curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

feat(aws-config): support more rules 

- consolidate into a script
This commit is contained in:
Ming Di Leom 2021-08-21 07:19:55 +00:00
parent 6545ab080e
commit 2a6f2ebd2a
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source/_posts/aws-config.md
View File

@ -20,4 +20,4 @@ In addition to resource compliance, you can also use it to build inventories. Fo
A major limitation (as listed in the [docs](https://docs.aws.amazon.com/config/latest/developerguide/querying-AWS-resources.html#query-limitations)) is that you cannot query compliant-only (or non-compliant-only) resources of a compliance rule, e.g. `AND` operator may return result of `OR` instead.
To get the actual result, you still need some post-processing to filter out irrelevant entries. I created two simple scripts ([ec2-ssm.py](https://gitlab.com/curben/aws-scripts/-/blob/main/ec2-ssm.py) & [lambda-public.py](https://gitlab.com/curben/aws-scripts/-/blob/main/lambda-public.py)) to query (non-)compliant EC2 instances with SSM agent enabled and Lambda resources with public access disabled, respectively.
To get the actual result, you still need some post-processing to filter out irrelevant entries. I wrote a script to list all enabled rules in an organisation ([aws-config-rules.py](https://gitlab.com/curben/aws-scripts/-/blob/main/aws-config-rules.py)) and another script to query the output of some of those rules ([aws-config.py](https://gitlab.com/curben/aws-scripts/-/blob/main/aws-config.py)).