forked from epam/ecc-aws-rulepack
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
new: added policy ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1
- Loading branch information
Astr1k
authored and
Astr1k
committed
Nov 15, 2023
1 parent
2a52539
commit cff94e1
Showing
13 changed files
with
203 additions
and
0 deletions.
There are no files selected for viewing
18 changes: 18 additions & 0 deletions
18
policies/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # Copyright (c) 2023 EPAM Systems, Inc. | ||
| # | ||
| # This Source Code Form is subject to the terms of the Mozilla Public | ||
| # License, v. 2.0. If a copy of the MPL was not distributed with this | ||
| # file, You can obtain one at http://mozilla.org/MPL/2.0/. | ||
|
|
||
|
|
||
| policies: | ||
| - name: ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1 | ||
| comment: '010007042000' | ||
| description: | | ||
| EBS volumes are type of io1 or io2 instead of gp3 | ||
| resource: aws.ebs | ||
| filters: | ||
| - type: value | ||
| key: VolumeType | ||
| op: regex | ||
| value: '(io1|io2)' |
12 changes: 12 additions & 0 deletions
12
terraform/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/green/ebs.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| resource "aws_ebs_volume" "this" { | ||
| availability_zone = data.aws_availability_zones.this.names[0] | ||
| size = 8 | ||
| type = "gp3" | ||
| tags = { | ||
| Name = "570-ebs_volume-green" | ||
| } | ||
| } | ||
|
|
||
| data "aws_availability_zones" "this" { | ||
| state = "available" | ||
| } |
20 changes: 20 additions & 0 deletions
20
terraform/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/green/provider.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| terraform { | ||
| required_providers { | ||
| aws = { | ||
| source = "hashicorp/aws" | ||
| version = "~> 4" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| provider "aws" { | ||
| profile = var.profile | ||
| region = var.default-region | ||
|
|
||
| default_tags { | ||
| tags = { | ||
| CustodianRule = "ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1" | ||
| ComplianceStatus = "Green" | ||
| } | ||
| } | ||
| } |
2 changes: 2 additions & 0 deletions
2
terraform/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/green/terraform.tfvars
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| profile = "c7n" | ||
| default-region = "us-east-1" |
9 changes: 9 additions & 0 deletions
9
terraform/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/green/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| variable "default-region" { | ||
| type = string | ||
| description = "Default region for resources will be created" | ||
| } | ||
|
|
||
| variable "profile" { | ||
| type = string | ||
| description = "Profile name configured before running apply" | ||
| } |
12 changes: 12 additions & 0 deletions
12
terraform/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/iam/570-policy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| { | ||
| "Version": "2012-10-17", | ||
| "Statement": [ | ||
| { | ||
| "Effect": "Allow", | ||
| "Action": [ | ||
| "ec2:DescribeVolumes" | ||
| ], | ||
| "Resource": "*" | ||
| } | ||
| ] | ||
| } |
13 changes: 13 additions & 0 deletions
13
terraform/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/red/ebs.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| resource "aws_ebs_volume" "this" { | ||
| availability_zone = data.aws_availability_zones.this.names[0] | ||
| size = 8 | ||
| type = "io1" | ||
| iops = 100 | ||
| tags = { | ||
| Name = "570-ebs_volume-red" | ||
| } | ||
| } | ||
|
|
||
| data "aws_availability_zones" "this" { | ||
| state = "available" | ||
| } |
20 changes: 20 additions & 0 deletions
20
terraform/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/red/provider.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| terraform { | ||
| required_providers { | ||
| aws = { | ||
| source = "hashicorp/aws" | ||
| version = "~> 4" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| provider "aws" { | ||
| profile = var.profile | ||
| region = var.default-region | ||
|
|
||
| default_tags { | ||
| tags = { | ||
| CustodianRule = "ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1" | ||
| ComplianceStatus = "Red" | ||
| } | ||
| } | ||
| } |
2 changes: 2 additions & 0 deletions
2
terraform/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/red/terraform.tfvars
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| profile = "c7n" | ||
| default-region = "us-east-1" |
9 changes: 9 additions & 0 deletions
9
terraform/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/red/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| variable "default-region" { | ||
| type = string | ||
| description = "Default region for resources will be created" | ||
| } | ||
|
|
||
| variable "profile" { | ||
| type = string | ||
| description = "Profile name configured before running apply" | ||
| } |
41 changes: 41 additions & 0 deletions
41
...s-570-ebs_volumes_are_of_type_gp3_instead_of_io1/placebo-green/ec2.DescribeVolumes_1.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| { | ||
| "status_code": 200, | ||
| "data": { | ||
| "Volumes": [ | ||
| { | ||
| "Attachments": [], | ||
| "AvailabilityZone": "us-east-1a", | ||
| "CreateTime": { | ||
| "__class__": "datetime", | ||
| "year": 2023, | ||
| "month": 11, | ||
| "day": 14, | ||
| "hour": 13, | ||
| "minute": 49, | ||
| "second": 12, | ||
| "microsecond": 551000 | ||
| }, | ||
| "Encrypted": false, | ||
| "Size": 8, | ||
| "SnapshotId": "", | ||
| "State": "available", | ||
| "VolumeId": "vol-012d727c7534061d4", | ||
| "Iops": 3000, | ||
| "Tags": [ | ||
| { | ||
| "Key": "ComplianceStatus", | ||
| "Value": "Green" | ||
| }, | ||
| { | ||
| "Key": "CustodianRule", | ||
| "Value": "ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1" | ||
| } | ||
| ], | ||
| "VolumeType": "gp3", | ||
| "MultiAttachEnabled": false, | ||
| "Throughput": 125 | ||
| } | ||
| ], | ||
| "ResponseMetadata": {} | ||
| } | ||
| } |
40 changes: 40 additions & 0 deletions
40
...aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/placebo-red/ec2.DescribeVolumes_1.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| { | ||
| "status_code": 200, | ||
| "data": { | ||
| "Volumes": [ | ||
| { | ||
| "Attachments": [], | ||
| "AvailabilityZone": "us-east-1a", | ||
| "CreateTime": { | ||
| "__class__": "datetime", | ||
| "year": 2023, | ||
| "month": 11, | ||
| "day": 14, | ||
| "hour": 14, | ||
| "minute": 1, | ||
| "second": 31, | ||
| "microsecond": 420000 | ||
| }, | ||
| "Encrypted": false, | ||
| "Size": 8, | ||
| "SnapshotId": "", | ||
| "State": "available", | ||
| "VolumeId": "vol-00926f59f3b171f3b", | ||
| "Iops": 100, | ||
| "Tags": [ | ||
| { | ||
| "Key": "ComplianceStatus", | ||
| "Value": "Red" | ||
| }, | ||
| { | ||
| "Key": "CustodianRule", | ||
| "Value": "ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1" | ||
| } | ||
| ], | ||
| "VolumeType": "io1", | ||
| "MultiAttachEnabled": false | ||
| } | ||
| ], | ||
| "ResponseMetadata": {} | ||
| } | ||
| } |
5 changes: 5 additions & 0 deletions
5
tests/ecc-aws-570-ebs_volumes_are_of_type_gp3_instead_of_io1/red_policy_test.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| class PolicyTest(object): | ||
|
|
||
| def test_resources(self, base_test, resources): | ||
| base_test.assertEqual(len(resources), 1) | ||
| base_test.assertEqual(resources[0]['VolumeType'], "io1") |