{"id":13821282,"url":"https://github.com/alanwill/aws-tailor","last_synced_at":"2026-01-28T04:42:58.272Z","repository":{"id":77098714,"uuid":"99276405","full_name":"alanwill/aws-tailor","owner":"alanwill","description":"AWS account provisioning and management service","archived":false,"fork":false,"pushed_at":"2025-05-05T18:38:55.000Z","size":1799,"stargazers_count":109,"open_issues_count":16,"forks_count":23,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-05-16T12:40:32.739Z","etag":null,"topics":["account-management","api-gateway","aws-account-management","aws-lambda","lambda-functions","orchestration-framework","serverless-application-model"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alanwill.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-08-03T21:27:09.000Z","updated_at":"2024-05-13T22:12:19.000Z","dependencies_parsed_at":"2025-05-01T07:24:19.688Z","dependency_job_id":"935592a0-e881-4f53-b882-1b8e5c818440","html_url":"https://github.com/alanwill/aws-tailor","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/alanwill/aws-tailor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alanwill%2Faws-tailor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alanwill%2Faws-tailor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alanwill%2Faws-tailor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alanwill%2Faws-tailor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alanwill","download_url":"https://codeload.github.com/alanwill/aws-tailor/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alanwill%2Faws-tailor/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28838638,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T02:10:51.810Z","status":"ssl_error","status_checked_at":"2026-01-28T02:10:50.806Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["account-management","api-gateway","aws-account-management","aws-lambda","lambda-functions","orchestration-framework","serverless-application-model"],"created_at":"2024-08-04T08:01:19.135Z","updated_at":"2026-01-28T04:42:58.231Z","avatar_url":"https://github.com/alanwill.png","language":"Python","readme":"[![Codacy Badge](https://api.codacy.com/project/badge/Grade/99f783311bab4dc4a16166b3bc5485bc)](https://www.codacy.com/app/alanwill/aws-tailor?utm_source=github.com\u0026utm_medium=referral\u0026utm_content=alanwill/aws-tailor\u0026utm_campaign=badger)\n\n## Tailor - the AWS Account Provisioning Service\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"assets/tailor-logo.png\" alt=\"Tailor Logo\" width=\"300\"\u003e\u003c/p\u003e\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n**Table of Contents**\n\n- [What is Tailor?](#what-is-tailor)\n- [Architecture](#architecture)\n  - [Serverless](#serverless)\n  - [Extensible](#extensible)\n  - [Reusable](#reusable)\n- [Configured AWS and Third Party Services](#configured-aws-and-third-party-services)\n  - [IAM](#iam)\n    - [Lambda Roles](#lambda-roles)\n    - [ECS Role](#ecs-role)\n  - [CloudTrail](#cloudtrail)\n  - [Config](#config)\n  - [Direct Connect](#direct-connect)\n  - [VPC](#vpc)\n  - [Enterprise Support](#enterprise-support)\n  - [Cloudability](#cloudability)\n- [Lambda functions](#lambda-functions)\n  - [talr-receptionist](#talr-receptionist)\n    - [Request](#request)\n    - [Responses](#responses)\n    - [Function Inputs](#function-inputs)\n  - [talr-cla](#talr-cla)\n    - [Input](#input)\n    - [Output](#output)\n  - [talr-director](#talr-director)\n    - [Input](#input-1)\n    - [Output](#output-1)\n  - [talr-iam](#talr-iam)\n    - [Input](#input-2)\n    - [Output](#output-2)\n  - [talr-cloudtrail](#talr-cloudtrail)\n    - [Input](#input-3)\n    - [Output](#output-3)\n  - [talr-config](#talr-config)\n    - [Input](#input-4)\n    - [Output](#output-4)\n  - [talr-entsupport](#talr-entsupport)\n    - [Input](#input-5)\n    - [Output](#output-5)\n  - [talr-vpc](#talr-vpc)\n    - [Input](#input-6)\n    - [Output](#output-6)\n  - [talr-directconnect](#talr-directconnect)\n    - [Input](#input-7)\n    - [Output](#output-7)\n  - [talr-inquirer](#talr-inquirer)\n    - [Input](#input-8)\n    - [Output](#output-8)\n  - [talr-validator](#talr-validator)\n    - [Input](#input-9)\n    - [Output](#output-9)\n  - [talr-notify](#talr-notify)\n    - [Input](#input-10)\n    - [Output](#output-10)\n- [DynamoDB Tables](#dynamodb-tables)\n  - [talr-cbInfo](#talr-cbinfo)\n  - [talr-accountInfo](#talr-accountinfo)\n  - [talr-taskStatus](#talr-taskstatus)\n- [SNS Topics](#sns-topics)\n  - [talr-cla-request](#talr-cla-request)\n  - [talr-cla-response](#talr-cla-response)\n  - [talr-dispatch-request](#talr-dispatch-request)\n  - [talr-cfn-response](#talr-cfn-response)\n  - [talr-notify-request](#talr-notify-request)\n  - [talr-events-push](#talr-events-push)\n- [API Reference](#api-reference)\n  - [POST /account](#post-account)\n  - [POST /iam](#post-iam)\n  - [POST /cloudtrail](#post-cloudtrail)\n  - [POST /config](#post-config)\n  - [POST /entsupport](#post-entsupport)\n  - [POST /vpc](#post-vpc)\n  - [POST /directconnect](#post-directconnect)\n  - [GET /account](#get-account)\n- [Error Messages](#error-messages)\n- [Task Status](#task-status)\n- [Conventions/Standards](#conventionsstandards)\n- [Operations](#operations)\n  - [Accessing IPAM console](#accessing-ipam-console)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## What is Tailor?\nTailor is a service that provisions and configures AWS accounts in accordance to a company's standards. It's built to support an infinite number of accounts.\n\n\"Tailor-made AWS accounts\"\n\nThe primary intent is to provision _new_ AWS accounts as well as configure existing accounts.\n\nThe following AWS services are configured (or enabled) via Tailor:\n\n* IAM\n* CloudTrail\n* Config\n* Direct Connect\n* VPC\n* Enterprise Support\n\n## Architecture\nTailor is architected to be a serverless, extensible and reusable service. Additionally it's built with the [Serverless Framework](http://serverless.com) which enables rapid development of AWS Lambda functions and their related resources. The AWS specific codebase is written entirely in Python 2.7 using the AWS Python SDK and deployed to AWS Lambda while the API proxy facade is written in Node.js and deployed to Apigee Edge.\n\n### Serverless\nTailor's architecture requires the management of _zero_ servers. There are no machines to patch, configure or maintain. It relies on various [AWS Lambda](http://docs.aws.amazon.com/lambda/latest/dg/welcome.html) functions for its primary compute layer.\n\n### Extensible\nTailor is composed of various Lambda functions that each perform a specific task or set of tasks, for example configure CloudTrail or configure IAM. Due to the discreet nature of these functions, Tailor allows for new functions to be added in order to extend the service's capabilities.\n\n### Reusable\nOne of the core design principles behind Tailor is to be reusable. Not only is the same service sharable by multiple divisions with distinct Payer accounts, but the entire code base can be run in another environment and would work out of the box.\n\n\u003cimg src=\"assets/TailorArchDesign.jpg\" alt=\"TailorArchDesign\" width=\"800\"\u003e\n\n## Configured AWS and Third Party Services\n\n### IAM\nThe Identity and Access Management (IAM) service is leveraged for generally 2 use cases, the first is to enable access to an AWS account. When a user logs into AWS with their corporate SSO credentials, the role that governs their authorization is one of 6 IAM roles with a trust relationship to an IAM SAML provider, a.k.a [IAM SAML Roles](#iam-saml-roles). The second use case, is for roles which can be assumed by other AWS services, for example [Lambda](#lambda-roles) and [ECS roles](#ecs-role). Tailor creates the roles and policies that support both these use cases.\n\n\n#### Lambda Roles\n| Role Name | Purpose | Policies |\n| ---- | ------ | -------- |\n| \u003ccompany-ticker\u003eLambdaBasicExecutionRole | Basic execution role for Lambda supporting the ability to push logs to Cloudwatch Logs  | AWS Managed Policy: \u003cul\u003e\u003cli\u003eAWSLambdaBasicExecutionRole\u003c/li\u003e\u003c/ul\u003e |\n| \u003ccompany-ticker\u003eLambdaVpcAccessExecutionRole | Basic execution role for Lambda supporting the ability to push logs to Cloudwatch Logs  | AWS Managed Policy: \u003cul\u003e\u003cli\u003eAWSLambdaVPCAccessExecutionRole\u003c/li\u003e\u003c/ul\u003e |\n\n#### ECS Role\n| Role Name | Purpose | Policies |\n| ---- | ------ | -------- |\n| \u003ccompany-ticker\u003eEcsInstanceRole | EC2 instance role for attaching to ECS nodes  | AWS Managed Policy: \u003cul\u003e\u003cli\u003eAmazonEC2ContainerServiceforEC2Role\u003c/li\u003e\u003c/ul\u003e |\n\n\n### CloudTrail\n\n### Config\n\n### Direct Connect\n\n### VPC\n\n### Enterprise Support\n\n### Cloudability\n\n\n\n## Lambda functions\nTailor is comprised of a number of discrete Lambda functions written in Python. Below we'll list them all and explain what each does.\n\n### talr-receptionist\nThe receptionist function receives and validates account requests in the form of a JSON payload via HTTP POST calls to /account.\n\n#### Request\nA creation request must include the following JSON payload in the body of the request:\n```JSON\n{\n  \"accountRequest\": {\n      \"accountCbAlias\" : \"acme-main\",\n      \"accountRegulated\" : True,\n      \"accountVpcAzCount\" : \"2\",\n      \"accountVpcPrefix\" : \"/24\",\n      \"accountRegion\" : \"us-east-1\",\n      \"accountTagCostCenter\" : \"1000100099\",\n      \"accountTagLongProjectName\" : \"My Super Fancy Project\",\n      \"accountTagShortProjectName\" : \"MSFP\",\n      \"accountTagEnvironment\" : \"tst\",\n      \"accountUserAccessList\" : \"obamabadmin\",\n      \"accountTechnicalContactFullName\": \"Walter White\",\n      \"accountTechnicalContactUsername\": \"whitew\",\n      \"requestorFullName\" : \"John Doe\",\n      \"requestorUsername\" : \"doej\",\n      \"requestorManager\" : \"Fred Flinstone\",\n      \"requestorDepartment\" : \"Internal Affairs\",\n      \"requestorEmailAddress\" : \"john.doe@mycompany.com\",\n      \"externalTransactionId\" : \"RITM00001\",\n      \"comment\" : \"Special Tag here\"\n  }\n}\n```\n\n| Field | Type | Required | Description |\n| ----- | ---- | -------- | ----------- |\n| accountCbAlias | string | Y | This is an alias associated with a payer account. A company with multiple payer accounts would have a distinct alias per payer. |\n| accountRegulated | boolean | Y | True/False if that account is regulated. Regulated accounts are ones that are subject to external audit and regulatory controls, like SOx etc. |\n| accountVpcAzCount | string | Y | Number of AZs to provision the VPC into. This can be either 2 or 3 |\n| accountVpcPrefix | string | Y | VPC network prefix, currently only /24 is supported. |\n| accountRegion | string | Y | The region where the VPC should be deployed. Currently only supports a single region but will be made into a list soon |\n| accountTagCostCenter | string | Y | Cost Center to be cross charged for account spend |\n| accountTagLongProjectName | string | Y | A descriptive name for the account which can include spaces. |\n| accountTagShortProjectName | string | Y | A short name for the account with no spaces. For example project or application or team acronym |\n| accountTagEnvironment | string | Y | Intended account environment. See list Function Inputs section below for valid list of values |\n| accountUserAccessList | string | Y | List of AD admin accounts which require read/write access to the account |\n| accountTechnicalContactFullName | string | Y | Specify the name of the person who has technical know-how of what's deployed in the account. This could be the same person as the requestor. |\n| accountTechnicalContactUsername | string | Y | Specify the username of the person who has technical know-how of what's deployed in the account. This could be the same person as the requestorUsername. |\n| requestor* | string | Y | These fields are fairly self explanatory and can be auto-populated for requests originating from ServiceNow |\n| externalTransactionId | string | N | Can contain any field or value for reference purposes and to be associated with the account. Tailor has no technical dependency on this field. Field is mandatory but value can be left as an empty string. |\n| comment | string | N | Optional comment. Field is mandatory but value can be left as an empty string. |\n\nSee *Function Inputs* below for field constraints.\n#### Responses\n\nA successful response will return an HTTP 200 status code with the following content:\n```JSON\n{\n    \"code\": \"2000\",\n    \"message\" : \"Request Accepted\",\n    \"requestId\": \"f7ad919d-c855-4bb7-9635-fc7c22cba537\"\n}\n```\n\nA request which will lead to an account with a duplicated email address will be caught in the validation process and a failure response sent as an HTTP 409 status code:\n```JSON\n{\n    \"code\": \"4090\",\n    \"message\": \"Duplicate request\"\n}\n```\n\nOther possible error codes include code 4000 (HTTP status 400) which means that one of the fields in the JSON body is either missing or incorrectly populated (check the value including its length):\n```JSON\n{\n    \"code\": \"4000\",\n    \"message\": \"Bad request\"\n}\n```\n\n#### Function Inputs\nThe following table outlines all input fields which talr-receptionist either calculates, derives or validates from the client's payload:\n\n| Field | Type | In  | Constraint | Required | Description |\n| ----- | ---- | --- | ---------- | -------- | ----------- |\n| requestId | string | lambda | 100 | Calculated | v4 UUID |\n| requestTime | number | lambda | 10 | Calculated | epoch value of request received time |\n| accountEmailAddress | string | lambda | 50 | Derived | Unique account email address |\n| accountCbAlias | string | body | 10 | Yes | Alias name of Payer account aka Consolidated Billing (CB) |\n| accountRegulated | boolean | body |  | Yes | Signifies the account is subject to external regulatory controls. |\n| accountVpcAzCount | string | body | 1 | Yes | Number of AZs to provision for VPC, either 2 or 3 |\n| accountVpcPrefix | string | body | 1 | Yes | VPC network prefix, currently only /24 is supported. |\n| accountRegion | string | body | 15 | Yes | Region to provision VPC, either us-east-1 or us-west-1 |\n| accountTagCostCenter | string | body | 10 | Yes | Cost Center financially responsible for account spend |\n| accountTagLongProjectName | string | body | 30 | Yes | Long-form project name to be associated with account |\n| accountTagShortProjectName | string | body | 10 | Yes | Short-form (acronym) project name |\n| accountTagEnvironment | string | body | 3 | Yes | Intended environment use, i.e. dev/stg/prd/alpha/beta/prod |\n| accountUserAccessList | string | body | 200 | Yes | List of users who need access to account, AD admin (secondary) usernames |\n| accountTechnicalContactFullName | string | body | 50 | Yes | Named technical contact for the account. Could be the same as requestor |\n| accountTechnicalContactUsername | string | body | 15 | Yes | Named technical contact's corporate username. Could be the same as requestorUsername  |\n| requestorFullName | string | body | 50 | Yes | Requestor Full Name|\n| requestorUsername | string | body | 50 | Yes | Requestor's corporate user name|\n| requestorManager | string | body | 50 | Yes | Requestor's manager's full name|\n| requestorDepartment | string | body | 40 | Yes | Requestor's department name |\n| requestorEmailAddress | string | body | 50 | Yes | Requestor's email address |\n| externalTransactionId | string | body | 50 | No | This can be any number or string that needs to be associated with the account for reporting purposes. For example a ServiceNow ticket number |\n| comment | string | body | 100 | No | Comment |\n\nValues from the above fields are persisted to DynamoDB in `talr-accountInfo` and the Consolidated Billing (cb) info is looked up from `talr-cbInfo`.\n\n### talr-cla\nThe CLA function calls the AWS Accounts Service (aka CLA - Create Linked Account API) to create a linked account.\n\n#### Input\n\n#### Output\n\n### talr-director\nThe director function, receives the response from the CLA service via subscription to talr-cla-response. Since the CLA service reports a few different responses, talr-director iterates through each response and responds appropriately.\n\nFor a success, it validates that the account is accessible by setting the IAM account alias then updating talr-taskStatus table with a success event.\nFor a failure, it updates the talr-taskStatus table with a failure event.\n\n#### Input\n\n#### Output\n\n### talr-iam\nThis function configures the standard suite of IAM roles as well as the SAML provider and populates policies both AWS Managed and Customer Managed for each role.\n\n#### Input\n\n#### Output\n\n### talr-cloudtrail\nThis function configures Cloudtrail by creating a `default` All Region trail then setting events to be persisted to a central S3 bucket that's used by all accounts. SNS is not configured.\n\n#### Input\n\n#### Output\n\n### talr-config\nThis function configures AWS Config in every region and provisions a delivery channel. Events are configured to be sent to a central bucket common across all linked accounts, per payer account. Config Rules are also provisioned.\n\n#### Input\n\n#### Output\n\n### talr-entsupport\nThis function creates a Support Case in the payer account to configure the new linked account with Enterprise Support.\n\n#### Input\n\n#### Output\n\n### talr-vpc\nThis function invokes the [cfn-core](https://github.com/alanwill/cfn-core) Cloudformation template asynchronously in each region specified by the requestor. Cloudformation publishes its completion status to talr-cfn-response. The CIDR block for the VPC is looked up in an IPAM and the function determines the size of each subnet based on the VPC size requested by the user.\n\nDENY policies for the ServerAdmins and ApplicationAdmins IAM roles are also provisioned.\n\n#### Input\n\n#### Output\n\n### talr-directconnect\nThis function configures Direct Connect per VPC by looking up available VLANs in IPAM. It runs once a success event has been published to talr-cfn-response signaling that the VPC was provisioned successfully.\n\n#### Input\n\n#### Output\n\n### talr-inquirer\nThe inquirer function accepts HTTP GET calls to look up account provisioning status. It can also be used to look up when an account was created.\n\n#### Input\n\n#### Output\n\n### talr-validator\nThe validator function checks the status of each task function to ensure it completed. Once all tasks are completed it composes an email for the user and publishes an event to talr-notify-request to send the email. An event is also sent to talr-events-push with a payload that can be consumed by tertiary systems needing to be notified when an account is created.\n\n#### Input\n\n#### Output\n\n### talr-notify\nThis function receives a payload from the talr-notify-request SNS topic which includes the contents of an email to be sent, including the recipients. The function then uses SES to send the email.\n\n#### Input\n\n#### Output\n\n## DynamoDB Tables\n\n### talr-cbInfo\n\n### talr-accountInfo\n\n### talr-taskStatus\n\n## SNS Topics\n\n### talr-cla-request\n\n### talr-cla-response\n\n### talr-dispatch-request\n\n### talr-cfn-response\n\n### talr-notify-request\n\n### talr-events-push\n\n## API Reference\n\nTailor's APIs are described in Postman collections, click on the button below to import them and start using the APIs immediately.\n[![Run in Postman](https://run.pstmn.io/button.svg)](https://app.getpostman.com/run-collection/6a04c161fa9d76ce0339)\n\n### POST /account\n\n### POST /iam\n\n### POST /cloudtrail\n\n### POST /config\n\n### POST /entsupport\n\n### POST /vpc\n\n### POST /directconnect\n\n### GET /account\n\n## Error Messages\n\n| HTTP Status Code | Code | Message |\n| ---------------- | ---- | ------- |\n| 409 | 4090 | ERROR: Duplicate request |\n| 400 | 4000 | ERROR: Bad request |\n| 500 | 5000 | ERROR: An internal error occurred. Contact the AWS Operations team |\n| - | 601 | ERROR: Linked account failed to create |\n\n## Task Status\n\n| Task | Status | Function | Description |\n| ---- | ------ | -------- | ----------- |\n| REQUEST_VALIDATION | start/end | talr-receptionist | requestId generated and request payload validated |\n| CLA_SUBMISSION | start/end | talr-cla | Request sent to CLA service for processing |\n| CLA_CREATION | start/end | talr-director | Linked account provisioning start notification received from CLA service |\n| CLA_VALIDATION | start/end | talr-director | Linked account assume-role access validated |\n| IAM | start/end | talr-iam | Confuguring the IAM service |\n| CLOUDTRAIL | start/end | talr-cloudtrail | Configuring the Cloudtrail service |\n| AWSCONFIG | start/end | talr-awsconfig | Configuring the AWS Config service |\n| VPC | start/end | talr-vpc | Configuring the VPC service |\n| DIRECT_CONNECT | start/end | talr-directconnect | Configuring the Direct Connect service |\n| AD_SEC_GROUPS | start/end | talr-adsecgroups | Provisioning AD security groups |\n| AD_DL | start/end | talr-addl | Provisioning AD distribution list |\n| CONFIGURATION_CHECK | complete | talr-validator | Final account validation and verification that all services configured successfully |\n| READY | notified | talr-notify | Confirmation email dispatched to user |\n\nSample DynamoDB Item:\n```JSON\n{\n  \"requestId\": \"e74743c6-8e8e-40f3-b200-3509b8912e13\",\n  \"REQUEST_VALIDATION\": {\n    \"startTimestamp\": \"1464742381.02\",\n    \"endTimestamp\": \"1464742382.07\",\n    \"function\": \"talr-receptionist\",\n    \"message\": \"None\"\n  },\n  \"CLA_SUBMISSION\": {\n    \"startTimestamp\": \"1464742382.86\",\n    \"endTimestamp\": \"1464742386.08\",\n    \"function\": \"talr-cla\",\n    \"message\": \"None\"\n  },  \n  \"CLA_CREATION\": {},\n  \"CLA_VALIDATION\": {},\n  \"CLOUDTRAIL\": {},\n  \"IAM\": {},\n  ...\n}\n```\n\n## Conventions/Standards\n\n* Code written in Python 2.7\n* Times are recorded in epoch format\n* Coding conventions follow the PEP8 standard\n\n## Operations\n\n### Accessing IPAM console\n\n* Launch the [cfn-nipap-daemon.json](serverless/s3-artifacts/cfn/cfn-nipap-daemon.json) CloudFormation template with the following parameters:\n * TailorComponentsSecurityGroup. GroupId of the existing tailor-nipap-backend-SgTailorComponents security group.\n * TailorNipapDaemonAmi. Id of the `Tailor NIPAP Daemon` AMI found in the same account.\n* Once the stack creates from the EC2 console right click on it and `Launch More Like This`\n * Click on Launch then launch the instance with a keypair.\n* Modify the `*NipapDaemonSg*` security group that's attached to the instance to add an inbound SSH rule as well as TCP 5000 (web UI).\n* SSH to the instance using the `ubuntu` user\n* Once on the instance run `sudo paster serve /etc/nipap/nipap-www.ini`\n* Navigate to the NIPAP UI at http://\u003cec2-instance-ip\u003e:5000\n* Log in with `tailor` NIPAP user and password\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"assets/nipap-main-screen.png\" alt=\"NIPAP Main Screen\"\u003e\u003c/p\u003e\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falanwill%2Faws-tailor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falanwill%2Faws-tailor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falanwill%2Faws-tailor/lists"}