Skip to content
This repository has been archived by the owner on Jan 6, 2022. It is now read-only.
/ aws-monocyte Public archive

A Python-bot for detecting AWS resources in non-Europe regions. Especially useful for companies that are bound to European privacy laws.

License

Notifications You must be signed in to change notification settings

Scout24/aws-monocyte

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AWS Monocyte

This project is DEPRECATED and not any longer supported

Build Status Coverage Status Codacy Badge

Monocyte - Search and Destroy unwanted AWS Resources relentlessly. Monocyte is a bot for searching (and optionally destroying) AWS resources in non-EU regions written in Python using Boto. It is especially useful for companies that are bound to European privacy laws and for that reason don't want to process user data in non-EU regions. Additional Monocyte can handle compliance issues e.g no users with static credentials or policies not following the least priviliges rules.

The name Monocyte is related to a type of white blood cells that are part of a human's innate immune system, the first line of defense being responsible for searching and destroying alien organisms to prevent unwanted infections.

Background

With Ireland and Frankfurt being available as AWS regions nowadays, Amazon (more or less) extinguished EU and especially German legal concerns regarding storage and processing of privacy-related data. However, for European companies it remains difficult to prevent (accidental) usage of services outside the EU, as there is still no standardized way to restrict AWS-account rights on this region-level.

Especially in open, DevOps-inspired company cultures like ours this becomes a major issue. On the one hand we want our teams to work with AWS and manage their own accounts mostly autonomously. On the other hand we are bound to EU and German privacy laws and for that reason want to search and destroy unwanted AWS resources relentlessly. Therefore, we started implementing our own basic AWS immune system layer: Monocyte.

Also read AWS Monocyte - Let’s Build a Cloud Immune System or check out the presentation we did for the AWS UserGroup Meetup in March 2015 at the Immobilien Scout HQ in Berlin.

Prerequisites

Usage

pip install aws-monocyte
monocyte --help

usage:
    monocyte [options]

options:
    --dry-run=bool valid values "True" or "False" [default: True]
    --config-path=PATH path to config yaml files

When --dry-run is explicitly set to "False", Monocyte will delete unwanted resources.

Configuration is done via YAML files. If the --config-path specify is a directory with multiple *.yaml files, they are merged in alphabetical order. The documentation of yamlreader contains more details.

An example configuration file with documentation can be found on GitHub.

Licensing

Monocyte is licensed under Apache License, Version 2.0.

About

A Python-bot for detecting AWS resources in non-Europe regions. Especially useful for companies that are bound to European privacy laws.

Resources

License

Stars

Watchers

Forks

Packages

No packages published