Skip to content

Commit

Permalink
new: added policy ecc-aws-576-ec2_instance_dedicated_tenancy
Browse files Browse the repository at this point in the history
  • Loading branch information
@anna-shcherbak
anna-shcherbak committed Sep 25, 2023
1 parent 4ad2fb0 commit bb3e948
Show file tree
Hide file tree
Showing 13 changed files with 590 additions and 0 deletions.
20 changes: 20 additions & 0 deletions policies/ecc-aws-576-ec2_instance_dedicated_tenancy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Copyright (c) 2023 EPAM Systems, Inc.
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.


policies:
- name: ecc-aws-576-ec2_instance_dedicated_tenancy
comment: '010006032000'
description: |
Amazon EC2 instances with dedicated tenancy
resource: aws.ec2
filters:
- type: value
key: Placement.Tenancy
op: in
value:
- dedicated
- host
46 changes: 46 additions & 0 deletions terraform/ecc-aws-576-ec2_instance_dedicated_tenancy/green/ec2.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
resource "aws_instance" "this" {
ami = data.aws_ami.this.id
instance_type = "a1.medium"
vpc_security_group_ids = ["${aws_security_group.this.id}"]
subnet_id = data.aws_subnets.this.ids[0]
tags = {
Name = "576_instance_green"
}
}

data "aws_ami" "this" {
most_recent = true
owners = ["amazon"]
filter {
name = "architecture"
values = ["arm64"]
}
filter {
name = "name"
values = ["amzn2-ami-hvm*"]
}
}

data "aws_vpc" "default" {
default = true
}

data "aws_subnets" "this" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default.id]
}
}

resource "aws_security_group" "this" {
name = "576_sg_green"
description = "576_sg_green"
vpc_id = data.aws_vpc.default.id

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
20 changes: 20 additions & 0 deletions terraform/ecc-aws-576-ec2_instance_dedicated_tenancy/green/provider.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4"
}
}
}

provider "aws" {
profile = var.profile
region = var.default-region

default_tags {
tags = {
CustodianRule = "ecc-aws-576-ec2_instance_dedicated_tenancy"
ComplianceStatus = "Green"
}
}
}
2 changes: 2 additions & 0 deletions terraform/ecc-aws-576-ec2_instance_dedicated_tenancy/green/terraform.tfvars
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
profile = "c7n"
default-region = "us-east-1"
9 changes: 9 additions & 0 deletions terraform/ecc-aws-576-ec2_instance_dedicated_tenancy/green/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
variable "default-region" {
type = string
description = "Default region for resources will be created"
}

variable "profile" {
type = string
description = "Profile name configured before running apply"
}
12 changes: 12 additions & 0 deletions terraform/ecc-aws-576-ec2_instance_dedicated_tenancy/iam/576-policy.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances"
],
"Resource": "*"
}
]
}
47 changes: 47 additions & 0 deletions terraform/ecc-aws-576-ec2_instance_dedicated_tenancy/red/ec2.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
resource "aws_instance" "this" {
ami = data.aws_ami.this.id
instance_type = "a1.medium"
vpc_security_group_ids = ["${aws_security_group.this.id}"]
subnet_id = data.aws_subnets.this.ids[0]
tenancy = "dedicated"
tags = {
Name = "576_instance_red"
}
}

data "aws_ami" "this" {
most_recent = true
owners = ["amazon"]
filter {
name = "architecture"
values = ["arm64"]
}
filter {
name = "name"
values = ["amzn2-ami-hvm*"]
}
}

data "aws_vpc" "default" {
default = true
}

data "aws_subnets" "this" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default.id]
}
}

resource "aws_security_group" "this" {
name = "576_sg_red"
description = "576_sg_red"
vpc_id = data.aws_vpc.default.id

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
20 changes: 20 additions & 0 deletions terraform/ecc-aws-576-ec2_instance_dedicated_tenancy/red/provider.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4"
}
}
}

provider "aws" {
profile = var.profile
region = var.default-region

default_tags {
tags = {
CustodianRule = "ecc-aws-576-ec2_instance_dedicated_tenancy"
ComplianceStatus = "Red"
}
}
}
2 changes: 2 additions & 0 deletions terraform/ecc-aws-576-ec2_instance_dedicated_tenancy/red/terraform.tfvars
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
profile = "c7n"
default-region = "us-east-1"
9 changes: 9 additions & 0 deletions terraform/ecc-aws-576-ec2_instance_dedicated_tenancy/red/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
variable "default-region" {
type = string
description = "Default region for resources will be created"
}

variable "profile" {
type = string
description = "Profile name configured before running apply"
}
199 changes: 199 additions & 0 deletions tests/ecc-aws-576-ec2_instance_dedicated_tenancy/placebo-green/ec2.DescribeInstances_1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,199 @@
{
"status_code": 200,
"data": {
"Reservations": [
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-0c3176eab51aef17b",
"InstanceId": "i-034819c878399dd8f",
"InstanceType": "a1.medium",
"LaunchTime": {
"__class__": "datetime",
"year": 2023,
"month": 9,
"day": 25,
"hour": 9,
"minute": 32,
"second": 47,
"microsecond": 0
},
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "us-east-1c",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-172-31-84-218.ec2.internal",
"PrivateIpAddress": "172.31.84.218",
"ProductCodes": [],
"PublicDnsName": "ec2-44-201-150-77.compute-1.amazonaws.com",
"PublicIpAddress": "44.201.150.77",
"State": {
"Code": 16,
"Name": "running"
},
"StateTransitionReason": "",
"SubnetId": "subnet-cd582ec",
"VpcId": "vpc-ad982874d0",
"Architecture": "arm64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"AttachTime": {
"__class__": "datetime",
"year": 2023,
"month": 9,
"day": 25,
"hour": 9,
"minute": 32,
"second": 48,
"microsecond": 0
},
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-07e3cace702504c69"
}
}
],
"ClientToken": "terraform-20230925093245651100000001",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-44-201-150-77.compute-1.amazonaws.com",
"PublicIp": "44.201.150.77"
},
"Attachment": {
"AttachTime": {
"__class__": "datetime",
"year": 2023,
"month": 9,
"day": 25,
"hour": 9,
"minute": 32,
"second": 47,
"microsecond": 0
},
"AttachmentId": "eni-attach-0657a09b2b6b9a5a8",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attached",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "576_sg_green",
"GroupId": "sg-043109728735e5c8"
}
],
"Ipv6Addresses": [],
"MacAddress": "12:e2:e0:e7:6b:d5",
"NetworkInterfaceId": "eni-0b16667b4ebec488f",
"OwnerId": "644160558196",
"PrivateDnsName": "ip-172-31-84-218.ec2.internal",
"PrivateIpAddress": "172.31.84.218",
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-44-201-150-77.compute-1.amazonaws.com",
"PublicIp": "44.201.150.77"
},
"Primary": true,
"PrivateDnsName": "ip-172-31-84-218.ec2.internal",
"PrivateIpAddress": "172.31.84.218"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-c572ec",
"VpcId": "vpc-ad975270",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "576_sg_green",
"GroupId": "sg-0427272635e5c8"
}
],
"SourceDestCheck": true,
"Tags": [
{
"Key": "ComplianceStatus",
"Value": "Green"
},
{
"Key": "CustodianRule",
"Value": "ecc-aws-576-ec2_instance_dedicated_tenancy"
},
{
"Key": "Name",
"Value": "576_instance_green"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 1,
"ThreadsPerCore": 1
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"HibernationOptions": {
"Configured": false
},
"MetadataOptions": {
"State": "applied",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "disabled"
},
"EnclaveOptions": {
"Enabled": false
},
"BootMode": "uefi",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"UsageOperationUpdateTime": {
"__class__": "datetime",
"year": 2023,
"month": 9,
"day": 25,
"hour": 9,
"minute": 32,
"second": 47,
"microsecond": 0
},
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
},
"MaintenanceOptions": {
"AutoRecovery": "default"
},
"CurrentInstanceBootMode": "uefi"
}
],
"OwnerId": "644160558196",
"ReservationId": "r-0f9c5e1ad17afe4c6"
}
],
"ResponseMetadata": {}
}
}
Loading

0 comments on commit bb3e948

Please sign in to comment.