def main(args):
# If no parameters were passed in
if len(args) == 1:
rules = get_verification_rules.get_rules()
else:
# Parameter contains paths, e.g. ./verification_rules,./folder1/verification_rules
rules = get_verification_rules.get_rules(args[1].split(","))
citizen_rules_cfn = common.get_template(RULES_TEMPLATE_BASE).replace(
"{{citizen_rules}}", get_rules_cf(rules))
common.generate_file(TEMPLATE_DESTINATION, citizen_rules_cfn)
def main():
citizen_rules_cfn = get_temp(RULES_TEMP_BASE).replace(
"{{citizen_rules}}",
get_rules_cf(get_rules())
# get_rules_cf([{'description': 'Placeholder', 'name': 'check_root_access_keys' }])
)
generate_file(TEMP_DESTINATION, citizen_rules_cfn)
def get_cloud_formation_snippet(rules_location=None):
"""Generates a Lambda CloudFormation snippet for the proxy rules."""
snippet = ""
if rules_location is None:
rules = get_verification_rules.get_rules()
else:
rules = get_verification_rules.get_rules(rules_location)
for rule in rules:
template = \
""" Lambda{function_name}:
Type: AWS::Lambda::Function
Properties:
FunctionName: !Sub "${Prefix}{function_name}"
Description: {description}
Handler: "{handler}"
MemorySize: 512
Timeout: 300
Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/${Prefix}Watchmen"
{env_vars} Code:
S3Bucket: !Ref LambdaS3Bucket
S3Key: "{zip_file}"
Runtime: python2.7
LogGroup{function_name}:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub "/aws/lambda/${Prefix}{function_name}"
RetentionInDays: !Ref RetentionInDays
"""
snippet += template.replace(
"{function_name}", common.to_pascal_case(rule["name"])).replace(
"{description}", rule["description"]).replace(
"{handler}", rule["name"] + ".lambda_handler").replace(
"{zip_file}",
get_checksum_zip.get_checksum_zip(
rule["name"])).replace(
"{env_vars}",
get_env_vars_snippet(rule["environment"]))
return snippet
def main(args):
"""Opens a "template" file, substitutes values into it and then writes
the contents to a new file.
"""
# If no parameters were passed in
if len(args) == 1:
rules = get_verification_rules.get_rules()
else:
# Parameter contains paths, e.g. ./verification_rules,./folder1/verification_rules
rules = get_verification_rules.get_rules(args[1].split(","))
elasticsearch_cf = common.get_template(RULES_TEMPLATE_BASE).replace(
"{{logs_to_elastic_search}}",
get_checksum_zip.get_checksum_zip("logs_to_elastic_search")).replace(
"{{roll_indexes}}",
get_checksum_zip.get_checksum_zip("roll_indexes")).replace(
"{{external_cidr}}",
get_external_cidr.get_external_cidr()).replace(
"{{rules-subscriptions}}", get_subscriptions_cf(rules))
common.generate_file(TEMPLATE_DESTINATION, elasticsearch_cf)
def main():
verification_rule_cf = get_temp(
RULES_TEMP_BASE
).replace( # Update cf with each rule stack
"{{verification_rules}}", get_rules_cf(get_rules())
).replace( # Update S3 bucket policy to only allow access from company's IP address range
"{{external_cidr}}",
get_external_cidr()).replace("{{notifications_slack}}",
get_notification_slack()).replace(
"{{slack_channel_hook_url}}",
get_slack_channel_hook_url()).replace(
"{{notifications_email}}",
get_notification_email())
generate_file(TEMP_DESTINATION, verification_rule_cf)
def main():
subscriptions_cf = get_temp(
RULES_TEMP_BASE).replace( # Update cf with each rule subscription
"{{rules-subscriptions}}", get_subscriptions_cf(get_rules()))
generate_file(TEMP_DESTINATION,
subscriptions_cf) # Creates the deployable CF file