sport_ngin_aws_auditor 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7d0c635ba58b86cec68263f3c929d54ffbede978
+  data.tar.gz: ff8c7fb16a94ef122280a08396eaf27edb79c32f
+SHA512:
+  metadata.gz: 49491ebb5acbf0c6df12525bf54c070e7caaf2936ba21e911e9665e5efca353f324d8b71ab80a2ea53a6c51d728155d0e6a1f8c6c6a5f2118727e17945da121c
+  data.tar.gz: f6311b455eb7ba7e7c0e04c4562195bab4e209715e5e4498f5ac6344930ea6b8bc64927953313582eb87766271a00d1c376f1e5da224cad4de0f3743f8cb200b

data/.gitignore

@@ -0,0 +1,20 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+
+.DS_Store
+.aws.yml
+.google.yml
+*.gem
+.idea

data/.octopolo.yml

@@ -0,0 +1,4 @@
+github_repo: sportngin/sport_ngin_aws_auditor
+semantic_versioning: true
+branches_to_keep:
+- master

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.ruby-gemset

@@ -0,0 +1 @@
+sport_ngin_aws_auditor

data/.ruby-version

@@ -0,0 +1 @@
+ruby-2.2.5

data/.soyuz.yml

@@ -0,0 +1,13 @@
+defaults:
+  deploy_cmd: gem push *.gem
+  before_deploy_cmds:
+    - /usr/local/bin/op tag-release
+    - sed -i "" -e "s/\".*/\"$(git tag| sort -n -t. -k1,1 -k2,2 -k3,3 | tail -1 | sed s/v//)\"/" lib/sport_ngin_aws_auditor/version.rb
+    - git add  lib/sport_ngin_aws_auditor/version.rb
+    - git commit -m "Version Bump" && git push
+    - gem build sport_ngin_aws_auditor.gemspec
+  after_deploy_cmds:
+    - rm *.gem
+environments:
+  -
+    rubygems: {}

data/.travis.yml

@@ -0,0 +1,13 @@
+sudo: false
+branches:
+  only:
+    - master
+    - /^deployable.*$/
+
+language: ruby
+rvm:
+  - 2.0.0
+  - 2.1
+  - 2.2
+cache: bundler
+script: bundle exec rspec

data/CHANGELOG.markdown

@@ -0,0 +1,30 @@
+#### v3.0.2
+#### v3.0.1
+#### v3.0.0
+* Rename gem directories and modules
+
+  > Emma Sax: Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/6
+
+#### v2.1.0
+* Adding option to print audit results to Slack channel
+
+  > Emma Sax, Matt Krieger: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/4
+
+* Adding option to print audit results to Slack channel
+
+  > Emma Sax, Matt Krieger: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/4
+
+#### v2.0.0
+* Adding enhancements for taking no-reserved-instance tag into consideration during audit
+
+  > Emma Sax: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/2
+
+#### v1.0.0
+* Upgrading aws-sdk version from v1 to v2
+
+  > Emma Sax: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/3
+
+* First tests, Travis CI, MFA support, and fog file compatibility
+
+  > Brian Bergstrom: Emma Sax: https://github.com/sportngin/aws_auditor/pull/1
+

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in aws_auditor.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Elliot Hursh
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,103 @@
+# SportNginAwsAuditor
+
+Audits your AWS accounts to find discrepancies between the number of running instances and purchased reserved instances.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'sport_ngin_aws_auditor'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install sport_ngin_aws_auditor
+
+## How-to
+
+### AWS Setup
+Create an `~/.aws/credentials` file that should have the following structure:
+
+```
+[ACCOUNT 1]
+aws_access_key_id = [AWS ACCESS KEY]
+aws_secret_access_key = [SECRET ACCESS KEY]
+
+[ACCOUNT 2]
+aws_access_key_id = [AWS ACCESS KEY]
+aws_secret_access_key = [SECRET ACCESS KEY]
+
+[ACCOUNT 3]
+aws_access_key_id = [AWS ACCESS KEY]
+aws_secret_access_key = [SECRET ACCESS KEY]
+```
+
+### Google Setup (optional)
+You can export audit information to a Google Spreadsheet, but you must first follow “Create a client ID and client secret” on [this page](https://developers.google.com/drive/web/auth/web-server) to get a client ID and client secret for OAuth. Then create a `.google.yml` in your home directory with the following structure.
+
+```yaml
+---
+credentials:
+  client_id: 'GOOGLE_CLIENT_ID'
+  client_secret: 'GOOGLE_CLIENT_ID'
+file:
+  path: 'DESIRED_PATH_TO_FILE' # optional, creates in root directory otherwise
+  name: 'NAME_OF_FILE'
+```
+ 
+## Usage
+
+### The Audit Command
+
+To find discrepancies between number of running instances and purchased instances, run:
+
+    $ sport_ngin_aws_auditor audit account1
+
+Any running instances that are not matched with a reserved instance with show up as yellow (with the negative number indicating the amount), the reserved instances that are not matched with an running instance will show up in red (with the positive number indicating the amount), and any reserved instances and running instances that match will show up in green. Any instances in blue with asteriks have a special tag that can either be specified in the audit command or will be defaulted to `no-reserved-instance`.
+
+To specify your own tag name, run:
+
+    $ sport_ngin_aws_auditor audit --tag=your_custom_tag account1
+
+If you don't want to use any tag at all, run:
+
+    $ sport_ngin_aws_auditor audit --no_tag account1
+
+To print a condensed version of the discrepancies to a Slack account (instead of printing to the terminal), run:
+
+    $ sport_ngin_aws_auditor audit --slack account1
+
+For this option to use a designated channel, username, icon/emoji, and webhook, set up a global config file (called `.aws_auditor.yml`) in your home directory. The webhook urls for slack can be obtained [here](https://api.slack.com/incoming-webhooks). The config file should look something like this:
+
+```
+slack:
+  username: [AN AWESOME USERNAME]
+  icon_url: [AN AWESOME IMAGE]
+  channel: "#[AN SUPER COOL CHANNEL]"
+  webhook: [YOUR WEBHOOK URL]
+```
+
+### The Inspect Command
+
+To list information about all running instances in your account, run:
+
+    $ sport_ngin_aws_auditor inspect account1
+
+### The Export Command
+
+To export audit information to a Google Spreadsheet, make sure you added a `.google.yml` and run:
+
+    $ sport_ngin_aws_auditor export -d account1
+    
+## Contributing
+
+1. Fork it (https://github.com/sportngin/sport_ngin_aws_auditor/fork)
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/bin/sport-ngin-aws-auditor

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+require 'rubygems'
+require 'gli'
+require_relative '../lib/sport_ngin_aws_auditor'
+
+include GLI::App
+
+program_desc 'Sport Ngin AWS Auditor'
+version SportNginAwsAuditor::VERSION
+
+wrap_help_text :verbatim
+
+flag [:config], :desc => 'SportNginAwsAuditor config file path', :default_value => SportNginAwsAuditor::DefaultPaths.config
+
+program_long_desc """
+DOCUMENTATION
+"""
+
+commands_from File.expand_path(File.dirname(__FILE__) + '/../lib/sport_ngin_aws_auditor/commands')
+
+pre do |global,command,options,args|
+  SportNginAwsAuditor::Config.load(global[:config])
+  SportNginAwsAuditor::Config.merge! global
+  true
+end
+
+exit run(ARGV)

data/lib/sport_ngin_aws_auditor/aws.rb

@@ -0,0 +1,44 @@
+require 'aws-sdk'
+require 'yaml'
+require 'hashie'
+
+module SportNginAwsAuditor
+  class AwsConfig < Hash
+    include Hashie::Extensions::IndifferentAccess
+  end
+
+  class AWSSDK
+    def self.authenticate(environment)
+      shared_credentials = Aws::SharedCredentials.new(profile_name: environment)
+      Aws.config.update({region: 'us-east-1', credentials: shared_credentials})
+
+      iam = Aws::IAM::Client.new
+
+       # this will be an array of 0 or 1 because iam.list_mfa_devices.mfa_devices will only return 0 or 1 device per user;
+       # if user doesn't have MFA enabled, then this loop won't even execute
+      iam.list_mfa_devices.mfa_devices.each do |mfadevice|
+        mfa_serial_number = mfadevice.serial_number
+        mfa_token = Output.ask("Enter MFA token: "){ |q|  q.validate = /^\d{6}$/ }
+        session_credentials_hash = get_session(mfa_token,
+                                               mfa_serial_number,
+                                               shared_credentials.credentials.access_key_id,
+                                               shared_credentials.credentials.secret_access_key).credentials
+
+        session_credentials = Aws::Credentials.new(session_credentials_hash.access_key_id,
+                                                   session_credentials_hash.secret_access_key,
+                                                   session_credentials_hash.session_token)
+        Aws.config.update({region: 'us-east-1', credentials: session_credentials})
+      end
+    end
+
+    def self.get_session(mfa_token, mfa_serial_number, access_key_id, secret_access_key)
+      return @session if @session
+      sts = Aws::STS::Client.new(access_key_id: access_key_id,
+                                 secret_access_key: secret_access_key,
+                                 region: 'us-east-1')
+      @session = sts.get_session_token(duration_seconds: 3600,
+                                       serial_number: mfa_serial_number,
+                                       token_code: mfa_token)
+    end
+  end
+end

data/lib/sport_ngin_aws_auditor/cache_instance.rb

@@ -0,0 +1,69 @@
+require_relative './instance_helper'
+
+module SportNginAwsAuditor
+  class CacheInstance
+    extend InstanceHelper
+    extend CacheWrapper
+    extend AWSWrapper
+
+    class << self
+      attr_accessor :instances, :reserved_instances
+    end
+
+    attr_accessor :id, :name, :instance_type, :engine, :count, :tag_value
+    def initialize(cache_instance, account_id=nil, tag_name=nil, cache=nil)
+      if cache_instance.class.to_s == "Aws::ElastiCache::Types::ReservedCacheNode"
+        self.id = cache_instance.reserved_cache_node_id
+        self.name = cache_instance.reserved_cache_node_id
+        self.instance_type = cache_instance.cache_node_type
+        self.engine = cache_instance.product_description
+        self.count = cache_instance.cache_node_count
+      elsif cache_instance.class.to_s == "Aws::ElastiCache::Types::CacheCluster"
+        self.id = cache_instance.cache_cluster_id
+        self.name = cache_instance.cache_cluster_id
+        self.instance_type = cache_instance.cache_node_type
+        self.engine = cache_instance.engine
+        self.count = cache_instance.num_cache_nodes
+
+        if tag_name
+          region = cache_instance.preferred_availability_zone.split(//).first(9).join
+          region = "us-east-1" if region == "Multiple"
+          arn = "arn:aws:elasticache:#{region}:#{account_id}:cluster:#{self.id}"
+
+           # go through to see if the tag we're looking for is one of them
+          cache.list_tags_for_resource(resource_name: arn).tag_list.each do |tag|
+            if tag.key == tag_name
+              self.tag_value = tag.value
+            end
+          end
+        end
+      end
+    end
+
+    def to_s
+      "#{engine} #{instance_type}"
+    end
+
+    def self.get_instances(tag_name=nil)
+      return @instances if @instances
+      account_id = get_account_id
+      @instances = cache.describe_cache_clusters.cache_clusters.map do |instance|
+        next unless instance.cache_cluster_status.to_s == 'available'
+        new(instance, account_id, tag_name, cache)
+      end.compact
+    end
+
+    def self.get_reserved_instances
+      return @reserved_instances if @reserved_instances
+      @reserved_instances = cache.describe_reserved_cache_nodes.reserved_cache_nodes.map do |instance|
+        next unless instance.state.to_s == 'active'
+        new(instance)
+      end.compact
+    end
+
+    def no_reserved_instance_tag_value
+      @tag_value
+    end
+    
+  end
+end

data/lib/sport_ngin_aws_auditor/commands/audit.rb

@@ -0,0 +1,17 @@
+arg :aws_account
+desc 'Audits Reserved Instance Counts'
+command 'audit' do |c|
+  c.switch [:e, :ec2], :desc => "Only audit EC2 instances"
+  c.switch [:d, :rds], :desc => "Only audit RDS instances"
+  c.switch [:c, :cache], :desc => "Only audit ElastiCache instances"
+  c.switch [:r, :reserved], :desc => "Shows reserved instance counts"
+  c.switch [:i, :instances], :desc => "Shows current instance counts"
+  c.flag [:t, :tag], :default_value => "no-reserved-instance", :desc => "Read a tag and group separately during audit"
+  c.switch [:n, :no_tag], :desc => "Ignore all tags during audit"
+  c.switch [:s, :slack], :desc => "Will print condensed version of audit to a Slack channel"
+  c.action do |global_options, options, args|
+    require_relative '../scripts/audit'
+    raise ArgumentError, 'You must specify an AWS account' unless args.first
+    SportNginAwsAuditor::Scripts::Audit.execute(args.first, options)
+  end
+end

data/lib/sport_ngin_aws_auditor/commands/export.rb

@@ -0,0 +1,11 @@
+arg :aws_account
+desc 'Export an Audit to Google SpreadSheets'
+command 'export' do |c|
+  c.switch [:c, :csv], :desc => "Exports to CSV"
+  c.switch [:d, :drive], :desc => "Exports to Google Drive"
+  c.action do |global_options, options, args|
+    require_relative '../scripts/export'
+    raise ArgumentError, 'You must specify an AWS account' unless args.first
+    SportNginAwsAuditor::Scripts::Export.execute(args.first, options)
+  end
+end

data/lib/sport_ngin_aws_auditor/commands/inspect.rb

@@ -0,0 +1,12 @@
+arg :aws_account
+desc 'Reviews Stack Instances'
+command 'inspect' do |c|
+  c.switch [:e, :ec2], :desc => "Only inspect EC2 instances"
+  c.switch [:d, :rds], :desc => "Only inspect RDS instances"
+  c.switch [:c, :cache], :desc => "Only inspect ElastiCache instances"
+  c.action do |global_options, options, args|
+    require_relative '../scripts/inspect'
+    raise ArgumentError, 'You must specify an AWS account' unless args.first
+    SportNginAwsAuditor::Scripts::Inspect.execute(args.first,options)
+  end
+end

data/lib/sport_ngin_aws_auditor/config.rb

@@ -0,0 +1,51 @@
+require 'yaml'
+require 'hashie'
+
+module SportNginAwsAuditor
+
+  class DefaultPaths
+    class << self
+      def config
+        File.join(self.home,'.aws_auditor.yml')
+      end
+
+      def home
+        ENV['HOME'] ? ENV['HOME'] : "."
+      end
+    end
+  end
+
+  class Config
+    class << self
+
+      def config
+        config_data.to_hash
+      end
+
+      def load(path)
+        if File.exist?(path)
+          load_config(path)
+          return config
+        else
+          return {}
+        end
+      end
+
+      def config_data
+        @config_data ||= Hashie::Mash.new
+      end
+      private :config_data
+
+      def method_missing(method, args=false)
+        config_data.send(method, args)
+      end
+      private :method_missing
+
+      def load_config(file)
+        YAML.load_file(file).each{ |key,value| config_data.assign_property(key, value) }
+      end
+      private :load_config
+
+    end
+  end
+end

data/lib/sport_ngin_aws_auditor/convenience_wrappers.rb

@@ -0,0 +1,59 @@
+require_relative './aws'
+require_relative './google'
+
+module SportNginAwsAuditor
+  attr_accessor :creds
+
+  module AWSWrapper
+    attr_accessor :aws, :account_id
+
+    def aws(environment)
+      SportNginAwsAuditor::AWSSDK.authenticate(environment)
+    end
+
+    def get_account_id
+      @account_id ||= Aws::STS::Client.new.get_caller_identity.account
+    end
+  end
+
+  module EC2Wrapper
+    attr_accessor :ec2
+
+    def ec2
+      @ec2 ||= Aws::EC2::Client.new
+    end
+  end
+
+  module OpsWorksWrapper
+    attr_accessor :opsworks
+
+    def opsworks
+      @opsworks ||= Aws::OpsWorks::Client.new
+    end
+  end
+
+  module RDSWrapper
+    attr_accessor :rds
+
+    def rds
+      @rds ||= Aws::RDS::Client.new
+    end
+  end
+    
+  module CacheWrapper
+    attr_accessor :cache
+
+    def cache
+      @cache ||= Aws::ElastiCache::Client.new
+    end
+  end
+
+  module GoogleWrapper
+    attr_accessor :google
+
+    def google
+      @google ||= SportNginAwsAuditor::Google.configuration
+    end
+  end
+  
+end

data/lib/sport_ngin_aws_auditor/ec2_instance.rb

@@ -0,0 +1,119 @@
+require_relative './instance_helper'
+
+module SportNginAwsAuditor
+  class EC2Instance
+    extend InstanceHelper
+    extend EC2Wrapper
+
+    class << self
+      attr_accessor :instances, :reserved_instances
+    end
+
+    attr_accessor :id, :name, :platform, :availability_zone, :instance_type, :count, :stack_name, :tag_value
+    def initialize(ec2_instance, tag_name, count=1)
+      if ec2_instance.class.to_s == "Aws::EC2::Types::ReservedInstances"
+        self.id = ec2_instance.reserved_instances_id
+        self.name = nil
+        self.platform = platform_helper(ec2_instance)
+        self.availability_zone = ec2_instance.availability_zone
+        self.instance_type = ec2_instance.instance_type
+        self.count = count
+        self.stack_name = nil
+      elsif ec2_instance.class.to_s == "Aws::EC2::Types::Instance"
+        self.id = ec2_instance.instance_id
+        self.name = nil
+        self.platform = platform_helper(ec2_instance)
+        self.availability_zone = ec2_instance.placement.availability_zone
+        self.instance_type = ec2_instance.instance_type
+        self.count = count
+        self.stack_name = nil
+
+        # go through to see if the tag we're looking for is one of them
+        if tag_name
+          ec2_instance.tags.each do |tag|
+            if tag.key == tag_name
+              self.tag_value = tag.value
+            end
+          end
+        end
+      end
+    end
+
+    def to_s
+      "#{platform} #{availability_zone} #{instance_type}"
+    end
+
+    def self.get_instances(tag_name=nil)
+      return @instances if @instances
+      @instances = ec2.describe_instances.reservations.map do |reservation|
+        reservation.instances.map do |instance|
+          next unless instance.state.name == 'running'
+          new(instance, tag_name)
+        end.compact
+      end.flatten.compact
+      get_more_info
+    end
+
+    def self.get_reserved_instances
+      return @reserved_instances if @reserved_instances
+      @reserved_instances = ec2.describe_reserved_instances.reserved_instances.map do |ri|
+        next unless ri.state == 'active'
+        new(ri, nil, ri.instance_count)
+      end.compact
+    end
+
+    def no_reserved_instance_tag_value
+      @tag_value
+    end
+
+    def platform_helper(ec2_instance)
+      if ec2_instance.class.to_s == "Aws::EC2::Types::Instance"
+        if ec2_instance.vpc_id
+          return 'VPC'
+        elsif ec2_instance.platform
+          if ec2_instance.platform.downcase.include? 'windows' 
+            return 'Windows'
+          else
+            return 'Linux'
+          end
+        else
+          return 'Linux'
+        end
+      elsif ec2_instance.class.to_s == "Aws::EC2::Types::ReservedInstances"
+        if ec2_instance.product_description.downcase.include? 'vpc'
+          return 'VPC'
+        elsif ec2_instance.product_description.downcase.include? 'windows'
+          return 'Windows'
+        else
+          return 'Linux'
+        end
+      end
+    end
+    private :platform_helper
+
+    def self.get_more_info
+      get_instances.each do |instance|
+        tags = ec2.describe_tags(:filters => [{:name => "resource-id", :values => [instance.id]}]).tags
+        tags = Hash[tags.map { |tag| [tag[:key], tag[:value]]}.compact]
+        instance.name = tags["Name"]
+        instance.stack_name = tags["opsworks:stack"]
+      end
+    end
+    private_class_method :get_more_info
+
+    def self.bucketize
+      buckets = {}
+      get_instances.map do |instance|
+        name = instance.stack_name || instance.name
+        if name
+          buckets[name] = [] unless buckets.has_key? name
+          buckets[name] << instance
+        else
+          puts "Could not sort #{instance.id}, as it has no stack_name or name"
+        end
+      end
+      buckets.sort_by{|k,v| k }
+    end
+
+  end
+end