aws_recon 0.4.3 → 0.4.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws_recon/version.rb +1 -1
  3. data/utils/cloudformation/aws-recon-cfn-template.yml +151 -0
  4. data/{terraform → utils/terraform}/cloudwatch.tf +0 -0
  5. data/{terraform → utils/terraform}/ecs.tf +0 -0
  6. data/{terraform → utils/terraform}/iam.tf +0 -0
  7. data/{terraform → utils/terraform}/main.tf +0 -0
  8. data/{terraform → utils/terraform}/output.tf +0 -0
  9. data/{terraform → utils/terraform}/readme.md +0 -0
  10. data/{terraform → utils/terraform}/s3.tf +0 -0
  11. data/{terraform → utils/terraform}/vars.tf +1 -0
  12. data/{terraform → utils/terraform}/vpc.tf +3 -4
  13. metadata +12 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 80f767ac960548775c701684868aa2a58a2318e3c442a3c751feab370a40cee6
4
- data.tar.gz: 413c1365dc007b9bc6917c7ee1ccd708305b70080d45caae662077d9859834e8
3
+ metadata.gz: 48ccf03d964fff678dc732fcf74d4dcd9c7c06293845bbb9a4f54e9e1ce61a24
4
+ data.tar.gz: 7c39747a7845fe497be052baae41af8ee45014166d97114abb797d5f6c06e5b9
5
5
  SHA512:
6
- metadata.gz: '094fbf6a631b68c70eaae7982755b800a407f5efcf6a1ea3a0e64ec6221669a51ae78d2c386b61b4a36c54a90396c5312e759bb49783f28affe4034ef15709c2'
7
- data.tar.gz: a40c2417c1cc26c6d4ddedfe860c7c10bec38dbd6c1a55f5d1e0da23a7fc1fef2f083778b8ae8048ff4cdd84ed5bdbf74e6beeee68e96618727561aa6603c8f5
6
+ metadata.gz: 3b6c26ff3b38dd58c63313b70a609e6b08fe6d16762afb9651bbc81d6cef21d7c46e8b11ad73d40caf0e6abbfd877ef5d5f2fde1536425b70a25afe82b7a4a78
7
+ data.tar.gz: a74af8ad1b868895d997110a4688bc88266536ad2187c235ba27a0720e3ccce0d18d6959981ab3e82e40bb738944d1402380761f9c3c65ce33cc1649bfddbc4e
data/lib/aws_recon/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AwsRecon
2
- VERSION = "0.4.3"
2
+ VERSION = "0.4.4"
3
3
  end
data/utils/cloudformation/aws-recon-cfn-template.yml ADDED
@@ -0,0 +1,151 @@
1
+ AWSTemplateFormatVersion: '2010-09-09'
2
+ Description: 'Deploys AWS Recon inventory collection resources, scheduled ECS task and corresponding IAM roles and policies.'
3
+ Resources:
4
+ AWSReconVPC:
5
+ Type: AWS::EC2::VPC
6
+ Properties:
7
+ CidrBlock: '10.75.0.0/27'
8
+ Tags:
9
+ - Key: Name
10
+ Value: aws-recon-CFN
11
+ AWSReconSubnet:
12
+ Type: AWS::EC2::Subnet
13
+ Properties:
14
+ CidrBlock: '10.75.0.0/28'
15
+ VpcId: !Ref AWSReconVPC
16
+ Tags:
17
+ - Key: Name
18
+ Value: aws-recon-CFN
19
+ DependsOn: AWSReconVPC
20
+ AWSReconSecurityGroup:
21
+ Type: AWS::EC2::SecurityGroup
22
+ Properties:
23
+ GroupDescription: AWS Recon collection egress
24
+ VpcId: !Ref AWSReconVPC
25
+ SecurityGroupEgress:
26
+ - IpProtocol: -1
27
+ FromPort: 0
28
+ ToPort: 0
29
+ CidrIp: 0.0.0.0/0
30
+ Tags:
31
+ - Key: Name
32
+ Value: aws-recon-CFN
33
+ AWSReconInternetGateway:
34
+ Type: AWS::EC2::InternetGateway
35
+ Properties:
36
+ Tags:
37
+ - Key: Name
38
+ Value: aws-recon-CFN
39
+ AWSReconInternetGatewayAttachment:
40
+ Type: AWS::EC2::VPCGatewayAttachment
41
+ Properties:
42
+ InternetGatewayId: !Ref AWSReconInternetGateway
43
+ VpcId: !Ref AWSReconVPC
44
+ AWSReconEgressRouteTable:
45
+ Type: AWS::EC2::RouteTable
46
+ Properties:
47
+ VpcId: !Ref AWSReconVPC
48
+ Tags:
49
+ - Key: Name
50
+ Value: aws-recon-CFN
51
+ AWSReconSubnetRouteTableAssociation:
52
+ Type: AWS::EC2::SubnetRouteTableAssociation
53
+ Properties:
54
+ SubnetId: !Ref AWSReconSubnet
55
+ RouteTableId: !Ref AWSReconEgressRouteTable
56
+ AWSReconEgressRoute:
57
+ Type: AWS::EC2::Route
58
+ Properties:
59
+ DestinationCidrBlock: '0.0.0.0/0'
60
+ GatewayId: !Ref AWSReconInternetGateway
61
+ RouteTableId: !Ref AWSReconEgressRouteTable
62
+ AWSReconECSCluster:
63
+ Type: AWS::ECS::Cluster
64
+ Properties:
65
+ ClusterName: aws-recon-CFN
66
+ CapacityProviders:
67
+ - FARGATE
68
+ Tags:
69
+ - Key: Name
70
+ Value: aws-recon-CFN
71
+ DependsOn: AWSReconSubnet
72
+ AWSReconECSTask:
73
+ Type: AWS::ECS::TaskDefinition
74
+ Properties:
75
+ Family: aws-recon-CFN
76
+ RequiresCompatibilities:
77
+ - FARGATE
78
+ NetworkMode: awsvpc
79
+ Cpu: 1024
80
+ Memory: 2048
81
+ TaskRoleArn: !Ref AWSReconECSTaskRole
82
+ ExecutionRoleArn: !Ref AWSReconECSExecutionRole
83
+ ContainerDefinitions:
84
+ - Name: aws-recon-CFN
85
+ Image: 'darkbitio/aws_recon:latest'
86
+ EntryPoint:
87
+ - 'aws_recon'
88
+ - '--verbose'
89
+ - '--format'
90
+ - 'custom'
91
+ AWSReconECSTaskRole:
92
+ Type: AWS::IAM::Role
93
+ Properties:
94
+ RoleName: aws-recon-ecs-task-role
95
+ ManagedPolicyArns:
96
+ - 'arn:aws:iam::aws:policy/ReadOnlyAccess'
97
+ Policies:
98
+ - PolicyName: AWSReconECSTaskRole
99
+ PolicyDocument:
100
+ Version: '2012-10-17'
101
+ Statement:
102
+ - Effect: Allow
103
+ Action: 's3:PutObject'
104
+ Resource: 'arn:aws:s3:::CHANGEME/*'
105
+ AssumeRolePolicyDocument:
106
+ Version: '2012-10-17'
107
+ Statement:
108
+ - Effect: Allow
109
+ Principal:
110
+ Service:
111
+ - ecs.amazonaws.com
112
+ - ecs-tasks.amazonaws.com
113
+ Action: 'sts:AssumeRole'
114
+ AWSReconECSExecutionRole:
115
+ Type: AWS::IAM::Role
116
+ Properties:
117
+ RoleName: aws-recon-ecs-execution-role
118
+ Policies:
119
+ - PolicyName: AWSReconECSTaskExecutionPolicy
120
+ PolicyDocument:
121
+ Version: '2012-10-17'
122
+ Statement:
123
+ - Effect: Allow
124
+ Action:
125
+ - 'ecr:GetAuthorizationToken'
126
+ - 'ecr:BatchCheckLayerAvailability'
127
+ - 'ecr:GetDownloadUrlForLayer'
128
+ - 'ecr:BatchGetImage'
129
+ - 'logs:CreateLogStream'
130
+ - 'logs:PutLogEvents'
131
+ Resource: '*'
132
+ AssumeRolePolicyDocument:
133
+ Version: '2012-10-17'
134
+ Statement:
135
+ - Effect: Allow
136
+ Principal:
137
+ Service:
138
+ - ecs-tasks.amazonaws.com
139
+ Action: 'sts:AssumeRole'
140
+ AWSReconCloudWatchEventsRole:
141
+ Type: AWS::IAM::Role
142
+ Properties:
143
+ RoleName: aws-recon-events-role
144
+ AssumeRolePolicyDocument:
145
+ Version: '2012-10-17'
146
+ Statement:
147
+ - Effect: Allow
148
+ Principal:
149
+ Service:
150
+ - events.amazonaws.com
151
+ Action: 'sts:AssumeRole'
data/{terraform → utils/terraform}/cloudwatch.tf RENAMED
File without changes
data/{terraform → utils/terraform}/ecs.tf RENAMED
File without changes
data/{terraform → utils/terraform}/iam.tf RENAMED
File without changes
data/{terraform → utils/terraform}/main.tf RENAMED
File without changes
data/{terraform → utils/terraform}/output.tf RENAMED
File without changes
data/{terraform → utils/terraform}/readme.md RENAMED
File without changes
data/{terraform → utils/terraform}/s3.tf RENAMED
File without changes
data/{terraform → utils/terraform}/vars.tf RENAMED
@@ -41,6 +41,7 @@ variable "aws_regions" {
41
41
  ]
42
42
  }
43
43
 
44
+ # must be one of: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365
44
45
  variable "retention_period" {
45
46
  type = number
46
47
  default = 30
data/{terraform → utils/terraform}/vpc.tf RENAMED
@@ -9,10 +9,9 @@ resource "aws_vpc" "vpc" {
9
9
 
10
10
  # Create subnet
11
11
  resource "aws_subnet" "subnet" {
12
- vpc_id = aws_vpc.vpc.id
13
- cidr_block = local.subnet_cidr_block
14
- availability_zone = data.aws_availability_zones.available.names[0]
15
- map_public_ip_on_launch = true
12
+ vpc_id = aws_vpc.vpc.id
13
+ cidr_block = local.subnet_cidr_block
14
+ availability_zone = data.aws_availability_zones.available.names[0]
16
15
 
17
16
  tags = {
18
17
  Name = "${var.aws_recon_base_name}-${random_id.aws_recon.hex}-public"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws_recon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.3
4
+ version: 0.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Larsen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-04-02 00:00:00.000000000 Z
12
+ date: 2021-04-06 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk
@@ -244,15 +244,16 @@ files:
244
244
  - lib/aws_recon/services.yaml
245
245
  - lib/aws_recon/version.rb
246
246
  - readme.md
247
- - terraform/cloudwatch.tf
248
- - terraform/ecs.tf
249
- - terraform/iam.tf
250
- - terraform/main.tf
251
- - terraform/output.tf
252
- - terraform/readme.md
253
- - terraform/s3.tf
254
- - terraform/vars.tf
255
- - terraform/vpc.tf
247
+ - utils/cloudformation/aws-recon-cfn-template.yml
248
+ - utils/terraform/cloudwatch.tf
249
+ - utils/terraform/ecs.tf
250
+ - utils/terraform/iam.tf
251
+ - utils/terraform/main.tf
252
+ - utils/terraform/output.tf
253
+ - utils/terraform/readme.md
254
+ - utils/terraform/s3.tf
255
+ - utils/terraform/vars.tf
256
+ - utils/terraform/vpc.tf
256
257
  homepage: https://github.com/darkbitio/aws-recon
257
258
  licenses:
258
259
  - MIT