Skip to content
This repository has been archived by the owner on Jan 16, 2020. It is now read-only.

codeforamerica/autoclearance

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

311 Commits

.circleci

.circleci

 
 

.ebextensions

.ebextensions

 
 

.elasticbeanstalk

.elasticbeanstalk

 
 

app

app

 
 

bin

bin

 
 

config

config

 
 

db

db

 
 

lib

lib

 
 

public

public

 
 

scripts

scripts

 
 

spec

spec

 
 

terraform

terraform

 
 

vendor

vendor

 
 

.gitignore

.gitignore

 
 

.pgsync.yml

.pgsync.yml

 
 

.rubocop.yml

.rubocop.yml

 
 

.rubocop_todo.yml

.rubocop_todo.yml

 
 

.ruby-version

.ruby-version

 
 

Brewfile

Brewfile

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

config.ru

config.ru

 
 

package.json

package.json

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

Autoclearance

Development

Clone this repository and navigate to it.

Homebrew is used to install local dependencies. Install it here. Then. run brew bundle from the autoclearance directory.

ruby-install and chruby are used to manage Ruby versions. Follow instructions here for autoswitching with chruby

Run gem install bundler and then bundle to install Ruby dependencies.

Install PDFtk for PDF filling functionality

Install PDFTK from here

To set up the Beanstalk CLI

To add a Elastic Beanstalk profile for the environment, add the following to ~/.aws/config

[profile autoclearance]
aws_access_key_id=<your key>
aws_secret_access_key=<your secret key>
region=us-gov-west-1

Initialize Elastic Beanstalk eb init --profile autoclearance --region us-gov-west-1

Deploying

Create two files: backend-config and varfile to supply Amazon credentials. Examples are located at backend-config.example and varfile.example To deploy using Terraform, cd to the terraform directory and run terraform init -backend-config config_file

Create a new keypair through the AWS console for SSH access to the bastion. Safely store the keyfile. Generate a publickey for your varfile by running ssh-keygen -y -f /path/to/private_key.pem.

When the bastion is initially created, you will need to use these credentials to run the bastion setup script with: ./bastion_setup.sh <ip address>, which creates individual user accounts and sets up logging to CloudWatch from the bastion.

To apply Terraform settings, run: terraform apply -var-file varfile

To push a new revision to Beanstalk:

eb init -r us-gov-west-1 --profile autoclearance

Set your Elastic Beanstalk environment by running: eb use <environment name> --profile autoclearance

Deploy code to environment by running from the repository root: eb deploy

To SSH to the EC2 instance via the bastion host

Add your credentials to your local SSH agent by running: ssh-add <key> SSH to the instance by proxying through the Bastion by running: ssh -o ProxyCommand='ssh -W %h:%p <username>@<bastion public ip>' <username>@<instance private ip>

Notes

In order for the config rule "s3-bucket-ssl-requests-only" to be in compliance, you will need to deny HTTP access for the bucket created by Elastic Beanstalk to store application artifacts. To do this, add this policy excerpt to the created bucket.

{
      "Sid": "DenyUnSecureCommunications",
      "Effect": "Deny",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:*",
      "Resource": "arn:aws-us-gov:s3:::{bucket_name}/*",
      "Condition": {
        "Bool": {
          "aws:SecureTransport": false
        }
      }
}

About

Clear My Record: Automatically clear convictions under prop 64

www.clearmyrecord.org/

Resources

Readme
Activity
Custom properties

Stars

27 stars

Watchers

12 watching

Forks

3 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 7

Languages