aws_recon 0.5.1 → 0.5.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/check-aws-regions.yml +17 -0
- data/lib/aws_recon/collectors/iam.rb +1 -1
- data/lib/aws_recon/options.rb +2 -2
- data/lib/aws_recon/services.yaml +1 -1
- data/lib/aws_recon/version.rb +1 -1
- data/utils/aws/check_region_exclusions.rb +86 -0
- data/utils/aws/regions.yaml +43 -0
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7481b13d21571402935b0ce2b67a7cdaaf3d3fc245b49f5569ab249b00a80769
|
4
|
+
data.tar.gz: d755e86dbe27036c6db5aec7a10497f1cf85c4ad64265f673ec10fd1490d9566
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a97a2b0b84fd34a79be57dac06caefa77231a7098d2ee221e3d6587d57c51aa181aff4aefeb13bfcfd52578b2f30285ce3e1a2f5f70ed8cff6c37d426f2daaa4
|
7
|
+
data.tar.gz: 7fdab7b7ddebb23fd28d28721966ff1d29a7b3a07c351e6319d3c6cdeb08fc4788869b8c30e2ea5f38a180bfe4cbf55dda05206a9985e568d0ea564d1c7eb19b
|
@@ -0,0 +1,17 @@
|
|
1
|
+
name: check-service-regions
|
2
|
+
|
3
|
+
on:
|
4
|
+
schedule:
|
5
|
+
- cron: '40 15 * * *'
|
6
|
+
|
7
|
+
jobs:
|
8
|
+
region-check:
|
9
|
+
runs-on: ubuntu-20.04
|
10
|
+
steps:
|
11
|
+
- name: Checkout
|
12
|
+
uses: actions/checkout@v2
|
13
|
+
with:
|
14
|
+
fetch-depth: 1
|
15
|
+
- name: Set version tag
|
16
|
+
run: |
|
17
|
+
cd utils/aws ; ruby check_region_exclusions.rb
|
data/lib/aws_recon/options.rb
CHANGED
@@ -36,8 +36,8 @@ class Parser
|
|
36
36
|
aws_regions = ['global'].concat(Aws::EC2::Client.new.describe_regions.regions.map(&:region_name))
|
37
37
|
end
|
38
38
|
rescue Aws::Errors::ServiceError => e
|
39
|
-
|
40
|
-
exit
|
39
|
+
warn "\nAWS Error: #{e.code}\n\n"
|
40
|
+
exit(1)
|
41
41
|
end
|
42
42
|
|
43
43
|
aws_services = YAML.load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
|
data/lib/aws_recon/services.yaml
CHANGED
data/lib/aws_recon/version.rb
CHANGED
@@ -0,0 +1,86 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Check regional service availability against services.yaml exclusions.
|
5
|
+
#
|
6
|
+
require 'net/http'
|
7
|
+
require 'json'
|
8
|
+
require 'yaml'
|
9
|
+
|
10
|
+
TS = Time.now.to_i
|
11
|
+
URL = "https://api.regional-table.region-services.aws.a2z.com/index.json?timestamp=#{TS}000"
|
12
|
+
|
13
|
+
region_exclusion_mistmatch = nil
|
14
|
+
|
15
|
+
#
|
16
|
+
# load current AWS Recon regions
|
17
|
+
#
|
18
|
+
recon_services = YAML.safe_load(File.read('../../lib/aws_recon/services.yaml'))
|
19
|
+
abort('Errors loading AWS Recon services') unless recon_services.is_a?(Array)
|
20
|
+
|
21
|
+
#
|
22
|
+
# load current AWS regions (non-gov, non-cn)
|
23
|
+
#
|
24
|
+
regions = YAML.safe_load(File.read('regions.yaml'))
|
25
|
+
abort('Errors loading regions') unless regions['Regions']
|
26
|
+
|
27
|
+
all_regions = regions['Regions'].map { |r| r['RegionName'] }
|
28
|
+
|
29
|
+
#
|
30
|
+
# get service/price list from AWS
|
31
|
+
#
|
32
|
+
uri = URI(URL)
|
33
|
+
res = Net::HTTP.get_response(uri)
|
34
|
+
abort('Error loading AWS services from API') unless res.code == '200'
|
35
|
+
|
36
|
+
map = {}
|
37
|
+
|
38
|
+
#
|
39
|
+
# load service region availability
|
40
|
+
#
|
41
|
+
data = res.body
|
42
|
+
json = JSON.parse(data)
|
43
|
+
|
44
|
+
# iterate through AWS provided services & regions
|
45
|
+
json['prices'].each do |p|
|
46
|
+
at = p['attributes']
|
47
|
+
service_name = at['aws:serviceName']
|
48
|
+
service_id, service_region = p['id'].split(':')
|
49
|
+
|
50
|
+
# skip this service unless AWS Recon already has exclusions
|
51
|
+
next unless recon_services.filter { |s| s['alias'] == service_id }&.length&.positive?
|
52
|
+
|
53
|
+
if map.key?(service_name)
|
54
|
+
map[service_name]['regions'] << service_region
|
55
|
+
else
|
56
|
+
map[service_name] = {
|
57
|
+
'id' => service_id,
|
58
|
+
'regions' => [service_region]
|
59
|
+
}
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
# iterate through the services AWS Recon knows about
|
64
|
+
map.sort.each do |k, v|
|
65
|
+
service_excluded_regions = all_regions.reject { |r| v['regions'].include?(r) }
|
66
|
+
|
67
|
+
aws_recon_service = recon_services.filter { |s| s['alias'] == v['id'] }&.first
|
68
|
+
aws_recon_service_excluded_regions = aws_recon_service['excluded_regions'] || []
|
69
|
+
|
70
|
+
# move on if AWS Recon region exclusions match AWS service region exclusions
|
71
|
+
next unless service_excluded_regions.sort != aws_recon_service_excluded_regions.sort
|
72
|
+
|
73
|
+
region_exclusion_mistmatch = true
|
74
|
+
|
75
|
+
puts "#{k} (#{v['id']})"
|
76
|
+
|
77
|
+
# determine the direction of the exclusion mismatch
|
78
|
+
if (service_excluded_regions - aws_recon_service_excluded_regions).length.positive?
|
79
|
+
puts " + missing region exclusion: #{(service_excluded_regions - aws_recon_service_excluded_regions).join(', ')}"
|
80
|
+
else
|
81
|
+
puts " - unnecessary region exclusion: #{(aws_recon_service_excluded_regions - service_excluded_regions).join(', ')}"
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
# exit code 1 if we have any mismatches
|
86
|
+
exit 1 if region_exclusion_mistmatch
|
@@ -0,0 +1,43 @@
|
|
1
|
+
Regions:
|
2
|
+
- Endpoint: ec2.af-south-1.amazonaws.com
|
3
|
+
RegionName: af-south-1
|
4
|
+
- Endpoint: ec2.eu-north-1.amazonaws.com
|
5
|
+
RegionName: eu-north-1
|
6
|
+
- Endpoint: ec2.ap-south-1.amazonaws.com
|
7
|
+
RegionName: ap-south-1
|
8
|
+
- Endpoint: ec2.eu-west-3.amazonaws.com
|
9
|
+
RegionName: eu-west-3
|
10
|
+
- Endpoint: ec2.eu-west-2.amazonaws.com
|
11
|
+
RegionName: eu-west-2
|
12
|
+
- Endpoint: ec2.eu-south-1.amazonaws.com
|
13
|
+
RegionName: eu-south-1
|
14
|
+
- Endpoint: ec2.eu-west-1.amazonaws.com
|
15
|
+
RegionName: eu-west-1
|
16
|
+
- Endpoint: ec2.ap-northeast-3.amazonaws.com
|
17
|
+
RegionName: ap-northeast-3
|
18
|
+
- Endpoint: ec2.ap-northeast-2.amazonaws.com
|
19
|
+
RegionName: ap-northeast-2
|
20
|
+
- Endpoint: ec2.me-south-1.amazonaws.com
|
21
|
+
RegionName: me-south-1
|
22
|
+
- Endpoint: ec2.ap-northeast-1.amazonaws.com
|
23
|
+
RegionName: ap-northeast-1
|
24
|
+
- Endpoint: ec2.sa-east-1.amazonaws.com
|
25
|
+
RegionName: sa-east-1
|
26
|
+
- Endpoint: ec2.ca-central-1.amazonaws.com
|
27
|
+
RegionName: ca-central-1
|
28
|
+
- Endpoint: ec2.ap-east-1.amazonaws.com
|
29
|
+
RegionName: ap-east-1
|
30
|
+
- Endpoint: ec2.ap-southeast-1.amazonaws.com
|
31
|
+
RegionName: ap-southeast-1
|
32
|
+
- Endpoint: ec2.ap-southeast-2.amazonaws.com
|
33
|
+
RegionName: ap-southeast-2
|
34
|
+
- Endpoint: ec2.eu-central-1.amazonaws.com
|
35
|
+
RegionName: eu-central-1
|
36
|
+
- Endpoint: ec2.us-east-1.amazonaws.com
|
37
|
+
RegionName: us-east-1
|
38
|
+
- Endpoint: ec2.us-east-2.amazonaws.com
|
39
|
+
RegionName: us-east-2
|
40
|
+
- Endpoint: ec2.us-west-1.amazonaws.com
|
41
|
+
RegionName: us-west-1
|
42
|
+
- Endpoint: ec2.us-west-2.amazonaws.com
|
43
|
+
RegionName: us-west-2
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_recon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Larsen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-04-
|
12
|
+
date: 2021-04-13 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|
@@ -163,6 +163,7 @@ extensions: []
|
|
163
163
|
extra_rdoc_files: []
|
164
164
|
files:
|
165
165
|
- ".github/stale.yml"
|
166
|
+
- ".github/workflows/check-aws-regions.yml"
|
166
167
|
- ".github/workflows/docker-build.yml"
|
167
168
|
- ".github/workflows/smoke-test.yml"
|
168
169
|
- ".gitignore"
|
@@ -245,6 +246,8 @@ files:
|
|
245
246
|
- lib/aws_recon/services.yaml
|
246
247
|
- lib/aws_recon/version.rb
|
247
248
|
- readme.md
|
249
|
+
- utils/aws/check_region_exclusions.rb
|
250
|
+
- utils/aws/regions.yaml
|
248
251
|
- utils/cloudformation/aws-recon-cfn-template.yml
|
249
252
|
- utils/terraform/cloudwatch.tf
|
250
253
|
- utils/terraform/ecs.tf
|