xpk/code-dumps
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: Added more services to the review

Browse Source
This commit is contained in:
xpk 2024-08-01 19:10:56 +08:00
parent 93a572b7d2
commit e6fd103c2a
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
aws/AwsEnvReview.py
View File

@ -71,6 +71,18 @@ for r in regions:
outTable.append([r, aid, i[0].get("InstanceId"), getAgeFromDate(i[0].get("UsageOperationUpdateTime"))])
printResult(outTable, "Region, AccountID, InstanceId, DaysStopped")
printSubTitle("[Security] IDMSv1 allowed - Consider requiring IDMSv2")
outTable = []
for r in regions:
client = boto3.client('ec2', region_name=r)
response = client.describe_instances()
if len(response.get("Reservations")) > 0:
for i in jmespath.search("Reservations[*].Instances[*]", response):
if i[0].get("MetadataOptions").get("HttpTokens") == "optional":
outTable.append([r, aid, i[0].get("InstanceId"), i[0].get("MetadataOptions").get("HttpTokens") ])
printResult(outTable, "Region, AccountID, InstanceId, IDMSv2")
printSubTitle("[Performance Efficiency] Use of previous generation instance type - Consider using current generation instances")
outTable = []
for r in regions:
@ -274,11 +286,11 @@ outTable = []
for r in regions:
client = boto3.client('elbv2', region_name=r)
response = client.describe_target_groups()
for i in jmespath.search("TargetGroups[*].TargetGroupArn", response):
tgResp = client.describe_target_health(TargetGroupArn=i)
for i in response.get("TargetGroups"):
tgResp = client.describe_target_health(TargetGroupArn=i.get("TargetGroupArn"))
if len(jmespath.search("TargetHealthDescriptions[*].Target", tgResp)) == 0:
outTable.append([r, aid, i])
printResult(outTable, "Region, AccountID, TargetGroupArn")
outTable.append([r, aid, i.get("TargetGroupName")])
printResult(outTable, "Region, AccountID, TargetGroup")
printTitle("KMS service review")
printSubTitle("[Security] Customer Managed Keys do not have auto rotation enabled - Consider enabling auto key rotation")