PyPI - runbooks - Versions diffs - 0.7.0__py3-none-any.whl → 0.7.6__py3-none-any.whl - Mend

runbooks 0.7.0py3-none-any.whl → 0.7.6py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

runbooks/__init__.py +87 -37
runbooks/cfat/README.md +300 -49
runbooks/cfat/__init__.py +2 -2
runbooks/finops/__init__.py +1 -1
runbooks/finops/cli.py +1 -1
runbooks/inventory/collectors/__init__.py +8 -0
runbooks/inventory/collectors/aws_management.py +791 -0
runbooks/inventory/collectors/aws_networking.py +3 -3
runbooks/main.py +3389 -782
runbooks/operate/__init__.py +207 -0
runbooks/operate/base.py +311 -0
runbooks/operate/cloudformation_operations.py +619 -0
runbooks/operate/cloudwatch_operations.py +496 -0
runbooks/operate/dynamodb_operations.py +812 -0
runbooks/operate/ec2_operations.py +926 -0
runbooks/operate/iam_operations.py +569 -0
runbooks/operate/s3_operations.py +1211 -0
runbooks/operate/tagging_operations.py +655 -0
runbooks/remediation/CLAUDE.md +100 -0
runbooks/remediation/DOME9.md +218 -0
runbooks/remediation/README.md +26 -0
runbooks/remediation/Tests/__init__.py +0 -0
runbooks/remediation/Tests/update_policy.py +74 -0
runbooks/remediation/__init__.py +95 -0
runbooks/remediation/acm_cert_expired_unused.py +98 -0
runbooks/remediation/acm_remediation.py +875 -0
runbooks/remediation/api_gateway_list.py +167 -0
runbooks/remediation/base.py +643 -0
runbooks/remediation/cloudtrail_remediation.py +908 -0
runbooks/remediation/cloudtrail_s3_modifications.py +296 -0
runbooks/remediation/cognito_active_users.py +78 -0
runbooks/remediation/cognito_remediation.py +856 -0
runbooks/remediation/cognito_user_password_reset.py +163 -0
runbooks/remediation/commons.py +455 -0
runbooks/remediation/dynamodb_optimize.py +155 -0
runbooks/remediation/dynamodb_remediation.py +744 -0
runbooks/remediation/dynamodb_server_side_encryption.py +108 -0
runbooks/remediation/ec2_public_ips.py +134 -0
runbooks/remediation/ec2_remediation.py +892 -0
runbooks/remediation/ec2_subnet_disable_auto_ip_assignment.py +72 -0
runbooks/remediation/ec2_unattached_ebs_volumes.py +448 -0
runbooks/remediation/ec2_unused_security_groups.py +202 -0
runbooks/remediation/kms_enable_key_rotation.py +651 -0
runbooks/remediation/kms_remediation.py +717 -0
runbooks/remediation/lambda_list.py +243 -0
runbooks/remediation/lambda_remediation.py +971 -0
runbooks/remediation/multi_account.py +569 -0
runbooks/remediation/rds_instance_list.py +199 -0
runbooks/remediation/rds_remediation.py +873 -0
runbooks/remediation/rds_snapshot_list.py +192 -0
runbooks/remediation/requirements.txt +118 -0
runbooks/remediation/s3_block_public_access.py +159 -0
runbooks/remediation/s3_bucket_public_access.py +143 -0
runbooks/remediation/s3_disable_static_website_hosting.py +74 -0
runbooks/remediation/s3_downloader.py +215 -0
runbooks/remediation/s3_enable_access_logging.py +562 -0
runbooks/remediation/s3_encryption.py +526 -0
runbooks/remediation/s3_force_ssl_secure_policy.py +143 -0
runbooks/remediation/s3_list.py +141 -0
runbooks/remediation/s3_object_search.py +201 -0
runbooks/remediation/s3_remediation.py +816 -0
runbooks/remediation/scan_for_phrase.py +425 -0
runbooks/remediation/workspaces_list.py +220 -0
runbooks/security/__init__.py +9 -10
runbooks/security/security_baseline_tester.py +4 -2
runbooks-0.7.6.dist-info/METADATA +608 -0
{runbooks-0.7.0.dist-info → runbooks-0.7.6.dist-info}/RECORD +84 -76
{runbooks-0.7.0.dist-info → runbooks-0.7.6.dist-info}/entry_points.txt +0 -1
{runbooks-0.7.0.dist-info → runbooks-0.7.6.dist-info}/top_level.txt +0 -1
jupyter-agent/.env +0 -2
jupyter-agent/.env.template +0 -2
jupyter-agent/.gitattributes +0 -35
jupyter-agent/.gradio/certificate.pem +0 -31
jupyter-agent/README.md +0 -16
jupyter-agent/__main__.log +0 -8
jupyter-agent/app.py +0 -256
jupyter-agent/cloudops-agent.png +0 -0
jupyter-agent/ds-system-prompt.txt +0 -154
jupyter-agent/jupyter-agent.png +0 -0
jupyter-agent/llama3_template.jinja +0 -123
jupyter-agent/requirements.txt +0 -9
jupyter-agent/tmp/4ojbs8a02ir/jupyter-agent.ipynb +0 -68
jupyter-agent/tmp/cm5iasgpm3p/jupyter-agent.ipynb +0 -91
jupyter-agent/tmp/crqbsseag5/jupyter-agent.ipynb +0 -91
jupyter-agent/tmp/hohanq1u097/jupyter-agent.ipynb +0 -57
jupyter-agent/tmp/jns1sam29wm/jupyter-agent.ipynb +0 -53
jupyter-agent/tmp/jupyter-agent.ipynb +0 -27
jupyter-agent/utils.py +0 -409
runbooks/aws/__init__.py +0 -58
runbooks/aws/dynamodb_operations.py +0 -231
runbooks/aws/ec2_copy_image_cross-region.py +0 -195
runbooks/aws/ec2_describe_instances.py +0 -202
runbooks/aws/ec2_ebs_snapshots_delete.py +0 -186
runbooks/aws/ec2_run_instances.py +0 -213
runbooks/aws/ec2_start_stop_instances.py +0 -212
runbooks/aws/ec2_terminate_instances.py +0 -143
runbooks/aws/ec2_unused_eips.py +0 -196
runbooks/aws/ec2_unused_volumes.py +0 -188
runbooks/aws/s3_create_bucket.py +0 -142
runbooks/aws/s3_list_buckets.py +0 -152
runbooks/aws/s3_list_objects.py +0 -156
runbooks/aws/s3_object_operations.py +0 -183
runbooks/aws/tagging_lambda_handler.py +0 -183
runbooks/inventory/FAILED_SCRIPTS_TROUBLESHOOTING.md +0 -619
runbooks/inventory/PASSED_SCRIPTS_GUIDE.md +0 -738
runbooks/inventory/aws_organization.png +0 -0
runbooks/inventory/cfn_move_stack_instances.py +0 -1526
runbooks/inventory/delete_s3_buckets_objects.py +0 -169
runbooks/inventory/lockdown_cfn_stackset_role.py +0 -224
runbooks/inventory/update_aws_actions.py +0 -173
runbooks/inventory/update_cfn_stacksets.py +0 -1215
runbooks/inventory/update_cloudwatch_logs_retention_policy.py +0 -294
runbooks/inventory/update_iam_roles_cross_accounts.py +0 -478
runbooks/inventory/update_s3_public_access_block.py +0 -539
runbooks/organizations/__init__.py +0 -12
runbooks/organizations/manager.py +0 -374
runbooks-0.7.0.dist-info/METADATA +0 -375
/runbooks/inventory/{tests → Tests}/common_test_data.py +0 -0
/runbooks/inventory/{tests → Tests}/common_test_functions.py +0 -0
/runbooks/inventory/{tests → Tests}/script_test_data.py +0 -0
/runbooks/inventory/{tests → Tests}/setup.py +0 -0
/runbooks/inventory/{tests → Tests}/src.py +0 -0
/runbooks/inventory/{tests/test_inventory_modules.py → Tests/test_Inventory_Modules.py} +0 -0
/runbooks/inventory/{tests → Tests}/test_cfn_describe_stacks.py +0 -0
/runbooks/inventory/{tests → Tests}/test_ec2_describe_instances.py +0 -0
/runbooks/inventory/{tests → Tests}/test_lambda_list_functions.py +0 -0
/runbooks/inventory/{tests → Tests}/test_moto_integration_example.py +0 -0
/runbooks/inventory/{tests → Tests}/test_org_list_accounts.py +0 -0
/runbooks/inventory/{Inventory_Modules.py → inventory_modules.py} +0 -0
/runbooks/{aws → operate}/tags.json +0 -0
{runbooks-0.7.0.dist-info → runbooks-0.7.6.dist-info}/WHEEL +0 -0
{runbooks-0.7.0.dist-info → runbooks-0.7.6.dist-info}/licenses/LICENSE +0 -0

runbooks/organizations/manager.py DELETED Viewed

@@ -1,374 +0,0 @@
-"""
-Organizational Unit (OU) management for AWS Organizations.
-This module provides capabilities for setting up and managing
-AWS Organizations structure following Cloud Foundations best practices.
-"""
-from pathlib import Path
-from typing import Any, Dict, List, Optional, Union
-import yaml
-from loguru import logger
-from runbooks.base import CloudFoundationsBase, ProgressTracker
-from runbooks.config import RunbooksConfig
-class OUManager(CloudFoundationsBase):
-    """
-    Manager for AWS Organizations OU structure.
-    Provides capabilities to create and manage organizational unit
-    structures based on Cloud Foundations templates.
-    """
-    def __init__(
-        self, profile: Optional[str] = None, region: Optional[str] = None, config: Optional[RunbooksConfig] = None
-    ):
-        """Initialize OU manager."""
-        super().__init__(profile, region, config)
-        self._org_client = None
-    @property
-    def org_client(self):
-        """Get AWS Organizations client."""
-        if self._org_client is None:
-            self._org_client = self.get_client("organizations")
-        return self._org_client
-    def get_template_structure(self, template: str) -> Dict[str, Any]:
-        """
-        Get predefined OU structure template.
-        Args:
-            template: Template name ('standard', 'security', 'custom')
-        Returns:
-            OU structure definition
-        """
-        templates = {
-            "standard": {
-                "name": "Standard OU Structure",
-                "description": "Standard Cloud Foundations OU structure",
-                "organizational_units": [
-                    {
-                        "name": "Core",
-                        "description": "Core organizational units for foundational services",
-                        "children": [
-                            {
-                                "name": "Log Archive",
-                                "description": "Centralized logging account",
-                                "policies": ["LogArchivePolicy"],
-                            },
-                            {
-                                "name": "Audit",
-                                "description": "Security and compliance auditing",
-                                "policies": ["AuditPolicy"],
-                            },
-                            {
-                                "name": "Shared Services",
-                                "description": "Shared infrastructure services",
-                                "policies": ["SharedServicesPolicy"],
-                            },
-                        ],
-                    },
-                    {
-                        "name": "Production",
-                        "description": "Production workload accounts",
-                        "children": [
-                            {
-                                "name": "Prod-WebApps",
-                                "description": "Production web applications",
-                                "policies": ["ProductionPolicy"],
-                            },
-                            {
-                                "name": "Prod-Data",
-                                "description": "Production data services",
-                                "policies": ["ProductionPolicy", "DataPolicy"],
-                            },
-                        ],
-                    },
-                    {
-                        "name": "Non-Production",
-                        "description": "Development and testing accounts",
-                        "children": [
-                            {
-                                "name": "Development",
-                                "description": "Development environments",
-                                "policies": ["DevelopmentPolicy"],
-                            },
-                            {
-                                "name": "Testing",
-                                "description": "Testing and staging environments",
-                                "policies": ["TestingPolicy"],
-                            },
-                        ],
-                    },
-                ],
-            },
-            "security": {
-                "name": "Security-Focused OU Structure",
-                "description": "Enhanced security OU structure with additional controls",
-                "organizational_units": [
-                    {
-                        "name": "Security",
-                        "description": "Security and compliance organizational unit",
-                        "children": [
-                            {
-                                "name": "Security-Prod",
-                                "description": "Production security tools",
-                                "policies": ["SecurityProdPolicy"],
-                            },
-                            {
-                                "name": "Security-NonProd",
-                                "description": "Non-production security tools",
-                                "policies": ["SecurityNonProdPolicy"],
-                            },
-                            {
-                                "name": "Log Archive",
-                                "description": "Centralized security logging",
-                                "policies": ["LogArchivePolicy", "SecurityLogPolicy"],
-                            },
-                            {
-                                "name": "Audit",
-                                "description": "Security auditing and compliance",
-                                "policies": ["AuditPolicy", "CompliancePolicy"],
-                            },
-                        ],
-                    },
-                    {
-                        "name": "Workloads",
-                        "description": "Application workload accounts",
-                        "children": [
-                            {
-                                "name": "Prod-HighSecurity",
-                                "description": "High security production workloads",
-                                "policies": ["HighSecurityPolicy", "ProductionPolicy"],
-                            },
-                            {
-                                "name": "Prod-Standard",
-                                "description": "Standard production workloads",
-                                "policies": ["StandardSecurityPolicy", "ProductionPolicy"],
-                            },
-                            {
-                                "name": "NonProd",
-                                "description": "Non-production workloads",
-                                "policies": ["NonProdPolicy"],
-                            },
-                        ],
-                    },
-                ],
-            },
-        }
-        if template not in templates:
-            raise ValueError(f"Unknown template: {template}. Available: {list(templates.keys())}")
-        logger.info(f"Using OU structure template: {template}")
-        return templates[template]
-    def load_structure_from_file(self, file_path: Union[str, Path]) -> Dict[str, Any]:
-        """
-        Load OU structure from YAML file.
-        Args:
-            file_path: Path to YAML structure file
-        Returns:
-            OU structure definition
-        """
-        config_path = Path(file_path)
-        if not config_path.exists():
-            raise FileNotFoundError(f"Structure file not found: {config_path}")
-        try:
-            with open(config_path, "r", encoding="utf-8") as f:
-                structure = yaml.safe_load(f)
-            logger.info(f"Loaded OU structure from: {config_path}")
-            return structure
-        except Exception as e:
-            logger.error(f"Failed to load structure file: {e}")
-            raise
-    def create_ou_structure(self, structure: Dict[str, Any]) -> Dict[str, Any]:
-        """
-        Create OU structure in AWS Organizations.
-        Args:
-            structure: OU structure definition
-        Returns:
-            Creation results with OU IDs and status
-        """
-        logger.info(f"Creating OU structure: {structure.get('name', 'Unnamed')}")
-        try:
-            # Get organization root
-            root_id = self._get_organization_root()
-            # Create OUs
-            results = {"structure_name": structure.get("name"), "root_id": root_id, "created_ous": [], "errors": []}
-            organizational_units = structure.get("organizational_units", [])
-            progress = ProgressTracker(len(organizational_units), "Creating organizational units")
-            for ou_def in organizational_units:
-                try:
-                    ou_result = self._create_ou_recursive(ou_def, root_id)
-                    results["created_ous"].append(ou_result)
-                    progress.update(status=f"Created {ou_def['name']}")
-                except Exception as e:
-                    error_msg = f"Failed to create OU {ou_def['name']}: {e}"
-                    logger.error(error_msg)
-                    results["errors"].append(error_msg)
-                    progress.update(status=f"Failed {ou_def['name']}")
-            progress.complete()
-            logger.info(f"OU structure creation completed. Created {len(results['created_ous'])} OUs")
-            return results
-        except Exception as e:
-            logger.error(f"OU structure creation failed: {e}")
-            raise
-    def _get_organization_root(self) -> str:
-        """Get the organization root ID."""
-        try:
-            response = self._make_aws_call(self.org_client.list_roots)
-            if not response.get("Roots"):
-                raise Exception("No organization roots found")
-            root_id = response["Roots"][0]["Id"]
-            logger.debug(f"Found organization root: {root_id}")
-            return root_id
-        except Exception as e:
-            logger.error(f"Failed to get organization root: {e}")
-            raise
-    def _create_ou_recursive(self, ou_def: Dict[str, Any], parent_id: str) -> Dict[str, Any]:
-        """
-        Recursively create OU and its children.
-        Args:
-            ou_def: OU definition
-            parent_id: Parent OU ID
-        Returns:
-            Creation result with OU details
-        """
-        ou_name = ou_def["name"]
-        ou_description = ou_def.get("description", "")
-        logger.info(f"Creating OU: {ou_name} under parent: {parent_id}")
-        # Check if OU already exists
-        existing_ou = self._find_existing_ou(ou_name, parent_id)
-        if existing_ou:
-            logger.info(f"OU {ou_name} already exists: {existing_ou['Id']}")
-            ou_id = existing_ou["Id"]
-        else:
-            # Create the OU
-            response = self._make_aws_call(self.org_client.create_organizational_unit, ParentId=parent_id, Name=ou_name)
-            ou_id = response["OrganizationalUnit"]["Id"]
-            logger.info(f"Created OU {ou_name}: {ou_id}")
-        result = {"name": ou_name, "id": ou_id, "parent_id": parent_id, "description": ou_description, "children": []}
-        # Create child OUs
-        children = ou_def.get("children", [])
-        for child_def in children:
-            try:
-                child_result = self._create_ou_recursive(child_def, ou_id)
-                result["children"].append(child_result)
-            except Exception as e:
-                logger.error(f"Failed to create child OU {child_def.get('name', 'Unknown')}: {e}")
-        return result
-    def _find_existing_ou(self, ou_name: str, parent_id: str) -> Optional[Dict[str, Any]]:
-        """Find existing OU by name under a parent."""
-        try:
-            response = self._make_aws_call(self.org_client.list_organizational_units_for_parent, ParentId=parent_id)
-            for ou in response.get("OrganizationalUnits", []):
-                if ou["Name"] == ou_name:
-                    return ou
-            return None
-        except Exception as e:
-            logger.warning(f"Error checking for existing OU {ou_name}: {e}")
-            return None
-    def list_organizational_units(self) -> List[Dict[str, Any]]:
-        """List all organizational units in the organization."""
-        try:
-            root_id = self._get_organization_root()
-            all_ous = []
-            def collect_ous(parent_id: str, level: int = 0):
-                response = self._make_aws_call(self.org_client.list_organizational_units_for_parent, ParentId=parent_id)
-                for ou in response.get("OrganizationalUnits", []):
-                    ou["Level"] = level
-                    ou["ParentId"] = parent_id
-                    all_ous.append(ou)
-                    # Recursively collect child OUs
-                    collect_ous(ou["Id"], level + 1)
-            collect_ous(root_id)
-            logger.info(f"Found {len(all_ous)} organizational units")
-            return all_ous
-        except Exception as e:
-            logger.error(f"Failed to list organizational units: {e}")
-            raise
-    def delete_ou(self, ou_id: str) -> bool:
-        """
-        Delete an organizational unit.
-        Args:
-            ou_id: OU ID to delete
-        Returns:
-            True if successful
-        """
-        try:
-            # Check if OU has any accounts
-            accounts_response = self._make_aws_call(self.org_client.list_accounts_for_parent, ParentId=ou_id)
-            if accounts_response.get("Accounts"):
-                raise Exception(f"Cannot delete OU {ou_id}: it contains accounts")
-            # Check if OU has child OUs
-            ous_response = self._make_aws_call(self.org_client.list_organizational_units_for_parent, ParentId=ou_id)
-            if ous_response.get("OrganizationalUnits"):
-                raise Exception(f"Cannot delete OU {ou_id}: it contains child OUs")
-            # Delete the OU
-            self._make_aws_call(self.org_client.delete_organizational_unit, OrganizationalUnitId=ou_id)
-            logger.info(f"Deleted OU: {ou_id}")
-            return True
-        except Exception as e:
-            logger.error(f"Failed to delete OU {ou_id}: {e}")
-            raise
-    def run(self):
-        """Implementation of abstract base method."""
-        # Default operation: list current OU structure
-        return self.list_organizational_units()

runbooks 0.7.0__py3-none-any.whl → 0.7.6__py3-none-any.whl

runbooks 0.7.0py3-none-any.whl → 0.7.6py3-none-any.whl