def main(args): # If no parameters were passed in if len(args) == 1: rules = get_verification_rules.get_rules() else: # Parameter contains paths, e.g. ./verification_rules,./folder1/verification_rules rules = get_verification_rules.get_rules(args[1].split(",")) citizen_rules_cfn = common.get_template(RULES_TEMPLATE_BASE).replace( "{{citizen_rules}}", get_rules_cf(rules)) common.generate_file(TEMPLATE_DESTINATION, citizen_rules_cfn)
def main(): citizen_rules_cfn = get_temp(RULES_TEMP_BASE).replace( "{{citizen_rules}}", get_rules_cf(get_rules()) # get_rules_cf([{'description': 'Placeholder', 'name': 'check_root_access_keys' }]) ) generate_file(TEMP_DESTINATION, citizen_rules_cfn)
def get_cloud_formation_snippet(rules_location=None): """Generates a Lambda CloudFormation snippet for the proxy rules.""" snippet = "" if rules_location is None: rules = get_verification_rules.get_rules() else: rules = get_verification_rules.get_rules(rules_location) for rule in rules: template = \ """ Lambda{function_name}: Type: AWS::Lambda::Function Properties: FunctionName: !Sub "${Prefix}{function_name}" Description: {description} Handler: "{handler}" MemorySize: 512 Timeout: 300 Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/${Prefix}Watchmen" {env_vars} Code: S3Bucket: !Ref LambdaS3Bucket S3Key: "{zip_file}" Runtime: python2.7 LogGroup{function_name}: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Sub "/aws/lambda/${Prefix}{function_name}" RetentionInDays: !Ref RetentionInDays """ snippet += template.replace( "{function_name}", common.to_pascal_case(rule["name"])).replace( "{description}", rule["description"]).replace( "{handler}", rule["name"] + ".lambda_handler").replace( "{zip_file}", get_checksum_zip.get_checksum_zip( rule["name"])).replace( "{env_vars}", get_env_vars_snippet(rule["environment"])) return snippet
def main(args): """Opens a "template" file, substitutes values into it and then writes the contents to a new file. """ # If no parameters were passed in if len(args) == 1: rules = get_verification_rules.get_rules() else: # Parameter contains paths, e.g. ./verification_rules,./folder1/verification_rules rules = get_verification_rules.get_rules(args[1].split(",")) elasticsearch_cf = common.get_template(RULES_TEMPLATE_BASE).replace( "{{logs_to_elastic_search}}", get_checksum_zip.get_checksum_zip("logs_to_elastic_search")).replace( "{{roll_indexes}}", get_checksum_zip.get_checksum_zip("roll_indexes")).replace( "{{external_cidr}}", get_external_cidr.get_external_cidr()).replace( "{{rules-subscriptions}}", get_subscriptions_cf(rules)) common.generate_file(TEMPLATE_DESTINATION, elasticsearch_cf)
def main(): verification_rule_cf = get_temp( RULES_TEMP_BASE ).replace( # Update cf with each rule stack "{{verification_rules}}", get_rules_cf(get_rules()) ).replace( # Update S3 bucket policy to only allow access from company's IP address range "{{external_cidr}}", get_external_cidr()).replace("{{notifications_slack}}", get_notification_slack()).replace( "{{slack_channel_hook_url}}", get_slack_channel_hook_url()).replace( "{{notifications_email}}", get_notification_email()) generate_file(TEMP_DESTINATION, verification_rule_cf)
def main(): subscriptions_cf = get_temp( RULES_TEMP_BASE).replace( # Update cf with each rule subscription "{{rules-subscriptions}}", get_subscriptions_cf(get_rules())) generate_file(TEMP_DESTINATION, subscriptions_cf) # Creates the deployable CF file