mirror of https://gitlab.com/curben/blog
feat(aws-config): support more rules
- consolidate into a script
This commit is contained in:
parent
6545ab080e
commit
2a6f2ebd2a
|
@ -20,4 +20,4 @@ In addition to resource compliance, you can also use it to build inventories. Fo
|
||||||
|
|
||||||
A major limitation (as listed in the [docs](https://docs.aws.amazon.com/config/latest/developerguide/querying-AWS-resources.html#query-limitations)) is that you cannot query compliant-only (or non-compliant-only) resources of a compliance rule, e.g. `AND` operator may return result of `OR` instead.
|
A major limitation (as listed in the [docs](https://docs.aws.amazon.com/config/latest/developerguide/querying-AWS-resources.html#query-limitations)) is that you cannot query compliant-only (or non-compliant-only) resources of a compliance rule, e.g. `AND` operator may return result of `OR` instead.
|
||||||
|
|
||||||
To get the actual result, you still need some post-processing to filter out irrelevant entries. I created two simple scripts ([ec2-ssm.py](https://gitlab.com/curben/aws-scripts/-/blob/main/ec2-ssm.py) & [lambda-public.py](https://gitlab.com/curben/aws-scripts/-/blob/main/lambda-public.py)) to query (non-)compliant EC2 instances with SSM agent enabled and Lambda resources with public access disabled, respectively.
|
To get the actual result, you still need some post-processing to filter out irrelevant entries. I wrote a script to list all enabled rules in an organisation ([aws-config-rules.py](https://gitlab.com/curben/aws-scripts/-/blob/main/aws-config-rules.py)) and another script to query the output of some of those rules ([aws-config.py](https://gitlab.com/curben/aws-scripts/-/blob/main/aws-config.py)).
|
||||||
|
|
Loading…
Reference in New Issue