aws-inventory 0.2.0

data/lib/inventory/cloudwatch.rb

@@ -0,0 +1,38 @@
+require "action_view"
+
+class Inventory::Cloudwatch < Inventory::Base
+  include ActionView::Helpers::DateHelper
+
+  def header
+    ["Alarm Name", "Threshold"]
+  end
+
+  def data
+    alarms.map do |alarm|
+      [
+        alarm.alarm_name,
+        threshold_desc(alarm)
+      ]
+    end
+  end
+
+  def threshold_desc(alarm)
+    a = alarm
+    total_period = a.period * a.evaluation_periods
+    time_in_words = distance_of_time_in_words(total_period)
+    "#{a.metric_name} #{compare_map[a.comparison_operator]} #{a.threshold} for #{a.evaluation_periods} datapoints within #{time_in_words}"
+  end
+
+  def compare_map
+    {
+      "GreaterThanOrEqualToThreshold" => ">=",
+      "GreaterThanThreshold" => ">",
+      "LessThanOrEqualToThreshold" => "<=",
+      "LessThanThreshold" => "<",
+    }
+  end
+
+  def alarms
+    @alarms ||= cw.describe_alarms.metric_alarms
+  end
+end

data/lib/inventory/command.rb

@@ -0,0 +1,25 @@
+require "thor"
+
+module Inventory
+  class Command < Thor
+    class << self
+      def dispatch(m, args, options, config)
+        # Allow calling for help via:
+        #   inventory command help
+        #   inventory command -h
+        #   inventory command --help
+        #   inventory command -D
+        #
+        # as well thor's normal way:
+        #
+        #   inventory help command
+        help_flags = Thor::HELP_MAPPINGS + ["help"]
+        if args.length > 1 && !(args & help_flags).empty?
+          args -= help_flags
+          args.insert(-2, "help")
+        end
+        super
+      end
+    end
+  end
+end

data/lib/inventory/eb.rb

@@ -0,0 +1,19 @@
+class Inventory::Eb < Inventory::Base
+  def header
+    ["Environment", "Application", "Solution Stack"]
+  end
+
+  def data
+    eb_environments.map do |environment|
+      [
+        environment.environment_name,
+        environment.application_name,
+        environment.solution_stack_name,
+      ]
+    end
+  end
+
+  def eb_environments
+    @eb_environments ||= eb.describe_environments.environments
+  end
+end

data/lib/inventory/ec2.rb

@@ -0,0 +1,86 @@
+class Inventory::Ec2 < Inventory::Base
+  def header
+    ["Name", "Instance Id", "Instance Type", "Platform", "Security Groups"]
+  end
+
+  def data
+    instances.map do |i|
+      name = name_from_tag(i)
+      group_names = security_group_names(i)
+      # cost = cost(i)
+
+      [
+        name,
+        i.instance_id,
+        i.instance_type,
+        # cost,
+        platform(i), # windows or linux
+        group_names,
+      ]
+    end
+  end
+
+  def name_from_tag(instance)
+    tags = instance.tags
+    name_tag = tags.find { |t| t.key == "Name" }
+    name_tag ? name_tag.value : "(unnamed)"
+  end
+
+  def security_group_names(instance)
+    instance.security_groups.map {|sg| sg.group_name}.join(', ')
+  end
+
+  def cost(instance)
+    cost_type = COST_MAP[instance.instance_type]
+    if cost_type
+      cost = cost_type[platform(instance)]
+      cost.round(2)
+    end
+  end
+
+  def platform(instance)
+    instance.platform || "linux"
+  end
+
+  # hardcode pricing info until access to pricing api is sorted out
+  # these costs are per month.
+  COST_MAP = {
+    "t2.micro" => {
+      "windows" => 11.826,
+      "linux" => 8.468,
+    },
+    "t2.medium" => {
+      "windows" => 47.012,
+      "linux" => 33.872,
+    },
+    "t2.large" => {
+      "windows" => 88.184,
+      "linux" => 67.744,
+    },
+    "r3.4xlarge" => {
+      "windows" => 1419.12,
+      "linux" => 970.9,
+    },
+    "m4.large" => {
+      "windows" => 140.16,
+      "linux" => 73.0,
+    },
+    "m4.2xlarge" => {
+      "windows" => 560.64,
+      "linux" => 292,
+    },
+    "c3.2xlarge" => {
+      "windows" => 548.96,
+      "linux" => 306.6,
+    },
+  }
+  # Currently dont have access to the pricing api so skipping
+  # def describe_pricing
+  #   resp = pricing.describe_services(
+  #     format_version: "aws_v1",
+  #     max_results: 1,
+  #     service_code: "AmazonEC2",
+  #   )
+  #   pp resp
+  # end
+end

data/lib/inventory/ecs.rb

@@ -0,0 +1,10 @@
+class Inventory::Ecs < Inventory::Base
+  autoload :Service, "inventory/ecs/service"
+  autoload :Cluster, "inventory/ecs/cluster"
+
+  # Override report
+  def report
+    Service.new(@options).report
+    Cluster.new(@options).report
+  end
+end

data/lib/inventory/ecs/cluster.rb

@@ -0,0 +1,20 @@
+class Inventory::Ecs::Cluster < Inventory::Base
+  def header
+    ["Cluster", "Container Instances", "Running Tasks"]
+  end
+
+  def data
+    ecs_clusters.map do |cluster|
+      [
+        cluster.cluster_name,
+        cluster.registered_container_instances_count,
+        cluster.running_tasks_count,
+      ]
+    end
+  end
+
+  def ecs_clusters
+    cluster_arns = ecs.list_clusters.cluster_arns
+    @ecs_clusters ||= ecs.describe_clusters(clusters: cluster_arns).clusters
+  end
+end

data/lib/inventory/ecs/service.rb

@@ -0,0 +1,33 @@
+class Inventory::Ecs::Service < Inventory::Base
+  def header
+    ["Service", "Cluster", "Running Tasks"]
+  end
+
+  def data
+    ecs_services.map do |service|
+      [
+        service.service_name,
+        cluster_name(service.cluster_arn),
+        service.running_count,
+      ]
+    end
+  end
+
+  def cluster_name(cluster_arn)
+    resp = ecs.describe_clusters(clusters: [cluster_arn]) # cluster takes name or ARN
+    resp.clusters.first.cluster_name
+  end
+
+  def ecs_services
+    cluster_arns = ecs.list_clusters.cluster_arns
+    @ecs_services ||= cluster_arns.map do |cluster_arn|
+        service_arns = ecs.list_services(cluster: cluster_arn).service_arns
+        resp = ecs.describe_services(services: service_arns, cluster: cluster_arn)
+        resp.services
+      end.flatten
+
+    # pp @ecs_services
+    # @ecs_services
+    # @ecs_services ||= ecs.describe_services.services
+  end
+end

data/lib/inventory/elb.rb

@@ -0,0 +1,71 @@
+class Inventory::Elb < Inventory::Base
+  def header
+    ["ELB", "Type", "Security Group", "Open Ports"]
+  end
+
+  def data
+    data = []
+    elbs.each do |lb|
+      # lb.security_groups is actualy a list of group_ids
+      lb.security_groups.each do |group_id|
+        security_group_name = security_group_name(group_id) # weird: sometimes sg doesnt exist
+        open_ports = open_ports(group_id)
+
+        data << [
+          lb.load_balancer_name,
+          lb_type(lb),
+          security_group_name,
+          open_ports]
+      end
+    end
+
+    data
+  end
+
+  def lb_type(lb)
+    lb.respond_to?(:type) ? lb.type : 'classic'
+  end
+
+  def elbs
+    application_load_balancers + classic_load_balancers
+  end
+
+  # override custom sort
+  def sort(data)
+    data
+  end
+
+  def classic_load_balancers
+    @classic_load_balancers ||= elbv1.describe_load_balancers.load_balancer_descriptions
+  end
+
+  def security_group_names(lb)
+    # lb.security_groups is actualy a list of group_ids
+    lb.security_groups.map do |group_id|
+      security_group_name(group_id)
+    end.join(', ')
+  end
+
+  # Somehow sometimes there can be an ELB with a security group that does
+  # not actually exist.  In the AWS Console it says:
+  #  "There was an error loading the Security Groups."
+  def security_group_name(group_id)
+    security_group = security_groups.find { |sg| sg.group_id == group_id }
+    group_name = security_group ? security_group.group_name : "not found"
+    "#{group_id} (#{group_name})"
+  end
+
+  def application_load_balancers
+    @application_load_balancers ||= elbv2.describe_load_balancers.load_balancers
+  end
+
+  # Returns an Array of ports with a cidr of 0.0.0.0/0
+  # Delegates to Inventory::SecurityGroup
+  def open_ports(group_id)
+    sg = security_groups.find { |sg| sg.group_id == group_id }
+    return unless sg
+
+    inventory = Inventory::SecurityGroup::Open.new(@options)
+    inventory.ports_open_to_world(sg)
+  end
+end

data/lib/inventory/help.rb

@@ -0,0 +1,9 @@
+module Inventory::Help
+  class << self
+    def text(namespaced_command)
+      path = namespaced_command.to_s.gsub(':','/')
+      path = File.expand_path("../help/#{path}.md", __FILE__)
+      IO.read(path) if File.exist?(path)
+    end
+  end
+end

data/lib/inventory/help/acm.md

@@ -0,0 +1 @@
+Reports the AWS Certificate Manager inventory

data/lib/inventory/help/cfn.md

@@ -0,0 +1 @@
+Reports the CloudFormation inventory

data/lib/inventory/help/cw.md

@@ -0,0 +1 @@
+Reports the CloudWatch inventory

data/lib/inventory/help/eb.md

@@ -0,0 +1 @@
+Reports the Elastic Beanstalk inventory

data/lib/inventory/help/ec2.md

@@ -0,0 +1 @@
+Reports the EC2 inventory

data/lib/inventory/help/ecs.md

@@ -0,0 +1 @@
+Reports the ECS inventory

data/lib/inventory/help/elb.md

@@ -0,0 +1 @@
+Reports the Elastic Load Balancer inventory. Reports both Classic and Application Load Balancers.

data/lib/inventory/help/iam.md

@@ -0,0 +1,15 @@
+Reports the IAM inventory.
+
+List of groups and users in the groups:
+
+$ inventory iam --report-type groups # this is the default
+
+$ inventory iam  # same as above
+
+List of the users and their groups:
+
+$ inventory iam --report-type users
+
+Summary of number of groups and users
+
+$ inventory iam --report-type summary

data/lib/inventory/help/keypair.md

@@ -0,0 +1 @@
+Reports the Keypair inventory

data/lib/inventory/help/rds.md

@@ -0,0 +1,5 @@
+Reports the RDS inventory
+
+$ inventory rds --report-type summary
+
+$ inventory rds --report-type port

data/lib/inventory/help/sg.md

@@ -0,0 +1 @@
+Reports the security groups inventory

data/lib/inventory/help/vpc.md

@@ -0,0 +1 @@
+Reports the VPC inventory

data/lib/inventory/iam.rb

@@ -0,0 +1,13 @@
+class Inventory::Iam < Inventory::Base
+  autoload :Shared, "inventory/iam/shared"
+  autoload :Summary, "inventory/iam/summary"
+  autoload :User, "inventory/iam/user"
+  autoload :Group, "inventory/iam/group"
+
+  # Default is the groups report because it seems like the most useful report
+  def report
+    Summary.new(@options).report if show(:summary)
+    User.new(@options).report if show(:users)
+    Group.new(@options).report if show(:groups)
+  end
+end

data/lib/inventory/iam/group.rb

@@ -0,0 +1,22 @@
+class Inventory::Iam
+  class Group < Inventory::Base
+    include Shared
+
+    def header
+      ["Group Name", "User Count", "User Names"]
+    end
+
+    def data
+      data = [["(groupless)", groupless_users.size, groupless_users.join(', ')]]
+      data += groups.map do |group|
+        group_users = users_in_group(group.group_name)
+        [
+          group.group_name,
+          group_users.size,
+          group_users.join(', ')
+        ]
+      end
+      data
+    end
+  end
+end

data/lib/inventory/iam/shared.rb

@@ -0,0 +1,62 @@
+module Inventory::Iam::Shared
+  def group_names(user)
+    groups = groups_for(user)
+    groups.map(&:group_name)
+  end
+
+  @@groups = {}
+  def groups_for(user)
+    return @@groups[user.user_name] if @@groups[user.user_name]
+
+    @@groups[user.user_name] = iam.list_groups_for_user(user_name: user.user_name).groups
+  end
+
+  # iam.list_groups does not show the users in the groups.
+  # so users_in_groups returns an Array of the user_names in the specified group
+  def users_in_group(group_name)
+    # user_name is a String
+    # group_names is an Array of Strings
+    selected_users = all_users.select do |user_name, group_names|
+        group_names.include?(group_name)
+      end
+    selected_users.map { |a| a[0] }
+  end
+
+  def groupless_users
+    selected_users = all_users.select do |user_name, group_names|
+        group_names.empty?
+      end
+      selected_users.map { |a| a[0] }
+  end
+
+  # {
+  #   "tung": ["admin", "developers"],
+  #   "vuon": ["admin"],
+  #   "bob": ["developers"]
+  # }
+  def all_users
+    @all_users ||= users.inject({}) do |result, user|
+      result[user.user_name] = group_names(user)
+      result
+    end
+  end
+
+  def user_count(group)
+    group_counts[group.group_name]
+  end
+
+  def user_names(group)
+    users.each do |user|
+      result[user.user_name] = group_names(user)
+      result
+    end
+  end
+
+  def users
+    @users ||= iam.list_users.users
+  end
+
+  def groups
+    @groups ||= iam.list_groups.groups
+  end
+end