aws_pocketknife 0.1.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (53) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +11 -0
  3. data/.rspec +2 -0
  4. data/.ruby-gemset +1 -0
  5. data/.ruby-version +1 -0
  6. data/.travis.yml +1 -0
  7. data/CODE_OF_CONDUCT.md +49 -0
  8. data/Gemfile +4 -0
  9. data/LICENSE.txt +21 -0
  10. data/README.md +115 -0
  11. data/Rakefile +22 -0
  12. data/aws_pocketknife.gemspec +40 -0
  13. data/bin/console +14 -0
  14. data/bin/setup +8 -0
  15. data/cert/ca-bundle.crt +3988 -0
  16. data/exe/pocketknife +5 -0
  17. data/lib/aws_pocketknife.rb +88 -0
  18. data/lib/aws_pocketknife/admin/policies/developer_dev_acc.json +10 -0
  19. data/lib/aws_pocketknife/admin/policies/developer_prd_acc.json +15 -0
  20. data/lib/aws_pocketknife/admin/policies/tc_devops.json.erb +207 -0
  21. data/lib/aws_pocketknife/admin/policies/tester_dev_acc.json +176 -0
  22. data/lib/aws_pocketknife/admin/policies/tester_prd_acc.json +176 -0
  23. data/lib/aws_pocketknife/admin/policies/web_front_end.json.erb +59 -0
  24. data/lib/aws_pocketknife/admin/trust_relationships/ec2.json +13 -0
  25. data/lib/aws_pocketknife/asg.rb +56 -0
  26. data/lib/aws_pocketknife/cli/ami.rb +24 -0
  27. data/lib/aws_pocketknife/cli/asg.rb +40 -0
  28. data/lib/aws_pocketknife/cli/eb.rb +49 -0
  29. data/lib/aws_pocketknife/cli/ec2.rb +61 -0
  30. data/lib/aws_pocketknife/cli/elb.rb +20 -0
  31. data/lib/aws_pocketknife/cli/iam.rb +31 -0
  32. data/lib/aws_pocketknife/cli/main.rb +34 -0
  33. data/lib/aws_pocketknife/cli/rds.rb +13 -0
  34. data/lib/aws_pocketknife/cli/rds_snapshot.rb +44 -0
  35. data/lib/aws_pocketknife/cli/route53.rb +56 -0
  36. data/lib/aws_pocketknife/cloudwatch_logs.rb +25 -0
  37. data/lib/aws_pocketknife/common/logging.rb +31 -0
  38. data/lib/aws_pocketknife/common/utils.rb +63 -0
  39. data/lib/aws_pocketknife/ec2.rb +308 -0
  40. data/lib/aws_pocketknife/elastic_beanstalk.rb +62 -0
  41. data/lib/aws_pocketknife/elb.rb +25 -0
  42. data/lib/aws_pocketknife/iam.rb +135 -0
  43. data/lib/aws_pocketknife/rds.rb +84 -0
  44. data/lib/aws_pocketknife/route53.rb +234 -0
  45. data/lib/aws_pocketknife/tasks/asg.rake +18 -0
  46. data/lib/aws_pocketknife/tasks/cloudwatch.rake +12 -0
  47. data/lib/aws_pocketknife/tasks/ec2.rake +57 -0
  48. data/lib/aws_pocketknife/tasks/elastic_beanstalk.rake +25 -0
  49. data/lib/aws_pocketknife/tasks/elb.rake +13 -0
  50. data/lib/aws_pocketknife/tasks/iam.rake +57 -0
  51. data/lib/aws_pocketknife/tasks/route53.rake +64 -0
  52. data/lib/aws_pocketknife/version.rb +3 -0
  53. metadata +284 -0
data/exe/pocketknife ADDED
@@ -0,0 +1,5 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'aws_pocketknife'
4
+
5
+ AwsPocketknife::Cli::Main.start(ARGV)
data/lib/aws_pocketknife.rb ADDED
@@ -0,0 +1,88 @@
1
+ require 'aws_pocketknife/version'
2
+ require 'aws-sdk-core'
3
+
4
+ require 'aws_pocketknife/common/utils'
5
+ require 'aws_pocketknife/common/logging'
6
+
7
+ require 'aws_pocketknife/iam'
8
+ require 'aws_pocketknife/ec2'
9
+ require 'aws_pocketknife/route53'
10
+ require 'aws_pocketknife/asg'
11
+ require 'aws_pocketknife/cloudwatch_logs'
12
+ require 'aws_pocketknife/elastic_beanstalk'
13
+ require 'aws_pocketknife/elb'
14
+ require 'aws_pocketknife/rds'
15
+
16
+ require 'aws_pocketknife/cli/iam'
17
+ require 'aws_pocketknife/cli/asg'
18
+ require 'aws_pocketknife/cli/elb'
19
+ require 'aws_pocketknife/cli/ec2'
20
+ require 'aws_pocketknife/cli/ami'
21
+ require 'aws_pocketknife/cli/eb'
22
+ require 'aws_pocketknife/cli/route53'
23
+ require 'aws_pocketknife/cli/rds_snapshot'
24
+ require 'aws_pocketknife/cli/rds'
25
+ require 'aws_pocketknife/cli/main'
26
+
27
+ module AwsPocketknife
28
+ extend self
29
+
30
+ AWS_REGION = ENV['AWS_REGION'] || 'ap-southeast-2'
31
+ AWS_PROFILE = ENV['AWS_PROFILE'] || nil
32
+
33
+ class << self
34
+
35
+ def cloudwatch_logs_client
36
+ @cloudwatch_logs_client ||= Aws::CloudWatchLogs::Client.new(get_client_options)
37
+ end
38
+
39
+ def cf_client
40
+ @cloud_formation_client ||= Aws::CloudFormation::Client.new(get_client_options)
41
+ end
42
+
43
+ def s3_client
44
+ @s3_client ||= Aws::S3::Client.new(get_client_options)
45
+ end
46
+
47
+ def elb_client
48
+ @elb_client ||= Aws::ElasticLoadBalancing::Client.new(get_client_options)
49
+ end
50
+
51
+ def asg_client
52
+ @asg_client ||= Aws::AutoScaling::Client.new(get_client_options)
53
+ end
54
+
55
+ def elastic_beanstalk_client
56
+ @elastic_beanstalk_client ||= Aws::ElasticBeanstalk::Client.new(get_client_options)
57
+ end
58
+
59
+ def iam_client
60
+ @iam_client ||= Aws::IAM::Client.new(get_client_options)
61
+ end
62
+
63
+ def rds_client
64
+ @rds_client ||= Aws::RDS::Client.new(get_client_options)
65
+ end
66
+
67
+ def ec2_client
68
+ @ec2_client ||= Aws::EC2::Client.new(get_client_options)
69
+ end
70
+
71
+ def route53_client
72
+ @route53_client ||= Aws::Route53::Client.new(get_client_options)
73
+ end
74
+
75
+ private
76
+
77
+ def get_client_options
78
+ if AWS_PROFILE.nil?
79
+ return { retry_limit: 5, region: AWS_REGION }
80
+ else
81
+ credentials = Aws::SharedCredentials.new(profile_name: AWS_PROFILE)
82
+ return { retry_limit: 5, region: AWS_REGION, credentials: credentials }
83
+ end
84
+ end
85
+ end
86
+ end
87
+
88
+
data/lib/aws_pocketknife/admin/policies/developer_dev_acc.json ADDED
@@ -0,0 +1,10 @@
1
+ {
2
+ "Version": "2012-10-17",
3
+ "Statement": [
4
+ {
5
+ "Effect": "Allow",
6
+ "Action": "*",
7
+ "Resource": "*"
8
+ }
9
+ ]
10
+ }
data/lib/aws_pocketknife/admin/policies/developer_prd_acc.json ADDED
@@ -0,0 +1,15 @@
1
+ {
2
+ "Version": "2012-10-17",
3
+ "Statement": [
4
+ {
5
+ "Effect": "Allow",
6
+ "Action": "*",
7
+ "Resource": "*"
8
+ },
9
+ {
10
+ "Effect": "Deny",
11
+ "Action": ["iam:*"],
12
+ "Resource": "*"
13
+ }
14
+ ]
15
+ }
data/lib/aws_pocketknife/admin/policies/tc_devops.json.erb ADDED
@@ -0,0 +1,207 @@
1
+ {
2
+ "Version": "2012-10-17",
3
+ "Statement": [
4
+ {
5
+ "Effect": "Allow",
6
+ "Action": [
7
+ "route53:ListHostedZones",
8
+ "route53:ChangeResourceRecordSets",
9
+ "route53:ListResourceRecordSets",
10
+ "route53:CreateHostedZone",
11
+ "route53:DeleteHostedZone",
12
+ "route53:GetHostedZone",
13
+ "route53:GetChange"
14
+ ],
15
+ "Resource": "*"
16
+ },
17
+ {
18
+ "Effect": "Allow",
19
+ "Action": [
20
+ "cloudwatch:PutMetricData",
21
+ "logs:CreateLogGroup",
22
+ "logs:DeleteLogGroup",
23
+ "logs:CreateLogStream",
24
+ "logs:DescribeLogGroups",
25
+ "logs:DescribeLogStreams",
26
+ "logs:PutRetentionPolicy",
27
+ "logs:PutLogEvents"
28
+ ],
29
+ "Resource": "*"
30
+ },
31
+ {
32
+ "Action": [
33
+ "iam:GetRole",
34
+ "iam:GetUser",
35
+ "iam:ListRoles",
36
+ "iam:AddRoleToInstanceProfile",
37
+ "iam:ListAttachedRolePolicies",
38
+ "iam:CreateRole",
39
+ "iam:DeleteRole",
40
+ "iam:CreateInstanceProfile",
41
+ "iam:PutRolePolicy",
42
+ "iam:DeleteRolePolicy",
43
+ "iam:RemoveRoleFromInstanceProfile",
44
+ "iam:DeleteInstanceProfile",
45
+ "iam:PassRole",
46
+ "iam:UpdateAssumeRolePolicy"
47
+ ],
48
+ "Effect": "Allow",
49
+ "Resource": [
50
+ "*"
51
+ ]
52
+ },
53
+ {
54
+ "Action": [
55
+ "s3:*"
56
+ ],
57
+ "Effect": "Allow",
58
+ "Resource": [
59
+ <% buckets.first(buckets.length-1).each do |bucket| %>
60
+ "<%= bucket %>",
61
+ <% end %>
62
+ "<%= buckets.reverse[0] %>"
63
+ ]
64
+ },
65
+ {
66
+ "Action": [
67
+ "ec2:DeleteSnapshot",
68
+ "ec2:DescribeSnapshots",
69
+ "ec2:AllocateAddress",
70
+ "ec2:CreateKeyPair",
71
+ "ec2:AssociateAddress",
72
+ "ec2:AssociateRouteTable",
73
+ "ec2:AttachInternetGateway",
74
+ "ec2:AttachVpnGateway",
75
+ "ec2:AuthorizeSecurityGroupEgress",
76
+ "ec2:CreateInternetGateway",
77
+ "ec2:CreateNetworkAcl",
78
+ "ec2:CreateNetworkAclEntry",
79
+ "ec2:CreateImage",
80
+ "ec2:CreateRoute",
81
+ "ec2:CreateRouteTable",
82
+ "ec2:CreateSubnet",
83
+ "ec2:CreateVpc",
84
+ "ec2:DeleteInternetGateway",
85
+ "ec2:DeleteNetworkAcl",
86
+ "ec2:DeleteNetworkAclEntry",
87
+ "ec2:DeleteRoute",
88
+ "ec2:DeleteRouteTable",
89
+ "ec2:DeleteSubnet",
90
+ "ec2:DeleteTags",
91
+ "ec2:DeleteVpc",
92
+ "ec2:DetachVpnGateway",
93
+ "ec2:DescribeAddresses",
94
+ "ec2:DescribeAccountAttributes",
95
+ "ec2:DescribeSubnets",
96
+ "ec2:DescribeVpcAttribute",
97
+ "ec2:DescribeVpcs",
98
+ "ec2:DescribeInternetGateways",
99
+ "ec2:DescribeNetworkAcls",
100
+ "ec2:DescribeNetworkInterfaces",
101
+ "ec2:DescribeRouteTables",
102
+ "ec2:DescribeVpnGateways",
103
+ "ec2:DescribeTags",
104
+ "ec2:CreateTags",
105
+ "ec2:DescribeInstances",
106
+ "ec2:DescribeInstanceStatus",
107
+ "ec2:DeregisterImage",
108
+ "ec2:DetachInternetGateway",
109
+ "ec2:DisassociateAddress",
110
+ "ec2:DisassociateRouteTable",
111
+ "ec2:ModifyVpcAttribute",
112
+ "ec2:ModifyInstanceAttribute",
113
+ "ec2:ReleaseAddress",
114
+ "ec2:ReplaceNetworkAclAssociation",
115
+ "ec2:ReplaceNetworkAclEntry",
116
+ "ec2:ReplaceRouteTableAssociation",
117
+ "ec2:RevokeSecurityGroupEgress",
118
+ "ec2:RevokeSecurityGroupIngress",
119
+ "ec2:CreateKeyPair",
120
+ "ec2:CreateSecurityGroup",
121
+ "ec2:DeregisterImage",
122
+ "ec2:CreateTags",
123
+ "ec2:CreateVolume",
124
+ "ec2:DeleteSecurityGroup",
125
+ "ec2:DescribeAvailabilityZones",
126
+ "ec2:DescribeImageAttribute",
127
+ "ec2:DescribeImages",
128
+ "ec2:DescribeInstances",
129
+ "ec2:DescribeSecurityGroups",
130
+ "ec2:DetachVolume",
131
+ "ec2:EnableVolumeIO",
132
+ "ec2:GetConsoleOutput",
133
+ "ec2:GetPasswordData",
134
+ "ec2:ModifySnapshotAttribute",
135
+ "ec2:ModifyImageAttribute",
136
+ "ec2:ModifyVolumeAttribute",
137
+ "ec2:MonitorInstances",
138
+ "ec2:RebootInstances",
139
+ "ec2:ReportInstanceStatus",
140
+ "ec2:RunInstances",
141
+ "ec2:StartInstances",
142
+ "ec2:StopInstances",
143
+ "ec2:TerminateInstances",
144
+ "ec2:AuthorizeSecurityGroupIngress",
145
+ "ec2:AuthorizeSecurityGroupEgress"
146
+ ],
147
+ "Effect": "Allow",
148
+ "Resource": "*"
149
+ },
150
+ {
151
+ "Effect": "Allow",
152
+ "Action": [
153
+ "rds:AuthorizeDBSecurityGroupIngress",
154
+ "rds:CreateDBInstance",
155
+ "rds:CreateDBInstanceReadReplica",
156
+ "rds:CreateDBParameterGroup",
157
+ "rds:CreateDBSecurityGroup",
158
+ "rds:CreateDBSnapshot",
159
+ "rds:DeleteDBInstance",
160
+ "rds:DeleteDBParameterGroup",
161
+ "rds:DeleteDBSecurityGroup",
162
+ "rds:DeleteDBSnapshot",
163
+ "rds:DescribeDBEngineVersions",
164
+ "rds:DescribeDBInstances",
165
+ "rds:DescribeDBParameterGroups",
166
+ "rds:DescribeDBParameters",
167
+ "rds:DescribeDBSecurityGroups",
168
+ "rds:DescribeDBSnapshots",
169
+ "rds:DescribeEvents",
170
+ "rds:ListTagsForResource",
171
+ "rds:ModifyDBInstance",
172
+ "rds:ModifyDBParameterGroup",
173
+ "rds:RebootDBInstance",
174
+ "rds:ResetDBParameterGroup",
175
+ "rds:RestoreDBInstanceFromDBSnapshot",
176
+ "rds:RestoreDBInstanceToPointInTime",
177
+ "rds:RevokeDBSecurityGroupIngress",
178
+ "rds:CreateDBSubnetGroup",
179
+ "rds:DescribeDBSubnetGroup",
180
+ "rds:DescribeDBSubnetGroups",
181
+ "rds:DeleteDBSubnetGroup",
182
+ "rds:AddTagsToResource"
183
+ ],
184
+ "Resource": "*"
185
+ },
186
+ {
187
+ "Effect": "Allow",
188
+ "Action": "cloudformation:*",
189
+ "Resource": "*"
190
+ },
191
+ {
192
+ "Effect": "Allow",
193
+ "Action": "elasticloadbalancing:*",
194
+ "Resource": "*"
195
+ },
196
+ {
197
+ "Effect": "Allow",
198
+ "Action": "cloudwatch:*",
199
+ "Resource": "*"
200
+ },
201
+ {
202
+ "Effect": "Allow",
203
+ "Action": "autoscaling:*",
204
+ "Resource": "*"
205
+ }
206
+ ]
207
+ }
data/lib/aws_pocketknife/admin/policies/tester_dev_acc.json ADDED
@@ -0,0 +1,176 @@
1
+ {
2
+ "Version": "2012-10-17",
3
+ "Statement": [
4
+ {
5
+ "Action": [
6
+ "acm:DescribeCertificate",
7
+ "acm:GetCertificate",
8
+ "acm:ListCertificates",
9
+ "appstream:Get*",
10
+ "autoscaling:Describe*",
11
+ "cloudformation:DescribeStackEvents",
12
+ "cloudformation:DescribeStackResource",
13
+ "cloudformation:DescribeStackResources",
14
+ "cloudformation:DescribeStacks",
15
+ "cloudformation:GetTemplate",
16
+ "cloudformation:List*",
17
+ "cloudfront:Get*",
18
+ "cloudfront:List*",
19
+ "cloudsearch:Describe*",
20
+ "cloudsearch:List*",
21
+ "cloudtrail:DescribeTrails",
22
+ "cloudtrail:GetTrailStatus",
23
+ "cloudwatch:Describe*",
24
+ "cloudwatch:Get*",
25
+ "cloudwatch:List*",
26
+ "codecommit:BatchGetRepositories",
27
+ "codecommit:Get*",
28
+ "codecommit:GitPull",
29
+ "codecommit:List*",
30
+ "codedeploy:Batch*",
31
+ "codedeploy:Get*",
32
+ "codedeploy:List*",
33
+ "config:Deliver*",
34
+ "config:Describe*",
35
+ "config:Get*",
36
+ "datapipeline:DescribeObjects",
37
+ "datapipeline:DescribePipelines",
38
+ "datapipeline:EvaluateExpression",
39
+ "datapipeline:GetPipelineDefinition",
40
+ "datapipeline:ListPipelines",
41
+ "datapipeline:QueryObjects",
42
+ "datapipeline:ValidatePipelineDefinition",
43
+ "directconnect:Describe*",
44
+ "ds:Check*",
45
+ "ds:Describe*",
46
+ "ds:Get*",
47
+ "ds:List*",
48
+ "ds:Verify*",
49
+ "dynamodb:BatchGetItem",
50
+ "dynamodb:DescribeTable",
51
+ "dynamodb:GetItem",
52
+ "dynamodb:ListTables",
53
+ "dynamodb:Query",
54
+ "dynamodb:Scan",
55
+ "ec2:Describe*",
56
+ "ec2:GetConsoleOutput",
57
+ "ecr:GetAuthorizationToken",
58
+ "ecr:BatchCheckLayerAvailability",
59
+ "ecr:GetDownloadUrlForLayer",
60
+ "ecr:GetManifest",
61
+ "ecr:DescribeRepositories",
62
+ "ecr:ListImages",
63
+ "ecr:BatchGetImage",
64
+ "ecs:Describe*",
65
+ "ecs:List*",
66
+ "elasticache:Describe*",
67
+ "elasticache:List*",
68
+ "elasticbeanstalk:Check*",
69
+ "elasticbeanstalk:Describe*",
70
+ "elasticbeanstalk:List*",
71
+ "elasticbeanstalk:RequestEnvironmentInfo",
72
+ "elasticbeanstalk:RetrieveEnvironmentInfo",
73
+ "elasticloadbalancing:Describe*",
74
+ "elasticmapreduce:Describe*",
75
+ "elasticmapreduce:List*",
76
+ "elastictranscoder:List*",
77
+ "elastictranscoder:Read*",
78
+ "es:DescribeElasticsearchDomain",
79
+ "es:DescribeElasticsearchDomains",
80
+ "es:DescribeElasticsearchDomainConfig",
81
+ "es:ListDomainNames",
82
+ "es:ListTags",
83
+ "es:ESHttpGet",
84
+ "es:ESHttpHead",
85
+ "events:DescribeRule",
86
+ "events:ListRuleNamesByTarget",
87
+ "events:ListRules",
88
+ "events:ListTargetsByRule",
89
+ "events:TestEventPattern",
90
+ "firehose:Describe*",
91
+ "firehose:List*",
92
+ "glacier:ListVaults",
93
+ "glacier:DescribeVault",
94
+ "glacier:GetDataRetrievalPolicy",
95
+ "glacier:GetVaultAccessPolicy",
96
+ "glacier:GetVaultLock",
97
+ "glacier:GetVaultNotifications",
98
+ "glacier:ListJobs",
99
+ "glacier:ListMultipartUploads",
100
+ "glacier:ListParts",
101
+ "glacier:ListTagsForVault",
102
+ "glacier:DescribeJob",
103
+ "glacier:GetJobOutput",
104
+ "iam:GenerateCredentialReport",
105
+ "iam:Get*",
106
+ "iam:List*",
107
+ "inspector:Describe*",
108
+ "inspector:Get*",
109
+ "inspector:List*",
110
+ "inspector:LocalizeText",
111
+ "inspector:PreviewAgentsForResourceGroup",
112
+ "iot:Describe*",
113
+ "iot:Get*",
114
+ "iot:List*",
115
+ "kinesis:Describe*",
116
+ "kinesis:Get*",
117
+ "kinesis:List*",
118
+ "kms:Describe*",
119
+ "kms:Get*",
120
+ "kms:List*",
121
+ "lambda:List*",
122
+ "lambda:Get*",
123
+ "logs:Describe*",
124
+ "logs:Get*",
125
+ "logs:TestMetricFilter",
126
+ "machinelearning:Describe*",
127
+ "machinelearning:Get*",
128
+ "mobilehub:GetProject",
129
+ "mobilehub:ListAvailableFeatures",
130
+ "mobilehub:ListAvailableRegions",
131
+ "mobilehub:ListProjects",
132
+ "mobilehub:ValidateProject",
133
+ "mobilehub:VerifyServiceRole",
134
+ "opsworks:Describe*",
135
+ "opsworks:Get*",
136
+ "rds:Describe*",
137
+ "rds:ListTagsForResource",
138
+ "redshift:Describe*",
139
+ "redshift:ViewQueriesInConsole",
140
+ "route53:Get*",
141
+ "route53:List*",
142
+ "route53domains:CheckDomainAvailability",
143
+ "route53domains:GetDomainDetail",
144
+ "route53domains:GetOperationDetail",
145
+ "route53domains:ListDomains",
146
+ "route53domains:ListOperations",
147
+ "route53domains:ListTagsForDomain",
148
+ "s3:Get*",
149
+ "s3:List*",
150
+ "sdb:GetAttributes",
151
+ "sdb:List*",
152
+ "sdb:Select*",
153
+ "ses:Get*",
154
+ "ses:List*",
155
+ "sns:Get*",
156
+ "sns:List*",
157
+ "sqs:GetQueueAttributes",
158
+ "sqs:ListQueues",
159
+ "sqs:ReceiveMessage",
160
+ "storagegateway:Describe*",
161
+ "storagegateway:List*",
162
+ "swf:Count*",
163
+ "swf:Describe*",
164
+ "swf:Get*",
165
+ "swf:List*",
166
+ "tag:Get*",
167
+ "trustedadvisor:Describe*",
168
+ "waf:Get*",
169
+ "waf:List*",
170
+ "workspaces:Describe*"
171
+ ],
172
+ "Effect": "Allow",
173
+ "Resource": "*"
174
+ }
175
+ ]
176
+ }