Delete util/ec2-automation directory

util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP

@@ -1,369 +0,0 @@
----
-Description: Stack for AWS resources to run Prowler scan
-AWSTemplateFormatVersion: "2010-09-09"
-
-Parameters:
-  ServiceName:
-    Description: 'Specifies the service name used within component naming'
-    Type: String
-    Default: 'prowler'
-
-  LogsRetentionInDays:
-    Description: 'Specifies the number of days you want to retain CloudWatch log events in the specified log group.'
-    Type: Number
-    Default: 3
-    AllowedValues: [1, 3, 5, 7, 14, 30, 60]
-  
-  ProwlerOptions:
-    Description: 'Options to pass to Prowler command. For all options see ./prowler -h'
-    Type: String
-    Default: '-r eu-west-1 -f eu-west-1 -M text,junit-xml,html -c check11,check12,check13,check14'
-
-  ProwlerSchedule:
-    Description: The time when Prowler will run in cron format. Default is daily at 22:00h/10PM
-    Type: String
-    Default: '0 22 * * *'
-
-  ProwlerInstanceType:
-    Description: Enter Instance Type
-    Type: String
-    Default: t2.micro 
-
-  Ec2ImageId:
-    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
-    Description: Latest AMI ID for Amazon Linux 2 (via AWS Publis SSM Parameters. See https://tinyurl.com/aws-public-ssm-parameters.
-    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs
-
-  Ec2InstanceKeyName:
-    Description: The name of key pair
-    Type: AWS::EC2::KeyPair::KeyName
-
-  SecurityGroupIds:
-    Description: Security group IDs
-    Type: CommaDelimitedList
-
-  SubnetIds:
-    Description: VPC subnet IDs
-    Type: CommaDelimitedList
-
-Resources:
-
-  ReportBucket:
-    Type: AWS::S3::Bucket
-    Properties:
-      BucketName: !Sub 'prowler-reports-${AWS::Region}-${AWS::AccountId}'
-      AccessControl: Private
-      BucketEncryption:
-        ServerSideEncryptionConfiguration:
-          - ServerSideEncryptionByDefault:
-              SSEAlgorithm: AES256
-      PublicAccessBlockConfiguration:
-        BlockPublicAcls: true
-        BlockPublicPolicy: true
-        IgnorePublicAcls: true
-        RestrictPublicBuckets: true
-      VersioningConfiguration:
-        Status: Enabled
-      # LoggingConfiguration:
-      #   DestinationBucketName: !Sub "my-access-log-bucket-${AWS::Region}-${AWS::AccountId}"
-      #   LogFilePrefix: !Sub "${ProwlerReportBucket}/"
-      LifecycleConfiguration:
-        Rules:
-          - Id: AutoDelete
-            Status: Enabled
-            NoncurrentVersionExpirationInDays: 30
-            ExpirationInDays: 365
-            Transition:
-              TransitionInDays: 30
-              StorageClass: STANDARD_IA
-
-  ReportBucketPolicy:
-    Type: "AWS::S3::BucketPolicy"
-    Properties:
-      Bucket: !Ref ReportBucket
-      PolicyDocument:
-        Statement:
-          - Sid: DenyDelete
-            Effect: Deny
-            Principal: "*"
-            Action: s3:Delete*
-            Resource:
-              - !Sub "${ReportBucket.Arn}/*"
-          - Sid: S3ForceSSL
-            Effect: Deny
-            Principal: '*'
-            Action: '*'
-            Resource:
-              - !Join ['', ['arn:aws:s3:::', !Ref 'ReportBucket', '/*']]
-            Condition:
-              Bool:
-                aws:SecureTransport: 'false' 
-          - Sid: ForceUploadEcryption
-            Effect: Deny
-            Principal: '*'
-            Action: 's3:PutObject'
-            Condition:
-              'Null':
-                s3:x-amz-server-side-encryption: 'true'
-            Resource:
-              - !Sub "${ReportBucket.Arn}"
-              - !Sub "${ReportBucket.Arn}/*"
-
-  InstanceProfile:
-    Type: AWS::IAM::InstanceProfile
-    Properties:
-      Path: "/"
-      Roles:
-        - !Ref InstanceRole
-
-  InstanceRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Path: "/"
-      RoleName: !Sub "${ServiceName}-prowler-role"
-      MaxSessionDuration: 10800
-      AssumeRolePolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          - Effect: Allow
-            Principal:
-              Service:
-                - ec2.amazonaws.com
-            Action:
-              - sts:AssumeRole
-      ManagedPolicyArns:
-        - "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"
-        - "arn:aws:iam::aws:policy/SecurityAudit"
-        - 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore'
-      Policies:
-        - PolicyName: ProwlerAdditionsPolicy
-          PolicyDocument:
-            Version: 2012-10-17
-            Statement:
-              - Sid: AllowMoreReadForProwler
-                Action:
-                  - "access-analyzer:List*"
-                  - "apigateway:Get*"
-                  - "apigatewayv2:Get*"
-                  - "aws-marketplace:ViewSubscriptions"
-                  - "dax:ListTables"
-                  - "ds:ListAuthorizedApplications"
-                  - "ds:DescribeRoles"
-                  - "ec2:GetEbsEncryptionByDefault"
-                  - "ecr:Describe*"
-                  - "lambda:GetAccountSettings"
-                  - "lambda:GetFunction"
-                  - "lambda:GetFunctionConfiguration"
-                  - "lambda:GetLayerVersionPolicy"
-                  - "lambda:GetPolicy"
-                  - "opsworks-cm:Describe*"
-                  - "opsworks:Describe*"
-                  - "secretsmanager:ListSecretVersionIds"
-                  - "sns:List*"
-                  - "sqs:ListQueueTags"
-                  - "states:ListActivities"
-                  - "support:Describe*"
-                  - "tag:GetTagKeys"
-                Effect: "Allow"
-                Resource: "*"
-        - PolicyName: LogGroup
-          PolicyDocument:
-            Version: 2012-10-17
-            Statement:
-              - Effect: Allow
-                Action:
-                  - logs:CreateLogStream
-                  - logs:CreateLogGroup
-                  - logs:PutLogEvents
-                Resource: !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:${ProwlerLogGroup}:*'
-        - PolicyName: CloudWatchMetrics
-          PolicyDocument:
-            Version: 2012-10-17
-            Statement:
-              - Effect: Allow
-                Action:
-                  - cloudwatch:PutMetricData
-                Resource: "*"
-        - PolicyName: ProwlerMaintenancePolicy
-          PolicyDocument:
-            Version: "2012-10-17"
-            Statement:
-              # - Sid: AllowAssumeProwlerRole
-              #   Effect: Allow
-              #   Action:
-              #     - "sts:AssumeRole"
-              #   Resource: !Sub "arn:aws:iam::${AWS::AccountId}:role/application/prod-prowler-role"
-              - Sid: AllowScaleDownAutoScalingGroup
-                Effect: Allow
-                Action:
-                  - "autoscaling:DescribeAutoScalingGroups"
-                  - "autoscaling:DescribeAutoScalingInstances"
-                  - "autoscaling:SetDesiredCapacity"
-                Resource: "*"
-              - Sid: AllowDescribeRegions
-                Effect: Allow
-                Action:
-                  - "ec2:DescribeRegions"
-                Resource: "*"
-              - Sid: SSMSessionManager
-                Effect: Allow
-                Action:
-                  - ec2messages:*
-                  - ssmmessages:*
-                  - ssm:*
-                Resource: "*"
-              # - Sid: SlackNotification
-              #   Effect: Allow
-              #   Action:
-              #     - events:PutEvents
-              #   Resource: !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/default"
-              - Sid: AllowUploadReport
-                Effect: Allow
-                Action:
-                  - "s3:PutObject"
-                Resource:
-                  - !Sub "${ReportBucket.Arn}/*"
-  
-  ProwlerLogGroup:
-    Type: 'AWS::Logs::LogGroup'
-    Properties:
-      LogGroupName: !Sub "${ServiceName}-${AWS::StackName}"
-      RetentionInDays: !Ref LogsRetentionInDays
-
-  Ec2InstanceLaunchTemplate:
-    Type: AWS::EC2::LaunchTemplate
-    Metadata:
-      AWS::CloudFormation::Init:
-        config:
-          files:
-            /opt/prowler.sh:
-              content: !Sub |
-                #!/usr/bin/env bash
-                set -e
-
-                # export AWS_DEFAULT_REGION=${AWS::Region}
-                # export AWS_PARTITION=aws
-
-                # declare -A ACCOUNTS
-                # ACCOUNTS[ssvc]='798980982229'
-                # ACCOUNTS[prod]='579842252590'
-                # ACCOUNTS[uat]='990839841794'
-
-                # TOKEN=$(curl -s -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 360" "http://169.254.169.254/latest/api/token")
-                # INSTANCE_ID=$(curl -s -H "X-aws-ec2-metadata-token:$TOKEN" "http://169.254.169.254/latest/meta-data/instance-id")
-                # ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text)
-                # ENVIRONMENT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`ScanTarget`]|[0].Value' --output text)
-
-                # PROWLER_REPORT="${!ENVIRONMENT}_prowler_report_$(date +%d%m%Y).csv"
-                # REPORT_S3_LOCATION="${ReportBucket}"
-
-                # cd /opt/prowler
-                # /opt/prowler/prowler -f eu-west-1 -c check12 -M text,html,csv
-                # aws s3 cp --sse AES256 /opt/prowler/prowler/output/*.{html,csv} s3://$REPORT_S3_LOCATION/
-
-                # /opt/prowler/prowler -A "${!ACCOUNTS[$ENVIRONMENT]}" \
-                #   -R "application/${!ENVIRONMENT}-prowler-role" \
-                #   -T 10800 \
-                #   -m 500 \
-                #   -r ${AWS::Region} \
-                #   -E extra79,extra710,extra712,extra757,extra758,extra770,extra774 \
-                #   -b -q -M csv | tee -a $PROWLER_REPORT
-
-                # Upload to S3
-                # aws s3 cp $PROWLER_REPORT $REPORT_S3_LOCATION --sse
-
-                # Send Slack notification
-                # message="Prowler scan for \`${!ENVIRONMENT}\` completed. Please check report from \`${!REPORT_S3_LOCATION}\`."
-                # aws events put-events --entries "[{\"Source\":\"myorg:slack\",\"DetailType\":\"hello\",\"Detail\":\"{\\\"username\\\":\\\"Prowler Scanner\\\",\\\"avatar\\\":\\\":aws:\\\",\\\"channel\\\":\\\"#t-fs-calabash\\\",\\\"text\\\":\\\"${!message}\\\"}\"}]"
-
-                # Scale Down Auto Scaling Group
-                # aws autoscaling set-desired-capacity --auto-scaling-group-name $ASG_NAME --desired-capacity 0
-              mode: '000755'
-              owner: root
-              group: root
-    Properties:
-      LaunchTemplateData:
-        SecurityGroupIds: !Ref SecurityGroupIds
-        MetadataOptions:
-          HttpEndpoint: enabled
-          HttpTokens: optional
-        TagSpecifications:
-          - ResourceType: instance
-            Tags:
-              - Key: Name
-                Value: !Ref 'AWS::StackName'
-        UserData:
-          Fn::Base64: !Sub |
-            #cloud-config
-            runcmd:
-              - while ! curl --connect-timeout 1 -s http://169.254.169.254/ > /dev/null; do echo "-- waiting for instance network to wake up ..."; done
-              - /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource Ec2InstanceLaunchTemplate --region ${AWS::Region}
-              - yum update -y
-              - yum install -y python3-pip git jq
-              - pip3 install detect-secrets
-              - git clone https://github.com/toniblyx/prowler.git /opt/prowler
-              - export AWS_DEFAULT_REGION=${AWS::Region}
-              - export REPORT_S3_LOCATION=${ReportBucket}
-              - export TOKEN=$(curl -s -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 360" "http://169.254.169.254/latest/api/token")
-              - export INSTANCE_ID=$(curl -s -H "X-aws-ec2-metadata-token:$TOKEN" "http://169.254.169.254/latest/meta-data/instance-id")
-              - export ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text)
-              - export ENVIRONMENT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`ScanTarget`]|[0].Value' --output text)
-              - cd /opt/prowler
-              - /opt/prowler/prowler -f eu-west-1 -c check12 -M text,html,csv
-              - aws s3 cp --sse AES256 /opt/prowler/prowler/output/*.{html,csv} s3://$REPORT_S3_LOCATION/
-              - aws autoscaling set-desired-capacity --auto-scaling-group-name $ASG_NAME --desired-capacity 0
-              - /opt/aws/bin/cfn-signal -e 0 --stack ${AWS::StackName} --resource ASGroup --region ${AWS::Region}
-        InstanceInitiatedShutdownBehavior: terminate
-        IamInstanceProfile:
-          Name: !Ref InstanceProfile
-        KeyName: !Ref 'Ec2InstanceKeyName'
-        ImageId: !Ref 'Ec2ImageId'
-        InstanceType: !Ref ProwlerInstanceType
-        BlockDeviceMappings:
-        - DeviceName: /dev/xvda
-          Ebs:
-            Encrypted: true
-            KmsKeyId: alias/aws/ebs
-            VolumeType: standard
-            DeleteOnTermination: true
-            VolumeSize: 8
-        InstanceMarketOptions:
-          MarketType: spot
-          SpotOptions:
-            SpotInstanceType: one-time
-            MaxPrice: 0.006
-
-  ProwlerAutoScalingGroup:
-    Type: AWS::AutoScaling::AutoScalingGroup
-    UpdatePolicy:
-      AutoScalingReplacingUpdate:
-        WillReplace: true
-    Properties:
-      VPCZoneIdentifier: !Ref SubnetIds
-      LaunchTemplate:
-        LaunchTemplateId: !Ref 'Ec2InstanceLaunchTemplate'
-        Version: !GetAtt 'Ec2InstanceLaunchTemplate.LatestVersionNumber'
-      MinSize: 1
-      MaxSize: 1
-      HealthCheckGracePeriod: 300
-      HealthCheckType: EC2
-      Tags:
-        - Key: Name
-          Value: !Sub "${AWS::StackName}"
-          PropagateAtLaunch: true
-
-  ProwlerScheduledScaleUp:
-    Type: AWS::AutoScaling::ScheduledAction
-    Properties:
-      AutoScalingGroupName: !Ref ProwlerAutoScalingGroup
-      DesiredCapacity: 1
-      MaxSize: 1
-      MinSize: 0
-      Recurrence: !Ref ProwlerSchedule
-
-Outputs:
-  ReportBucket:
-    Description: Report Bucket Name
-    Value: !Ref 'ReportBucket'
-    Export:
-      Name: !Sub 'prowler-reports-${AWS::Region}-${AWS::AccountId}'