class DataCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = DataCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'DataCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName': "AWS-Data-Collector",
'jobUuid': "pacman-aws-inventory-jar-with-dependencies",
'jobType': "jar",
'jobDesc': "AWS-Data-Collection",
'environmentVariables': [
{'name': "REDSHIFT_INFO", 'value': RedshiftCluster.get_redshift_info()},
{'name': "REDSHIFT_URL", 'value': RedshiftCluster.get_redshift_url()}
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile.cso.pacman"},
{'encrypt': False, 'key': "accountinfo", 'value': AwsAccount.get_output_attr('account_id')},
{'encrypt': False, 'key': "base-account", 'value': AwsAccount.get_output_attr('account_id')},
{'encrypt': False, 'key': "discovery-role", 'value': BaseRole.get_output_attr('name')},
{'encrypt': False, 'key': "s3", 'value': BucketStorage.get_output_attr('bucket')},
{'encrypt': False, 'key': "s3-data", 'value': "inventory"}, # TODO: need to be changed with s3obj class
{'encrypt': False, 'key': "s3-processed", 'value': "backup"},
{'encrypt': False, 'key': "s3-role", 'value': BaseRole.get_output_attr('name')},
{'encrypt': False, 'key': "s3-region", 'value': AwsRegion.get_output_attr('name')},
{'encrypt': False, 'key': "file-path", 'value': "/home/ec2-user/data"},
{'encrypt': False, 'key': "base-region", 'value': AwsRegion.get_output_attr('name')}
]
})
class CloudNotificationCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = CloudNotificationCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'CloudNotificationCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName': "aws-cloud-notification-collector",
'jobUuid': "pacman-cloud-notifications-jar-with-dependencies",
'jobType': "jar",
'jobDesc': "Health Notification Collector",
'environmentVariables': [
{'name': "CONFIG_URL", 'value': ApplicationLoadBalancer.get_api_base_url() + "/config/api/prd/latest"},
{'name': "PACMAN_API_URI", 'value': ApplicationLoadBalancer.get_api_base_url()},
{'name': "LOGGING_ES_HOST_NAME", 'value': ESDomain.get_http_url_with_port()},
{'name': "ES_URI", 'value': ESDomain.get_http_url_with_port()},
{'name': "ENVIRONMENT", 'value': "prd"},
{'name': "APP_NAME", 'value': "aws-cloud-notification-collector"},
{'name': "APP_TYPE", 'value': "etl"},
{'name': "BASE_AWS_ACCOUNT", 'value': AwsAccount.get_output_attr('account_id')},
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile"},
{'encrypt': False, 'key': "config_creds", 'value': "dXNlcjpwYWNtYW4="},
{'encrypt': False, 'key': "conf_src", 'value': "api-prd,application-prd"},
]
})
class RecommendationsCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = RecommendationsCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'RecommendationsCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName': "aws-recommendations-collector",
'jobUuid': "recommendation-enricher-jar-with-dependencies",
'jobType': "jar",
'jobDesc': "Index trusted advisor checks as recommendations",
'environmentVariables': [
{'name': "CONFIG_URL", 'value': ApplicationLoadBalancer.get_api_base_url() + "/config/batch,recommendation-enricher/prd/latest"},
{'name': "PACMAN_API_URI", 'value': ApplicationLoadBalancer.get_api_base_url()},
{'name': "LOGGING_ES_HOST_NAME", 'value': ESDomain.get_http_url_with_port()},
{'name': "ES_URI", 'value': ESDomain.get_http_url_with_port()},
{'name': "ENVIRONMENT", 'value': "prd"},
{'name': "APP_NAME", 'value': "aws-recommendations-collector"},
{'name': "APP_TYPE", 'value': "etl"},
{'name': "HEIMDALL_URI", 'value': ESDomain.get_http_url_with_port()},
{'name': "BASE_AWS_ACCOUNT", 'value': AwsAccount.get_output_attr('account_id')},
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile.cso.pacbot"},
{'encrypt': False, 'key': "config_creds", 'value': "dXNlcjpwYWNtYW4="},
]
})
class SubmitAndRuleEngineJobDefinition(BatchJobDefinitionResource):
name = 'rule-engine'
jd_type = 'container'
attempts = 2
container_properties = json.dumps({
'command': [
"~/fetch_and_run.sh",
"Ref::executableName",
"Ref::params",
"Ref::jvmMemParams",
"Ref::ruleEngineExecutableName",
"Ref::entryPoint"
],
'image': RuleEngineEcrRepository.get_output_attr('repository_url'),
'memory': 5000,
'vcpus': 1,
'environment': [
{'name': "ES_HOST", 'value': ESDomain.get_http_url_with_port()},
{'name': "BASE_AWS_ACCOUNT", 'value': AwsAccount.get_output_attr('account_id')},
{'name': "ES_URI", 'value': ESDomain.get_http_url_with_port()},
{'name': "HEIMDALL_URI", 'value': ESDomain.get_http_url_with_port()},
{'name': "PACMAN_API_URI", 'value': ApplicationLoadBalancer.get_api_base_url()}
]
})
def post_terraform_destroy(self):
delete_task_definition(
Settings.AWS_ACCESS_KEY,
Settings.AWS_SECRET_KEY,
Settings.AWS_REGION,
self.get_input_attr('name')
)
class DataCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = DataCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'DataCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName': "AWS-Data-Collector",
'jobUuid': "pacman-aws-inventory-jar-with-dependencies",
'jobType': "jar",
'jobDesc': "AWS-Data-Collection",
'environmentVariables': [
{'name': "CONFIG_URL", 'value': ApplicationLoadBalancer.get_api_base_url() + "/config/batch,inventory/prd/latest"},
{'name': "CONFIG_CREDENTIALS", 'value': "dXNlcjpwYWNtYW4="},
{'name': "CONFIG_SERVICE_URL", 'value': ApplicationLoadBalancer.get_http_url() + "/api/config/rule/prd/latest"}
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile.cso.pacman"},
{'encrypt': False, 'key': "config_creds", 'value': "dXNlcjpwYWNtYW4="},
{'encrypt': False, 'key': "accountinfo", 'value': AwsAccount.get_output_attr('account_id')},
# {'encrypt': False, 'key': "base-account", 'value': AwsAccount.get_output_attr('account_id')},
# {'encrypt': False, 'key': "discovery-role", 'value': BaseRole.get_output_attr('name')},
# {'encrypt': False, 'key': "s3", 'value': BucketStorage.get_output_attr('bucket')},
# {'encrypt': False, 'key': "s3-data", 'value': "inventory"}, # TODO: need to be changed with s3obj class
# {'encrypt': False, 'key': "s3-processed", 'value': "backup"},
# {'encrypt': False, 'key': "s3-role", 'value': BaseRole.get_output_attr('name')},
# {'encrypt': False, 'key': "s3-region", 'value': AwsRegion.get_output_attr('name')},
# {'encrypt': False, 'key': "file-path", 'value': "/home/ec2-user/data"},
# {'encrypt': False, 'key': "base-region", 'value': AwsRegion.get_output_attr('name')}
]
})
class ECSRolePolicyDocument(iam.IAMPolicyDocumentData):
statement = [
{
'actions': ["sts:AssumeRole"],
'principals': {
'type': "Service",
'identifiers': [
"ec2.amazonaws.com",
"ecs-tasks.amazonaws.com",
"ssm.amazonaws.com"
]
}
},
{
'actions': ["sts:AssumeRole"],
'principals': {
'type': "AWS",
'identifiers': [
"arn:aws:iam::" + AwsAccount.get_output_attr('account_id') + ":root"
]
},
'condition': {
'test': "Bool",
'variable': "aws:MultiFactorAuthPresent",
'values': ["false"]
}
}
]
class SubmitAndRuleEngineJobDefinition(BatchJobDefinitionResource):
name = 'rule-engine'
jd_type = 'container'
attempts = 2
container_properties = json.dumps({
'command': [
"~/fetch_and_run.sh", "Ref::executableName", "Ref::params",
"Ref::jvmMemParams", "Ref::ruleEngineExecutableName",
"Ref::entryPoint"
],
'image':
RuleEngineEcrRepository.get_output_attr('repository_url'),
'memory':
5000,
'vcpus':
1,
'environment': [{
'name': "ES_HOST",
'value': ESDomain.get_http_url_with_port()
}, {
'name': "BASE_AWS_ACCOUNT",
'value': AwsAccount.get_output_attr('account_id')
}, {
'name': "ES_URI",
'value': ESDomain.get_http_url_with_port()
}, {
'name': "HEIMDALL_URI",
'value': ESDomain.get_http_url_with_port()
}, {
'name': "PACMAN_API_URI",
'value': ApplicationLoadBalancer.get_api_base_url()
}, {
'name': "CONFIG_CREDENTIALS",
'value': "dXNlcjpwYWNtYW4="
}, {
'name':
"CONFIG_SERVICE_URL",
'value':
ApplicationLoadBalancer.get_http_url() +
"/api/config/rule/prd/latest"
}]
})
def post_terraform_destroy(self):
deregister_task_definition(Settings.AWS_ACCESS_KEY,
Settings.AWS_SECRET_KEY,
Settings.AWS_REGION,
self.get_input_attr('name'))
def pre_terraform_destroy(self):
compute_env = RuleEngineBatchJobEnv.get_input_attr(
'compute_environment_name')
job_definition = self.get_input_attr('name')
utils.remove_batch_job_related_resources(compute_env, job_definition)
class DataCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = DataCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'DataCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName':
"AWS-Data-Collector",
'jobUuid':
"pacman-aws-inventory-jar-with-dependencies",
'jobType':
"jar",
'jobDesc':
"AWS-Data-Collection",
'environmentVariables': [{
'name':
"CONFIG_URL",
'value':
ApplicationLoadBalancer.get_api_base_url() +
"/config/batch,inventory/prd/latest"
}, {
'name': "CONFIG_CREDENTIALS",
'value': "dXNlcjpwYWNtYW4="
}, {
'name':
"CONFIG_SERVICE_URL",
'value':
ApplicationLoadBalancer.get_http_url() +
"/api/config/rule/prd/latest"
}],
'params': [
{
'encrypt': False,
'key': "package_hint",
'value': "com.tmobile.cso.pacman"
},
{
'encrypt': False,
'key': "config_creds",
'value': "dXNlcjpwYWNtYW4="
},
{
'encrypt': False,
'key': "accountinfo",
'value': AwsAccount.get_output_attr('account_id')
},
]
})
def get_provisioners(self):
script = os.path.join(get_terraform_scripts_dir(),
'sql_replace_placeholder.py')
db_user_name = MySQLDatabase.get_input_attr('username')
db_password = MySQLDatabase.get_input_attr('password')
db_host = MySQLDatabase.get_output_attr('endpoint')
local_execs = [{
'local-exec': {
'command': script,
'environment': {
'AWS_REGION': AwsRegion.get_output_attr('name'),
'AWS_ACCOUNT_ID': AwsAccount.get_output_attr('account_id'),
'ES_HOST': ESDomain.get_http_url(),
'ES_PORT': ESDomain.get_es_port(),
'SQL_FILE_PATH': self.dest_file
},
'interpreter': [Settings.PYTHON_INTERPRETER]
}
}]
return local_execs
def get_provisioners(self):
script = os.path.join(get_terraform_scripts_dir(), 'sql_replace_placeholder.py')
db_user_name = MySQLDatabase.get_input_attr('username')
db_password = MySQLDatabase.get_input_attr('password')
db_host = MySQLDatabase.get_output_attr('endpoint')
local_execs = [
{
'local-exec': {
'command': script,
'environment': {
'SQL_FILE_PATH': self.dest_file,
'ENV_region': AwsRegion.get_output_attr('name'),
'ENV_account': AwsAccount.get_output_attr('account_id'),
'ENV_eshost': ESDomain.get_http_url(),
'ENV_esport': ESDomain.get_es_port(),
'ENV_LOGGING_ES_HOST_NAME': ESDomain.get_output_attr('endpoint'),
'ENV_LOGGING_ES_PORT': str(ESDomain.get_es_port()),
'ENV_ES_HOST_NAME': ESDomain.get_output_attr('endpoint'),
'ENV_ES_PORT': str(ESDomain.get_es_port()),
'ENV_ES_CLUSTER_NAME': ESDomain.get_input_attr('domain_name'),
'ENV_ES_PORT_ADMIN': str(ESDomain.get_es_port()),
'ENV_ES_HEIMDALL_HOST_NAME': ESDomain.get_output_attr('endpoint'),
'ENV_ES_HEIMDALL_PORT': str(ESDomain.get_es_port()),
'ENV_ES_HEIMDALL_CLUSTER_NAME': ESDomain.get_input_attr('domain_name'),
'ENV_ES_HEIMDALL_PORT_ADMIN': str(ESDomain.get_es_port()),
'ENV_ES_UPDATE_HOST': ESDomain.get_output_attr('endpoint'),
'ENV_ES_UPDATE_PORT': str(ESDomain.get_es_port()),
'ENV_ES_UPDATE_CLUSTER_NAME': ESDomain.get_input_attr('domain_name'),
'ENV_PACMAN_HOST_NAME': ApplicationLoadBalancer.get_http_url(),
'ENV_RDS_URL': MySQLDatabase.get_rds_db_url(),
'ENV_RDS_USERNAME': MySQLDatabase.get_input_attr('username'),
'ENV_RDS_PASSWORD': MySQLDatabase.get_input_attr('password'),
'ENV_JOB_BUCKET_REGION': AwsRegion.get_output_attr('name'),
'ENV_RULE_JOB_BUCKET_NAME': BucketStorage.get_output_attr('bucket'),
'ENV_JOB_LAMBDA_REGION': AwsRegion.get_output_attr('name'),
'ENV_JOB_FUNCTION_NAME': SubmitJobLambdaFunction.get_input_attr('function_name'),
'ENV_JOB_FUNCTION_ARN': SubmitJobLambdaFunction.get_output_attr('arn'),
'ENV_RULE_BUCKET_REGION': AwsRegion.get_output_attr('name'),
'ENV_RULE_JOB_BUCKET_NAME': BucketStorage.get_output_attr('bucket'),
'ENV_RULE_LAMBDA_REGION': AwsRegion.get_output_attr('name'),
'ENV_RULE_FUNCTION_NAME': RuleEngineLambdaFunction.get_input_attr('function_name'),
'ENV_RULE_FUNCTION_ARN': RuleEngineLambdaFunction.get_output_attr('arn'),
'ENV_CLOUD_INSIGHTS_TOKEN_URL': "http://localhost",
'ENV_CLOUD_INSIGHTS_COST_URL': "http://localhost",
'ENV_SVC_CORP_USER_ID': "testid",
'ENV_SVC_CORP_PASSWORD': "******",
'ENV_CERTIFICATE_FEATURE_ENABLED': "false",
'ENV_PATCHING_FEATURE_ENABLED': "false",
'ENV_VULNERABILITY_FEATURE_ENABLED': str(Settings.get('ENABLE_VULNERABILITY_FEATURE', False)).lower(),
'ENV_MAIL_SERVER': Settings.MAIL_SERVER,
'ENV_PACMAN_S3': "pacman-email-templates",
'ENV_DATA_IN_DIR': "inventory",
'ENV_DATA_BKP_DIR': "backup",
'ENV_PAC_ROLE': BaseRole.get_input_attr('name'),
'ENV_BASE_REGION': AwsRegion.get_output_attr('name'),
'ENV_DATA_IN_S3': BucketStorage.get_output_attr('bucket'),
'ENV_BASE_ACCOUNT': AwsAccount.get_output_attr('account_id'),
'ENV_PAC_RO_ROLE': BaseRole.get_input_attr('name'),
'ENV_MAIL_SERVER_PORT': Settings.MAIL_SERVER_PORT,
'ENV_MAIL_PROTOCOL': Settings.MAIL_PROTOCOL,
'ENV_MAIL_SERVER_USER': Settings.MAIL_SERVER_USER,
'ENV_MAIL_SERVER_PWD': Settings.MAIL_SERVER_PWD,
'ENV_MAIL_SMTP_AUTH': Settings.MAIL_SMTP_AUTH,
'ENV_MAIL_SMTP_SSL_ENABLE': Settings.MAIL_SMTP_SSL_ENABLE,
'ENV_MAIL_SMTP_SSL_TEST_CONNECTION': Settings.MAIL_SMTP_SSL_TEST_CONNECTION,
'ENV_PACMAN_LOGIN_USER_NAME': "*****@*****.**",
'ENV_PACMAN_LOGIN_PASSWORD': "******",
'ENV_CONFIG_CREDENTIALS': "dXNlcjpwYWNtYW4=",
'ENV_CONFIG_SERVICE_URL': ApplicationLoadBalancer.get_http_url() + "/api/config/rule/prd/latest",
'ENV_PACBOT_AUTOFIX_RESOURCEOWNER_FALLBACK_MAILID': Settings.get('USER_EMAIL_ID', ""),
'ENV_QUALYS_INFO': Settings.get('QUALYS_INFO', ""),
'ENV_QUALYS_API_URL': Settings.get('QUALYS_API_URL', "")
},
'interpreter': [Settings.PYTHON_INTERPRETER]
}
}
]
return local_execs