-
Notifications
You must be signed in to change notification settings - Fork 6
/
config.primary.production.aws.yml
65 lines (54 loc) · 1.44 KB
/
config.primary.production.aws.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
grpc_server_address: 0.0.0.0:9090
ocsp_server:
- production.ocsp.example.com
database:
database_driver: postgres
database_table: baseca
database_endpoint: xxxxxx.cluster.xxxxxx.us-east-1.rds.amazonaws.com
database_reader_endpoint: xxxxxx.cluster-ro.xxxxxx.us-east-1.rds.amazonaws.com
database_user: baseca
database_port: 5432
region: us-east-1
ssl_mode: verify-full
redis:
cluster_endpoint: xxxxxx.xxxxxx.0001.use1.cache.amazonaws.com
port: 6379
rate_limit: 20
domains:
- example.com
acm_pca:
production_use1:
region: us-east-1
ca_arn: arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
ca_active_day: 90
assume_role: false
root_ca: false
default: true
# Configure Additional Certificate Authorities (development_use1, staging_use1, etc)
firehose:
stream: baseca-production
region: us-east-1
kms:
key_id: 12345678-1234-1234-1234-123456789012
signing_algorithm: RSASSA_PSS_SHA_512
region: us-east-1
auth_validity: 5
secrets_manager:
secret_id: baseca-xxxxxxxxxxxx
subordinate_ca_metadata:
country: "US"
province: "CA"
locality: "San Francisco"
organization: "Example"
organization_unit: "Security"
email: "[email protected]"
signing_algorithm: SHA512WITHRSA
key_algorithm: "RSA"
key_size: 4096
certificate_authority:
production:
- production_use1
pre_production:
- pre_production_use1
corporate:
- corporate_use1