuse Prevention and Credit Risks: We use your personal
information to prevent and detect fraud and abuse in order to protect the
security of our customers, AWS, and others. We may also use scoring methods to
assess and manage credit risks.
+ Purposes for Which We Seek Your Consent: We may also ask for your consent
to use your personal information for a specific purpose that we communicate to
you.
+
+Cookies
+
+To enable our systems to recognize your browser or device and to provide AWS
Offerings to you, we use cookies. For more information about cookies and how we
use them, please read our Cookies Notice.
+How We Share Personal Information
+
+Information about our customers is an important part of our business and we
are not in the business of selling our customers’ personal information to
others. We share personal information only as described below and with
Amazon.com, Inc. and the subsidiaries that Amazon.com, Inc. controls that are
either subject to this Privacy Notice or follow practices at least as
protective as those described in this Privacy Notice.
+
+ Transactions Involving Third Parties: We make available to you services,
software, and content provided by third parties for use on or through AWS
Offerings. You can tell when a third party is involved in your transactions,
and we share information related to those transactions with that third party.
For example, you can order services, software, and content from sellers using
the AWS Marketplace and we provide those sellers information to facilitate your
subscription, purchases, or [...]
+ Third-Party Service Providers: We employ other companies and individuals
to perform functions on our behalf. Examples include: delivering AWS hardware,
sending communications, processing payments, assessing credit and compliance
risks, analyzing data, providing marketing and sales assistance (including
advertising and event management), conducting customer relationship management,
and providing training. These third party service providers have access to
personal information needed t [...]
+ Business Transfers: As we continue to develop our business, we might sell
or buy businesses or services. In such transactions, personal information
generally is one of the transferred business assets but remains subject to the
promises made in any pre-existing Privacy Notice (unless, of course, the
individual consents otherwise). Also, in the unlikely event that AWS or
substantially all of its assets are acquired, your information will of course
be one of the transferred assets.
+ Protection of Us and Others: We release account and other personal
information when we believe release is appropriate to comply with the law,
enforce or apply our terms and other agreements, or protect the rights,
property, or security of AWS, our customers, or others. This includes
exchanging information with other companies and organizations for fraud
prevention and detection and credit risk reduction.
+ At Your Option: Other than as set out above, you will receive notice when
personal information about you might be shared with third parties, and you will
have an opportunity to choose not to share the information.
+
+Location of Personal Information
+
+Amazon Web Services, Inc. is located in the United States, and our affiliated
companies are located throughout the world. Depending on the scope of your
interactions with AWS Offerings, your personal information may be stored in or
accessed from multiple countries, including the United States. Whenever we
transfer personal information to other jurisdictions, we will ensure that the
information is transferred in accordance with this Privacy Notice and as
permitted by applicable data prote [...]
+How We Secure Information
+
+At AWS, security is our highest priority. We design our systems with your
security and privacy in mind.
+
+ We maintain a wide variety of compliance programs that validate our
security controls. Click here to learn more about our compliance programs.
+ We protect the security of your information during transmission to or from
AWS websites, applications, products, or services by using encryption protocols
and software.
+ We follow the Payment Card Industry Data Security Standard (PCI DSS) when
handling credit card data.
+ We maintain physical, electronic, and procedural safeguards in connection
with the collection, storage, and disclosure of personal information. Our
security procedures mean that we may request proof of identity before we
disclose personal information to you.
+
+Internet Advertising and Third Parties
+
+AWS Offerings may include third-party advertising and links to other websites
and applications. Third party advertising partners may collect information
about you when you interact with their content, advertising, or services. For
more information about third-party advertising, including interest-based ads,
please read our Interest-Based Ads notice.
+Access and Choice
+
+You can view, update, and delete certain information about your account and
your interactions with AWS Offerings. Click here for a list of examples of
information that you can access. If you cannot access or update your
information yourself, you can always contact us for assistance.
+
+You have choices about the collection and use of your personal information.
Many AWS Offerings include settings that provide you with options as to how
your information is being used. You can choose not to provide certain
information, but then you might not be able to take advantage of certain AWS
Offerings.
+
+ Account Information: If you want to add, update, or delete information
related to your account, please go to the AWS Management Console. When you
update or delete any information, we usually keep a copy of the prior version
for our records.
+ Communications: If you do not want to receive promotional messages from
us, please unsubscribe or adjust your communication preferences in the AWS
Management Console or the AWS Email Preference Center. If you do not want to
receive in-app notifications from us, please adjust your notification settings
in the app or your device.
+ Advertising: If you don’t want to see interest-based ads, please adjust
your Advertising Preferences.
+ Browser and Devices: The Help feature on most browsers and devices will
tell you how to prevent your browser or device from accepting new cookies, how
to have the browser notify you when you receive a new cookie, or how to disable
cookies altogether.
+ Sellers and Amazon Partners: Sellers and Amazon Partner Network members
can add, update, or delete information in the AWS Marketplace and APN Partner
Central, respectively.
+
+Children’s Personal Information
+
+We don’t provide AWS Offerings for purchase by children. If you’re under 18,
you may use AWS Offerings only with the involvement of a parent or guardian.
+Retention of Personal Information
+
+We keep your personal information to enable your continued use of AWS
Offerings, for as long as it is required in order to fulfill the relevant
purposes described in this Privacy Notice, as may be required by law (including
for tax and accounting purposes), or as otherwise communicated to you. How long
we retain specific personal information varies depending on the purpose for its
use, and we will delete your personal information in accordance with applicable
law.
+Contacts, Notices, and Revisions
+
+If you have any concern about privacy at AWS or want to contact one of our
data controllers, please contact us with a thorough description, and we will
try to resolve it. You may also contact us at the addresses below:
+
+ For any prospective or current customers of Amazon Web Services, Inc., our
mailing address is: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle,
WA 98109-5210, ATTN: AWS Legal
+ For any prospective or current customers of Amazon Web Services EMEA SARL,
our mailing address is: Amazon Web Services EMEA SARL, 38 Avenue John F.
Kennedy, L-1855, Luxembourg, ATTN: AWS EMEA Legal
+ For any prospective or current customers of Amazon Internet Services
Private Limited, our mailing address is: Amazon Internet Services Private
Limited, Ground Floor, Eros Corporate Towers, Nehru Place, New Delhi, 110 019,
India, ATTN: AISPL Legal
+
+If you interact with AWS Offerings on behalf of or through your organization,
then your personal information may also be subject to your organization’s
privacy practices, and you should direct privacy inquiries to your organization.
+
+Our business changes constantly, and our Privacy Notice may also change. You
should check our website frequently to see recent changes. You can see the date
on which the latest version of this Privacy Notice was posted. Unless stated
otherwise, our current Privacy Notice applies to all personal information we
have about you and your account. We stand behind the promises we make, however,
and will never materially change our policies and practices to make them less
protective of personal [...]
+EU-US and Swiss-US Privacy Shield
+
+Amazon Web Services, Inc. participates in the EU-US and Swiss-US Privacy
Shield frameworks. Click here to learn more.
+Additional Information for Certain Jurisdictions
+
+We provide additional information about the privacy, collection, and use of
personal information of prospective and current customers of AWS Offerings
located in certain jurisdictions.
+
+For any prospective or current customers of AWS Offerings in Canada:
+
+Your Rights. Subject to applicable law, you have the right to:
+
+ ask whether we hold personal information about you and request copies of
such personal information and information about how it is processed;
+ request that inaccurate personal information is corrected;
+ request deletion of personal information that is no longer necessary for
the purposes underlying the processing, processed based on withdrawn consent,
or processed in non-compliance with applicable legal requirements; and
+ lodge a complaint with us regarding our practices related to your personal
information.
+
+You can exercise your rights of access, rectification, erasure, restriction,
or complaint by contacting us. If you wish to do any of these things and you
are an AWS customer, please contact us. If you are not an AWS customer, please
contact us at the address stated under Notice and Revisions above.
+
+For any prospective or current customers of AWS Offerings in the European
Economic Area (EEA):
+
+Controller of Personal Information. Amazon Web Services EMEA SARL, 5 rue
Plaetis, L-2338 Luxembourg, is the data controller of personal information
collected or processed through AWS Offerings. Amazon Web Services EMEA SARL, is
the authorized representative of Amazon Web Services, Inc. in the EEA.
+
+Processing. We process your personal information on one or more of the
following legal bases:
+
+ as necessary to enter into a contract with you or a legal entity you
represent, to perform our contractual obligations, to provide AWS Offerings, to
respond to requests from you, or to provide customer support;
+ where we have a legitimate interest, as described in this Privacy Notice
(see How We Use Personal Information above);
+ as necessary to comply with relevant law and legal obligations, including
to
+ respond to lawful requests and orders; or
+ with your consent.
+
+Your Rights. Subject to applicable law, you have the right to:
+
+ ask whether we hold personal information about you and request copies of
such personal information and information about how it is processed;
+ request that inaccurate personal information is corrected;
+ request deletion of personal information that is no longer necessary for
the purposes underlying the processing, processed based on withdrawn consent,
or processed in non-compliance with applicable legal requirements;
+ request us to restrict the processing of personal information where the
processing is inappropriate;
+ object to the processing of personal data;
+ request portability of personal information that you have provided to us
(which does not include information derived from the collected information),
where the processing of such personal information is based on consent or a
contract with you and is carried out by automated means; and
+ lodge a complaint with our principal supervisory authority, the Commission
Nationale pour la Protection des Données in Luxembourg www.cnpd.lu, or with a
local authority.
+
+You can exercise your rights of access, rectification, erasure, restriction,
objection, and data portability by contacting us. If you wish to do any of
these things and you are an AWS customer, please contact us. If you are not an
AWS customer, please contact us at the address under Notice and Revisions above.
+
+When you consent to our processing your personal information for a specified
purpose, you may withdraw your consent at any time, and we will stop any
further processing of your data for that purpose.
+
+Cookies. Please refer to our Cookies Notice.
+
+Transfers outside of the EEA. When we transfer your personal information
outside the EEA we do so in accordance with the terms of this Privacy Notice
and applicable data protection law. This may include the transfer of data in
accordance with the EU-US and Swiss-US Privacy Shield frameworks (for transfers
to the US) or pursuant to data transfer agreements that incorporate the
Standard Contractual Clauses approved by the EU Commission.
+
+For any prospective or current customers of AWS Offerings in Japan:
+
+Any personal information provided to or gathered by Amazon Web Services Japan
K.K. is controlled primarily by Amazon Web Services Japan K.K. Any personal
information collected by Amazon Web Services, Inc. is controlled primarily by
Amazon Web Services, Inc. We use information in accordance with this Privacy
Notice jointly with our domestic and foreign subsidiaries of Amazon.com, Inc.,
including Amazon Web Services, Inc., Amazon Web Services Japan K.K., Amazon Web
Services EMEA SARL, and [...]
+
+ For any prospective or current customers of AWS Offerings in South Korea:
+
+ AWS has contracts in place with the following third party service
provider(s) to perform functions on behalf of AWS in Korea, and they may have
access to your personal information as needed to perform their functions
described below:
+
+ Name of Party
+
+
+ Description of Function
+
+ Marketo
+
+
+ Customer communications
+
+ Salesforce
+
+
+ Customer relationship management
+
+ PaymentTech
+
+
+ Payment instrument processing
+
+ When deleting personal information, AWS will take standard commercially
reasonable measures to make the personal information practically irrecoverable
or irreproducible. The specific manner of deletion will depend on the
information being deleted, how the information was collected and stored, and
your interactions with us. Electronic documents or files containing personal
information will be deleted using a technical method that makes recovery or
retrieval of such information practic [...]
+
+ If you have any privacy questions or requests please contact:
+
+ AWS Korea Privacy
+ Email: address@hidden
+
+Examples of Information Collected
+Information You Give Us
+
+You provide information to us when you:
+
+ search for, subscribe to, or purchase AWS Offerings;
+ create or administer your AWS account (and you might have more than one
account if you have used more than one email address when using AWS Offerings);
+ configure your settings for, provide data access permissions for, or
otherwise interact with AWS Offerings;
+ register for or attend an AWS event;
+ purchase or use content, products, or services from third-party providers
through the AWS Marketplace (or other similar venues operated or provided by
us);
+ offer your content, products, or services on or through AWS Offerings or
the AWS Marketplace (or other similar venues operated or provided by us);
+ communicate with us by phone, email, or otherwise;
+ complete a questionnaire, a support ticket, or other information request
forms;
+ post on AWS websites or participate in community features; and
+ employ notification services.
+
+Depending on your use of AWS Offerings, you might supply us with such
information as:
+
+ your name, email address, physical address, phone number, and other
similar contact information;
+ payment information, including credit card and bank account information;
+ information about your location;
+ information about your organization and your contacts, such as colleagues
or people within your organization;
+ usernames, aliases, roles, and other authentication and security
credential information;
+ content of feedback, testimonials, inquiries, support tickets, and any
phone conversations, chat sessions and emails with or to us;
+ your image (still, video, and in some cases 3-D), voice, and other
identifiers that are personal to you when you attend an AWS event or use
certain AWS Offerings;
+ information regarding identity, including government-issued identification
information;
+ corporate and financial information; and
+ VAT numbers and other tax identifiers.
+
+Automatic Information
+
+We collect information automatically when you:
+
+ visit, interact with, or use AWS Offerings (including when you use your
computer or other device to interact with AWS Offerings);
+ download content from us;
+ open emails or click on links in emails from us; and
+ interact or communicate with us (such as when you attend an AWS event or
when you request customer support).
+
+Examples of the information we automatically collect include:
+
+ network and connection information, such as the Internet protocol (IP)
address used to connect your computer or other device to the Internet and
information about your Internet service provider;
+ computer and device information, such as device, application, or browser
type and version, browser plug-in type and version, operating system, or time
zone setting;
+ the location of your device or computer;
+ authentication and security credential information;
+ content interaction information, such as content downloads, streams, and
playback details, including duration and number of simultaneous streams and
downloads;
+ AWS Offerings metrics, such as offering usage, occurrences of technical
errors, diagnostic reports, your settings preferences, backup information, API
calls, and other logs;
+ the full Uniform Resource Locators (URL) clickstream to, through, and from
our website (including date and time) and AWS Offerings, content you viewed or
searched for, page response times, download errors, and page interaction
information (such as scrolling, clicks, and mouse-overs);
+ email addresses and phone numbers used to contact us; and
+ identifiers and information contained in cookies (see our Cookies Notice).
+
+Information from Other Sources
+
+Examples of information we receive from other sources include:
+
+ marketing, sales generation, and recruitment information, including your
name, email address, physical address, phone number, and other similar contact
information;
+ subscription, purchase, support, or other information about your
interactions with products and services offered by us, our affiliates (such as
AWS training courses), or third parties (such as products offered through the
AWS Marketplace) in relation to AWS Offerings;
+ search results and links, including paid listings (such as Sponsored
Links); and
+ credit history information from credit bureaus.
+
+Information You Can Access
+
+Examples of information you can access through AWS Offerings include:
+
+ your name, email address, physical address, phone number, and other
similar contact information;
+ usernames, aliases, roles, and other authentication and security
credential information;
+ your subscription, purchase, usage, billing, and payment history;
+ payment settings, such as payment instrument information and billing
preferences;
+ tax information;
+ email communication and notification settings; and
+ if you participate in the AWS Marketplace or Amazon Partner Network (or
other similar venues operated or provided by us), your account, your status,
subscriptions, and other information.
+
+Customers can access the information above through AWS Offerings, such as the
AWS Management Console (including the My Account, Billing Dashboard, Bills,
Payment Methods, Payment History, Preferences and Tax Settings pages), the AWS
Email Preference Center, AWS Marketplace, and APN Partner Central.
+
+#+END_QUOTE
+
+* Get Terraform
+No Guix package yet. But it's free software, so that's good.
+
+https://www.terraform.io
+
+
+* Initial manual bootstrap
+Create a user named safe-to-delete-admin and attach an IAM policy to
+it that lets it do anything. We'll delete this in a little bit.
+
+Put the credentials in ~/.aws/credentials, like this: You must set up
+an AWS Credentials file a profile of the same name (i.e., "guix").
+For example, put this in your ~/.aws/credentials:
+
+#+BEGIN_EXAMPLE
+[guix]
+aws_access_key_id=ACCESS_KEY_ID
+aws_secret_access_key=SECRET_ACCESS_KEY
+#+END_EXAMPLE
+
+See:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
+
+That documentation AWS CLI documentation, but the same ideas apply
+generally to other AWS SDKs and tools.
+
+Now, run "terraform init" in the directory containing the file
+"main.tf", and Terraform will download the AWS provider if you don't
+already have it.
+
+Then run "terraform plan", and you should see something like this:
+
+#+BEGIN_EXAMPLE
+[0] address@hidden:~/maintenance/cdn/terraform
+$ AWS_DEFAULT_REGION=us-west-2 ~/Downloads/terraform plan
+Refreshing Terraform state in-memory prior to plan...
+The refreshed state will be used to calculate this plan, but will not be
+persisted to local or remote state storage.
+
+
+------------------------------------------------------------------------
+
+An execution plan has been generated and is shown below.
+Resource actions are indicated with the following symbols:
+ + create
+
+Terraform will perform the following actions:
+
+ + aws_iam_access_key.marusich-access-key-1
+ id: <computed>
+ encrypted_secret: <computed>
+ key_fingerprint: <computed>
+ pgp_key:
"mQINBFbG5HgBEADaV9vv/cNeWZ4QFubNU1o34aZ/l9oQI4b8/FNKgTt2MWgqNEPMM041EGZZNfbg\nD+RiQy5jHsa/73znXuvji/px8XI2PrTNBJQcZjVJxUlj/gvGoE/UPgUePV2abOetaV5Y/Op5KUGE\nmFL8NJuR7MLbg00J9DVQKH7gv45wWqx2+F8YYSG9aK+MqEea32cfyvtrKwH47aMIQP8xg6pKuSNZ\ns24Hc1x4JqSkbI/HfIja2No+ELIRLcSIhn1h3dn5DqjVVn80xTJJXlBCMe3x7EF5YPi8C5Nq35YY\ni/MBV1o/Pi0ZgKhqXhMBr580e+QdZw2SFfoXsbdVcrkhzy5bPmd/pKltvT4QfcCaGMgNLhZ8/4VR\n8r59l2dHV5OfeldzEy2vwi16gfmdcS4C9f2II5/B8oHnosvlXgWfCt4n0Y4hJJ6dHEHGegRD59vG
[...]
+ secret: <computed>
+ ses_smtp_password: <computed>
+ status: <computed>
+ user: "marusich"
+
+ + aws_iam_group.administrators
+ id: <computed>
+ arn: <computed>
+ name: "administrators"
+ path: "/"
+ unique_id: <computed>
+
+ + aws_iam_group_membership.administrators-membership
+ id: <computed>
+ group: "administrators"
+ name: "administrators-membership"
+ users.#: "1"
+ users.1205911796: "marusich"
+
+ + aws_iam_group_policy_attachment.administrators-policy-attachment
+ id: <computed>
+ group: "administrators"
+ policy_arn: "arn:aws:iam::aws:policy/AdministratorAccess"
+
+ + aws_iam_user.marusich
+ id: <computed>
+ arn: <computed>
+ force_destroy: "false"
+ name: "marusich"
+ path: "/"
+ unique_id: <computed>
+
+
+Plan: 5 to add, 0 to change, 0 to destroy.
+
+------------------------------------------------------------------------
+
+Note: You didn't specify an "-out" parameter to save this plan, so Terraform
+can't guarantee that exactly these actions will be performed if
+"terraform apply" is subsequently run.
+
+[0] address@hidden:~/maintenance/cdn/terraform
+$
+
+#+END_EXAMPLE
+
+Note: you have to specify AWS_DEFAULT_REGION or Terraform will ask you
+to enter a region manually, due to this bug:
+https://github.com/terraform-providers/terraform-provider-aws/issues/1767
+
+Cool. Let's try creating it by running "terraform apply":
+
+* Process
+
+- terraform init: to set things up and install the AWS provider if you
+ don't have it already.
+- terraform apply: to show the actions Terraform will take, and then
+ take them if you say "yes" at the prompt.
+- terraform show: to display information about the state. In
+ particular, this prints out information such as the output from the
+ last run, which can be useful.
+
+* Configuration strucure
+There can be multiple files (*.tf, *.tfvars), or just one file. Name
+doesn't matter, as long as it ends in .tf or .tfvars. We could
+probably move our "variables.tf" into some kind of "variables.tfvars"
+file, but I haven't thought very much about the structure beyond that.
+It works, so that's good for now.
+
+Configuration files can contain things like this:
+
+- provider(s)
+- resource(s)
+- module(s)
+- variable(s)
+- output(s)
+
+For now, we have a file called "main.tf" that describes all the
+Terraform-managed resources, and another file named "variables.tf"
+that contains variables that are referenced by resources in "main.tf".
+
+See:
+https://learn.hashicorp.com/terraform/getting-started/variables
+"Note: that the file can be named anything, since Terraform loads all
+files ending in .tf in a directory. "
+* Problems
+
+** Downloads prebuilt binaries
+https://learn.hashicorp.com/terraform/getting-started/build
+By default, "terraform init" downloads and installs "plugin" binaries.
+It would be better if they were packaged individually in Guix.
+
+** Needs to keep track of some state
+https://learn.hashicorp.com/terraform/getting-started/build
+
+"Terraform also wrote some data into the terraform.tfstate file. This
+state file is extremely important; it keeps track of the IDs of
+created resources so that Terraform knows what it is managing. This
+file must be saved and distributed to anyone who might run
+Terraform. It is generally recommended to setup remote state when
+working with Terraform, to share the state automatically, but this is
+not necessary for simple situations like this Getting Started guide."
+
+consider using s3 backend for remote state
+https://www.terraform.io/docs/backends/
+https://www.terraform.io/docs/state/remote.html
+
+** terraform registry
+a collection of 'modules':
+https://registry.terraform.io/
+
+* getting started guide
+A good, brief intro to all main concepts.
+https://learn.hashicorp.com/terraform/getting-started/install
+
+This how-to guide is much better for newcomers than trying to read the
+reference documentation (e.g., for the configuration file syntax)
+first.
+
+* acm specific resources
+https://www.terraform.io/docs/providers/aws/d/acm_certificate.html
+https://www.terraform.io/docs/providers/aws/r/acm_certificate_validation.html
+* cloudfront specific resources
+
+https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html
+* IAM Login URL
+Log into this URL with your IAM user name and password:
+https://354378008360.signin.aws.amazon.com/console
+
+Alternatively, you can use this friendlier URL:
+
+https://guix.signin.aws.amazon.com/console
+
+* How to import keys without all the signatures
+In most cases, a person's public PGP key has many signatures. These
+aren't necessary for encrypting the AWS Access Key and password
+mentioned above. All we need is the public key, not the signatures.
+The presence of the signatures makes the variables.tf file very large.
+We can prune down the exported public key for someone by doing this,
+for example for someone named "marusich":
+
+Use this function:
+
+#+BEGIN_EXAMPLE
+strip_sigs() {
+ local owner="$1"
+ local temphome="$(mktemp -d)"
+ gpg --export "$owner" | GNUPGHOME="$temphome" gpg --import
--import-options='import-clean'
+ GNUPGHOME="$temphome" gpg --export "$owner" | base64
+}
+#+END_EXAMPLE
+
+Use it like this:
+
+#+BEGIN_EXAMPLE
+strip_sigs address@hidden
+#+END_EXAMPLE
+
+You can then copy the output into new entry in the variables.tf file.
+It will be significantly smaller than if we hadn't cleaned up all the
+signatures.
diff --git a/cdn/terraform/main.tf b/cdn/terraform/main.tf
new file mode 100644
index 0000000..05948a1
--- /dev/null
+++ b/cdn/terraform/main.tf
@@ -0,0 +1,86 @@
+# See: https://www.terraform.io/docs/providers/aws
+
+provider "aws" {
+ # You must set up an AWS Credentials file a profile of the same name
+ # (i.e., "guix"). For example, put this in your ~/.aws/credentials:
+ #
+ # [guix]
+ # aws_access_key_id=ACCESS_KEY_ID
+ # aws_secret_access_key=SECRET_ACCESS_KEY
+ #
+ # See:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
+ # That documentation AWS CLI documentation, but the same ideas apply
+ # generally to other AWS SDKs and tools.
+ profile = "guix"
+}
+
+# A friendly name for our account - this is displayed in various
+# places, such as the AWS Management Console.
+resource "aws_iam_account_alias" "alias" {
+ account_alias = "guix"
+}
+
+# Encourage good password hygiene.
+resource "aws_iam_account_password_policy" "strict" {
+ minimum_password_length = 20
+ require_lowercase_characters = true
+ require_numbers = true
+ require_uppercase_characters = true
+ require_symbols = true
+ allow_users_to_change_password = true
+ password_reuse_prevention = 1
+}
+
+# The administrators group.
+
+resource "aws_iam_group" "administrators" {
+ name = "administrators"
+}
+resource "aws_iam_group_policy_attachment" "administrators-policy-attachment" {
+ group = "${aws_iam_group.administrators.name}"
+ # This is a "managed policy". See:
+ #
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator
+ policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
+}
+resource "aws_iam_group_membership" "administrators-membership" {
+ name = "administrators-membership"
+ users = [
+ "${aws_iam_user.marusich.name}",
+ ]
+ group = "${aws_iam_group.administrators.name}"
+}
+
+# The administrators themselves.
+
+# Note that if we don't set force_destroy to true, then Terraform
+# might fail to delete the user when we remove it: See:
+# https://github.com/hashicorp/terraform/issues/8621
+
+# Chris Marusich <address@hidden>
+
+resource "aws_iam_user" "marusich" {
+ name = "marusich"
+ force_destroy = true
+}
+resource "aws_iam_access_key" "marusich-access-key-1" {
+ user = "${aws_iam_user.marusich.name}"
+ pgp_key = "${var.pgp_key_marusich}"
+}
+resource "aws_iam_user_login_profile" "marusich-login-profile" {
+ user = "${aws_iam_user.marusich.name}"
+ pgp_key = "${var.pgp_key_marusich}"
+}
+
+output "marusich-name" {
+ value = "${aws_iam_user.marusich.name}"
+}
+output "marusich-password" {
+ value =
"${aws_iam_user_login_profile.marusich-login-profile.encrypted_password}"
+}
+output "marusich-access-key-1-id" {
+ value = "${aws_iam_access_key.marusich-access-key-1.id}"
+}
+output "marusich-access-key-1-secret" {
+ value = "${aws_iam_access_key.marusich-access-key-1.encrypted_secret}"
+}
+
diff --git a/cdn/terraform/variables.tf b/cdn/terraform/variables.tf
new file mode 100644
index 0000000..e7bd64a
--- /dev/null
+++ b/cdn/terraform/variables.tf
@@ -0,0 +1,49 @@
+# These keys are base-64 encoded, and their signatures have been
+# removed, since we only need to encrypt. See the README.org file for
+# details ("How to import keys without all the signatures").
+
+variable "pgp_key_marusich" {
+ type = "string"
+ description = "Public PGP key for Chris Marusich <address@hidden>"
+ default = <<EOF
+mQINBFbG5HgBEADaV9vv/cNeWZ4QFubNU1o34aZ/l9oQI4b8/FNKgTt2MWgqNEPMM041EGZZNfbg
+D+RiQy5jHsa/73znXuvji/px8XI2PrTNBJQcZjVJxUlj/gvGoE/UPgUePV2abOetaV5Y/Op5KUGE
+mFL8NJuR7MLbg00J9DVQKH7gv45wWqx2+F8YYSG9aK+MqEea32cfyvtrKwH47aMIQP8xg6pKuSNZ
+s24Hc1x4JqSkbI/HfIja2No+ELIRLcSIhn1h3dn5DqjVVn80xTJJXlBCMe3x7EF5YPi8C5Nq35YY
+i/MBV1o/Pi0ZgKhqXhMBr580e+QdZw2SFfoXsbdVcrkhzy5bPmd/pKltvT4QfcCaGMgNLhZ8/4VR
+8r59l2dHV5OfeldzEy2vwi16gfmdcS4C9f2II5/B8oHnosvlXgWfCt4n0Y4hJJ6dHEHGegRD59vG
+qD4BJd2laxKCEbFuyiyp47mhKv76OTPMo0StY0XzLbFRMr3WlPqADgOH02o5XQhgkT9JzErJi8gF
+wNcM47QuGPiVxb3efRXe7TWXygfYorRAJJie3Gqf17hkVFy7Ao4I9OGIOb76SgHaRyFv5hDpBzW9
+Ok9JwhEVUvjSeekgeS+umHeDIVTdI28852O3T7rEHh23QHS8cGvCPppHedWOZSHimfboVAUCC6XI
+tj2L/9EYpQajcwARAQABtCVDaHJpcyBNYXJ1c2ljaCA8Y21tYXJ1c2ljaEBnbWFpbC5jb20+iQI9
+BBMBCAAnBQJWxuR4AhsDBQkJZgGABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEN1AmhXYIkad
+U+EP/2KNU87Y7pCoycoM1qDc/xRyoSKiunCIURJ78fyC1Xc0LuyGrHuVmk5l8EgaT/2jBexk9DLu
+XX5JzPFvdm1r4MQfFTARAMHwPvFTzFcTh4763wKj8E1+HA4Z5upLXI9UDyyfKKOuBSN0qbdtYdEW
+M3pO4GCaFNmAF3iMJG6wibMAHKczmJERqdrW4eJiRuD71mrHB2CodrZ6fcUizlQXdtz6vZ0uZTU9
+zWVVD3gFrHGuGUjp+0hwX+dxFi0lQDCGQurQZPVmo1Ebx+5Vy3eXWziJX0ok7glFeASvmPatELP3
+Mgsg2CNcdP628sJ+73Pg7C+fF2mMFSMmBGYx3Un1we2VVo7rrz56DB+5XSlzKvNpBaJcMBH5MfUp
+wWuwIuBtsjW/bXnmltkW9kuW/0iNyrzqy9Nb/BxPZg5mnAgv5Ynpn+xD24QbvZkhXYK59OVM0ZRT
+QftBkOyfIxy3KYscchwaSEy14iHHHClXl6XqQNGAJBuXQjd6ppYPprTZQPqdFKdnX7RtrjyevdRg
+PdQoyLEM0tNe995hyhhVh32N7OEOUjYv6keaBvKm8us663b8gYw9gM+xxEOUIHT4QOULYzzOZMFM
+heEIpmJhB1bMFwXDRP1ObtAcPFMyY8At29nq6xIlUISKxGhlvicEFSp/ERJXOSejjZpIZotGkiyC
+/ttyuQINBFbG5HgBEACs/ZdQma/opgWI0tZRJ4CxZfrVYgDciL5LYVdHxNUTTurB5oym9cRPl0qR
+BvDbByaLRuLGnSRlUgml7UqxeQr+5qM5WCLd+60x/pNCA3o9/xy+OO8bhXdbAi0Chuh+PoYxDmLm
+n2NCjRKuvbyj/nMexMXtezh7mCTaR2s/YLKWQ91ejLy7MzLYXgc0s6ZlRnOJwzHa4nevkUkyZd00
+83jQZKmeM63mj5flnkRDXlk7Td2O0pfbpQuH9lAhFvRMJEXfYgWvLmsUe0w1+wfrfIiD1AISLxNS
+KK8LaZW3hi9mKoEw78n638v9wpoj2bu9LqH6r/hjBCD/gXej+yPcYN1oksL8a2eKzVSP6Lm6iSJy
+rZzXDH9q9llxFMbK3TOMZmlSY6Bpo1QcahKHjCajZuqvTFcaz8JT+QlGQPvmj5IGZeVzsghd7YZa
+lkTXwfTOgwek5nYO2eaOjejOdWchg66c2n9xSDxg99noVA/2GtREPBikUMVIiMI+XN9Vcm2OGsHT
+5BWjc6jXKRryDq3XdeaGGwqYZmRIY/gWErCeHpIVIVrz7Yvj2AvBZKiny2eYzkqg1t09T9R/NRx9
+xq/sy/iykh2bsfMnVuTJYFRSMq9dwb1hhZZjX0GODa9Paz70c5voYwWTYpbGI3fca5Q/KwM5pE0S
+Tib4K8W9jjhbGGkJxQARAQABiQIlBBgBCAAPBQJWxuR4AhsMBQkJZgGAAAoJEN1AmhXYIkadqw4Q
+ALV7kL0jfQ1RXnjD4Hjb2S2nIh1EMWKVBogj21oS+emE7hdLqJBY9Pb1C1ZK5RMtE7CeEvF3bSok
+xwlR9bbco/GiFJEKALKXI8emIAVbn3ocqiHmCOnAppXuRC2hyZ9I3t7k0r1r1QO6Py8mXYjgwVUO
+uFFa3BZGFXzvLCa1dmNTipkHIy5scN5wDoyUfLdvNgmUxbjhA54zxY5s3MZ2hOBJhV6S+7LVcxzN
+Dkh4YsKaT7zRb3lXdFqlaHh6tMpPVayIKL8p/QjxHYU4EMisyMirhlwT/jWToqZ4+N07LBbmRuxH
+R+AX+iGfIQHq5xX0MNe+4NekxK+oaaJa2QkuuQPBDAGRm4lChN1hp3bFEEGrVjUQyrSz7alAx/KO
+T2I3k0uekRU/r4VnpSLF2kuyoDbe5NUshARl5wYkAW2vGisFj/xryZmZ8N1mFr06mLGew37GjqXW
+Rm75WO1Szrl0q8RwIRrJFngqIO/i+LPCYyTKHDN02eihbGtmQo9ZU5cs9am3jKBdbouNHqb/+9J9
+Ruzo8gIkBZAC+q2gajyfkYSJib7XWU6hTbLG0NDiFEUfu6hBSCJCqmHA2I0KgPgoNg2+aj2i4xwm
+XiIjCXrjUJCU2QNsy4hdt7/FPpiOps+LvNtWLSIi5RtJO4+Ydx7RV/9Sg9L2htBaVaxXGe4WGC0r
+EOF
+}
- 07/14: cdn: Use Terraform's S3 backend., (continued)
- 07/14: cdn: Use Terraform's S3 backend., Chris Marusich, 2018/12/29
- 13/14: cdn: Add billing alarms., Chris Marusich, 2018/12/29
- 10/14: cdn: Switch default region to us-east-1., Chris Marusich, 2018/12/29
- 08/14: cdn: Add a lifecycle policy to the state bucket., Chris Marusich, 2018/12/29
- 06/14: cdn: Add an S3 bucket to hold Terraform state., Chris Marusich, 2018/12/29
- 12/14: cdn: Allow clients to use both HTTP and HTTPS., Chris Marusich, 2018/12/29
- 04/14: cdn: Do not hard-code the profile name., Chris Marusich, 2018/12/29
- 02/14: cdn: Give Ludo and Ricardo administrative access., Chris Marusich, 2018/12/29
- 05/14: cdn: Add a CloudFront distribution fronting berlin., Chris Marusich, 2018/12/29
- 03/14: cdn: Add thoughts about next steps to README., Chris Marusich, 2018/12/29
- 01/14: cdn: Initial commit of Terraform configuration.,
Chris Marusich <=
- 09/14: cdn: Add a basic deployment plan to the README.org, Chris Marusich, 2018/12/29