Refactor AWS environment configuration variables

austinsonger · austinsonger · commit 199c78d28f25 · 2024-09-26T16:27:44.000Z
diff --git a/.github/workflows/prep/setup-aws-environment.yml b/.github/workflows/prep/setup-aws-environment.yml
@@ -37,15 +37,15 @@ jobs:
       - name: Configure Corporate AWS Credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:
-          aws-access-key-id: ${{ secrets.DEVOPS_CORP_AUTOMATION_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.DEVOPS_CORP_AUTOMATION_AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ secrets.DEVOPS_CORP_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.DEVOPS_CORP_AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ inputs.corp-aws-region }}
 
       - name: Configure Federal AWS Credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:
-          aws-access-key-id: ${{ secrets.DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ secrets.DEVOPS_FEDERAL_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.DEVOPS_FEDERAL_AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ inputs.federal-aws-region }}
 
       - name: Checkout repository
diff --git a/services/tools/aws/Access Control/replay_resistant_auth_evidence.py b/services/tools/aws/Access Control/replay_resistant_auth_evidence.py
@@ -9,14 +9,14 @@
 # Setup environments dictionary with AWS credentials and output file paths
 environments = {
     'private-sector': {
-        'access_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_CORP_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_CORP_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'private_sector_output_file': f"/evidence-artifacts/{current_year}/private-sector/replay_resistant_auth.json"
     },
     'federal': {
-        'access_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_FEDERAL_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_FEDERAL_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'federal_output_file': f"/evidence-artifacts/{current_year}/federal/replay_resistant_auth.json"
     }
diff --git a/services/tools/aws/Access Control/sso_enforcement_for_application_accounts.py b/services/tools/aws/Access Control/sso_enforcement_for_application_accounts.py
@@ -7,14 +7,14 @@
 
 environments = {
     'private-sector': {
-        'access_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_CORP_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_CORP_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'private_sector_output_file': f"/evidence-artifacts/{current_year}/private-sector/sso_enforcement_for_application_accounts.json"
     },
     'federal': {
-        'access_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_FEDERAL_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_FEDERAL_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'federal_output_file': f"/evidence-artifacts/{current_year}/federal/sso_enforcement_for_application_accounts.json"
     }
diff --git a/services/tools/aws/Access Control/users_active_access_keys.py b/services/tools/aws/Access Control/users_active_access_keys.py
@@ -7,14 +7,14 @@
 
 environments = {
     'private-sector': {
-        'access_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_CORP_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_CORP_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'private_sector_output_file': f"/evidence-artifacts/{current_year}/private-sector/users_active_access_keys.json"
     },
     'federal': {
-        'access_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_FEDERAL_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_FEDERAL_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'federal_output_file': f"/evidence-artifacts/{current_year}/federal/users_active_access_keys.json"
     }
diff --git a/services/tools/aws/Access Control/users_configured_with_sso.py b/services/tools/aws/Access Control/users_configured_with_sso.py
@@ -7,14 +7,14 @@
 
 environments = {
     'private-sector': {
-        'access_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_CORP_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_CORP_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'private_sector_output_file': f"/evidence-artifacts/{current_year}/private-sector/users_configured_with_sso.json"
     },
     'federal': {
-        'access_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_FEDERAL_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_FEDERAL_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'federal_output_file': f"/evidence-artifacts/{current_year}/federal/users_configured_with_sso.json"
     }
diff --git a/services/tools/aws/System and Communications Protection/verify_data_encryption_in_transit.py b/services/tools/aws/System and Communications Protection/verify_data_encryption_in_transit.py
@@ -9,14 +9,14 @@
 # Environment setup
 environments = {
     'private-sector': {
-        'access_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_CORP_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_CORP_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'private_sector_output_file': f"/evidence-artifacts/{current_year}/private-sector/data_encryption_check.json"
     },
     'federal': {
-        'access_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_FEDERAL_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_FEDERAL_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'federal_output_file': f"/evidence-artifacts/{current_year}/federal/data_encryption_check.json"
     }
diff --git a/services/tools/aws/System and Services Acquisition/source_code_vulnerability_scan_configuration.py b/services/tools/aws/System and Services Acquisition/source_code_vulnerability_scan_configuration.py
@@ -9,14 +9,14 @@
 
 environments = {
     'private-sector': {
-        'access_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_CORP_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_CORP_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'private_sector_output_file': f"/evidence-artifacts/{current_year}/private-sector/"
     },
     'federal': {
-        'access_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_FEDERAL_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_FEDERAL_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'federal_output_file': f"/evidence-artifacts/{current_year}/federal/"
     }
diff --git a/services/tools/aws/System and Services Acquisition/source_code_vulnerability_scan_evidence.py b/services/tools/aws/System and Services Acquisition/source_code_vulnerability_scan_evidence.py
@@ -10,14 +10,14 @@
 # Dictionary holding environments configuration
 environments = {
     'private-sector': {
-        'access_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_CORP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_CORP_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_CORP_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'private_sector_output_file': f"/evidence-artifacts/{current_year}/private-sector/"
     },
     'federal': {
-        'access_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        'secret_key': os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        'access_key': os.getenv('DEVOPS_FEDERAL_AWS_ACCESS_KEY_ID'),
+        'secret_key': os.getenv('DEVOPS_FEDERAL_AWS_SECRET_ACCESS_KEY'),
         'region': 'us-east-1',
         'federal_output_file': f"/evidence-artifacts/{current_year}/federal/"
     }
diff --git a/services/tools/aws/_config/README.md b/services/tools/aws/_config/README.md
@@ -203,12 +203,12 @@ The module defines configurations for two environments:
 #### Environment Details
 
 - **private-sector**
-  - Access Key: Retrieved from `DEVOPS_CORP_AUTOMATION_AWS_ACCESS_KEY_ID` environment variable.
-  - Secret Key: Retrieved from `DEVOPS_CORP_AUTOMATION_AWS_SECRET_ACCESS_KEY` environment variable.
+  - Access Key: Retrieved from `DEVOPS_CORP_AWS_ACCESS_KEY_ID` environment variable.
+  - Secret Key: Retrieved from `DEVOPS_CORP_AWS_SECRET_ACCESS_KEY` environment variable.
   - Region: `us-east-1`
 - **federal**
-  - Access Key: Retrieved from `DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID` environment variable.
-  - Secret Key: Retrieved from `DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY` environment variable.
+  - Access Key: Retrieved from `DEVOPS_FEDERAL_AWS_ACCESS_KEY_ID` environment variable.
+  - Secret Key: Retrieved from `DEVOPS_FEDERAL_AWS_SECRET_ACCESS_KEY` environment variable.
   - Region: `us-east-1`
 
 
diff --git a/services/tools/aws/_config/config.py b/services/tools/aws/_config/config.py
@@ -17,13 +17,13 @@ def set_aws_credentials(self):
 
 environments = {
     'private-sector': EnvironmentConfig(
-        access_key=os.getenv('DEVOPS_CORP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        secret_key=os.getenv('DEVOPS_CORP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        access_key=os.getenv('DEVOPS_CORP_AWS_ACCESS_KEY_ID'),
+        secret_key=os.getenv('DEVOPS_CORP_AWS_SECRET_ACCESS_KEY'),
         region='us-east-1'
     ),
     'federal': EnvironmentConfig(
-        access_key=os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID'),
-        secret_key=os.getenv('DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY'),
+        access_key=os.getenv('DEVOPS_FEDERAL_AWS_ACCESS_KEY_ID'),
+        secret_key=os.getenv('DEVOPS_FEDERAL_AWS_SECRET_ACCESS_KEY'),
         region='us-east-1'
     )
 }
