sport_ngin_aws_auditor 4.0.1 → 4.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.markdown +5 -0
- data/README.md +25 -7
- data/lib/sport_ngin_aws_auditor/rds_instance.rb +3 -1
- data/lib/sport_ngin_aws_auditor/scripts/audit.rb +1 -1
- data/lib/sport_ngin_aws_auditor/version.rb +1 -1
- data/spec/sport_ngin_aws_auditor/rds_instance_spec.rb +2 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1f426df86916c5bfc67f5365e79ac2513b4d483b
|
|
4
|
+
data.tar.gz: 156e31cd09966a7ba2b0711806590db245720905
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cadd9bc310d7059b7d87e32435a0f62ea4ca0e061dd4ad738f3acb92e529f48db26f18ac619524ed31fa8774cd98200c2504e0836318ead5a9c96650d0095cbd
|
|
7
|
+
data.tar.gz: a2d1514429102855e104085528102e9c04959292a6e32121539a34336672e9d12bd91070f9c232c9243c7a27ba018656a0e03bbb78d91efec4d01a7a50ffc18c
|
data/CHANGELOG.markdown
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
#### v4.0.2
|
|
2
|
+
* Define availability zone as attribute for RDS object to avoid errors
|
|
3
|
+
|
|
4
|
+
> Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/35
|
|
5
|
+
|
|
1
6
|
#### v4.0.1
|
|
2
7
|
* Concat all of the similar values into one value right before printing
|
|
3
8
|
|
data/README.md
CHANGED
|
@@ -21,7 +21,7 @@ Or install it yourself as:
|
|
|
21
21
|
## How-to
|
|
22
22
|
|
|
23
23
|
### AWS Setup
|
|
24
|
-
|
|
24
|
+
There are three ways to authenticate AWS. The first is to create an `~/.aws/credentials` file that should have the following structure:
|
|
25
25
|
|
|
26
26
|
```
|
|
27
27
|
[ACCOUNT 1]
|
|
@@ -37,10 +37,18 @@ aws_access_key_id = [AWS ACCESS KEY]
|
|
|
37
37
|
aws_secret_access_key = [SECRET ACCESS KEY]
|
|
38
38
|
```
|
|
39
39
|
|
|
40
|
-
Then this gem will use [AWS Shared Credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) with your credentials file.
|
|
40
|
+
Then this gem will use [AWS Shared Credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) with your credentials file. This is the default. If you'd like to pass a different config file, use the `--config` flag.
|
|
41
|
+
|
|
42
|
+
The second way to authenticate is through [User Roles](http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html), then use the flag `aws_roles`:
|
|
41
43
|
|
|
42
44
|
$ sport-ngin-aws-auditor --aws_roles [command] account1
|
|
43
45
|
|
|
46
|
+
The third way to authenticate is authentication by assumed roles. To indicate this, use the `--assume_roles` switch. If using assumed roles, then the auditor needs a role name, which is defaulted to 'CrossAccountAuditorAccess'. Alternatively, a role name can be passed in with `--role_name`. Lastly, if using assumed roles, the auditor will also need an arn id. Identify this with the `--arn_id` option. The arn id is the identifying digits of the AWS arn arn:aws:iam::999999999999:role/#{role_name}.
|
|
47
|
+
|
|
48
|
+
```
|
|
49
|
+
$ sport-ngin-aws-auditor --assume_roles --role_name=MyRoleName --arn_id=999999999999 [command] account1
|
|
50
|
+
```
|
|
51
|
+
|
|
44
52
|
### Google Setup (optional)
|
|
45
53
|
You can export audit information to a Google Spreadsheet, but you must first follow “Create a client ID and client secret” on [this page](https://developers.google.com/drive/web/auth/web-server) to get a client ID and client secret for OAuth. Then create a `.google.yml` in your home directory with the following structure.
|
|
46
54
|
|
|
@@ -56,21 +64,29 @@ file:
|
|
|
56
64
|
|
|
57
65
|
## Usage
|
|
58
66
|
|
|
67
|
+
### Global Options
|
|
68
|
+
|
|
69
|
+
When auditing, it can be handy to pass in a special name to be printed describing the account that's being audited. This can be done through the `--display=Example` flag.
|
|
70
|
+
|
|
71
|
+
Lastly, a user can tell the auditor which region to run the auditor in through the `--region=us-east-1` flag. If no region is specified, it will be run in every U.S. region: us-east-1, us-east-2, us-west-1, and us-west-2.
|
|
72
|
+
|
|
59
73
|
### The Audit Command
|
|
60
74
|
|
|
61
75
|
To find discrepancies between number of running instances and purchased instances, run:
|
|
62
76
|
|
|
63
77
|
$ sport-ngin-aws-auditor audit account1
|
|
64
78
|
|
|
65
|
-
Any running instances that are not matched with a reserved instance with show up as yellow, the reserved instances that are not matched with a running instance will show up in red, and any reserved instances and running instances that match will show up in green. Any instances in blue
|
|
79
|
+
Any running instances that are not matched with a reserved instance with show up as yellow, the reserved instances that are not matched with a running instance will show up in red, and any reserved instances and running instances that match will show up in green. Any instances in blue either have a special tag or are being ignored.
|
|
66
80
|
|
|
67
|
-
To
|
|
81
|
+
You can also audit just EC2 instances, just RDS instances, or just CacheInstances. To do this, use `--ec2`, `--rds`, and `--cache` respectively. Or, you can use the audit account to just show counts of reserved instances and reserved instances. To do that, use the `--reserved` and `--instances` options.
|
|
68
82
|
|
|
69
|
-
|
|
83
|
+
The tag can be specified through the `--tag=tag_name` option. Or, it will be defaulted to 'no-reserved-instance'. This means that when an instance is found that contains the tag 'no-reserved-instance', it will evaluate it separately from the other running instances, and list it in blue.
|
|
70
84
|
|
|
71
|
-
If
|
|
85
|
+
If a user wants to completely ignore tags, then use the `--no_tag` switch to turn tags off.
|
|
72
86
|
|
|
73
|
-
|
|
87
|
+
If an instance is ignored, it means that the name of the instance matches one of the ignore_instances_patterns. These patterns can be specified through the `--ignore_instances_patterns='string1, string2, string3'` flag, or they will be defaulted to 'kitchen' and 'auto'. Like the tagged instances, if an instance name matches one of these patterns, it will be listed separately and not used in calculating red/yellow/green instances.
|
|
88
|
+
|
|
89
|
+
To ignore instance regexes, pass in an empty string or nil as the instances.
|
|
74
90
|
|
|
75
91
|
To print a condensed version of the discrepancies to a Slack account (instead of printing to the terminal), run:
|
|
76
92
|
|
|
@@ -92,6 +108,8 @@ The default is for the file to be called `.aws_auditor.yml` in your home directo
|
|
|
92
108
|
|
|
93
109
|
The webhook urls for slack can be obtained [here](https://api.slack.com/incoming-webhooks).
|
|
94
110
|
|
|
111
|
+
In AWS, when booting reserved instances, a user can choose between an availability zone RI, where the RI will cover an instance in that specific zone, such as us-east-1b, or it can be a region RI, where it will just cover any instance in the region us-east-1 (that matches in size, of course). Therefore, there are two ways to audit the data to account for this. To print the data with zones, use the `--zone_output` option. Without the `--zone_output`, the data will ignore zone-based data to just print region-based data.
|
|
112
|
+
|
|
95
113
|
### The Inspect Command
|
|
96
114
|
|
|
97
115
|
To list information about all running instances in your account, run:
|
|
@@ -30,11 +30,12 @@ module SportNginAwsAuditor
|
|
|
30
30
|
end
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
attr_accessor :id, :name, :multi_az, :scope, :instance_type, :engine, :count, :tag_value, :tag_reason, :expiration_date
|
|
33
|
+
attr_accessor :id, :name, :multi_az, :scope, :instance_type, :engine, :count, :tag_value, :tag_reason, :expiration_date, :availability_zone
|
|
34
34
|
def initialize(rds_instance, account_id=nil, tag_name=nil, client=nil)
|
|
35
35
|
if rds_instance.class.to_s == "Aws::RDS::Types::ReservedDBInstance"
|
|
36
36
|
self.id = rds_instance.reserved_db_instances_offering_id
|
|
37
37
|
self.scope = nil
|
|
38
|
+
self.availability_zone = nil
|
|
38
39
|
self.multi_az = rds_instance.multi_az ? "Multi-AZ" : "Single-AZ"
|
|
39
40
|
self.instance_type = rds_instance.db_instance_class
|
|
40
41
|
self.engine = engine_helper(rds_instance.product_description)
|
|
@@ -44,6 +45,7 @@ module SportNginAwsAuditor
|
|
|
44
45
|
self.id = rds_instance.db_instance_identifier
|
|
45
46
|
self.name = rds_instance.db_name
|
|
46
47
|
self.scope = nil
|
|
48
|
+
self.availability_zone = rds_instance.availability_zone
|
|
47
49
|
self.multi_az = rds_instance.multi_az ? "Multi-AZ" : "Single-AZ"
|
|
48
50
|
self.instance_type = rds_instance.db_instance_class
|
|
49
51
|
self.engine = engine_helper(rds_instance.engine)
|
|
@@ -124,7 +124,7 @@ module SportNginAwsAuditor
|
|
|
124
124
|
if tag.reason
|
|
125
125
|
description ="#{prefix} #{tag.instance_name} (#{tag.instance_type}) retired on #{tag.value} because #{tag.reason}\n"
|
|
126
126
|
else
|
|
127
|
-
description = "#{prefix} #{tag.instance_name} (#{tag.instance_type}) retired on #{tag.value}"
|
|
127
|
+
description = "#{prefix} #{tag.instance_name} (#{tag.instance_type}) retired on #{tag.value}\n"
|
|
128
128
|
end
|
|
129
129
|
|
|
130
130
|
@message << description.colorize(:color => color)
|
|
@@ -58,6 +58,7 @@ module SportNginAwsAuditor
|
|
|
58
58
|
expect(instance.multi_az).to eq("Single-AZ")
|
|
59
59
|
expect(instance.instance_type).to eq("db.t2.small")
|
|
60
60
|
expect(instance.engine).to eq("MySQL")
|
|
61
|
+
expect(instance.availability_zone).to eq('us-east-1a')
|
|
61
62
|
end
|
|
62
63
|
end
|
|
63
64
|
|
|
@@ -100,6 +101,7 @@ module SportNginAwsAuditor
|
|
|
100
101
|
expect(reserved_instance.multi_az).to eq("Single-AZ")
|
|
101
102
|
expect(reserved_instance.instance_type).to eq("db.t2.small")
|
|
102
103
|
expect(reserved_instance.engine).to eq("Oracle SE Two")
|
|
104
|
+
expect(reserved_instance.availability_zone).to eq(nil)
|
|
103
105
|
end
|
|
104
106
|
|
|
105
107
|
context "for retired_reserved_rds_instances" do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sport_ngin_aws_auditor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.
|
|
4
|
+
version: 4.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elliot Hursh
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2017-
|
|
13
|
+
date: 2017-02-23 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: aws-sdk
|