Skip to content

Commit

Permalink
skip: Merge pull request #209 from epam/new_873
Browse files Browse the repository at this point in the history 
new: added policy ecc-aws-873-rds_database_cluster_engine_no_default_…
  • Loading branch information
@anna-shcherbak
anna-shcherbak authored Jan 30, 2025
2 parents ca12bdc + 5e3c7f5 commit 377c567
Show file tree
Hide file tree
Showing 13 changed files with 428 additions and 0 deletions.
30 changes: 30 additions & 0 deletions policies/ecc-aws-873-rds_database_cluster_engine_no_default_ports.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Copyright (c) 2025 EPAM Systems, Inc.
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

policies:
- name: ecc-aws-873-rds_database_cluster_engine_no_default_ports
comment: '010024062000'
description: |
RDS database cluster is using database engine default port
resource: aws.rds-cluster
filters:
- or:
- and:
- type: value
key: Engine
value: ["mysql", "aurora-mysql"]
op: in
- type: value
key: Port
value: 3306
- and:
- type: value
key: Engine
value: ["postgres", "aurora-postgresql"]
op: in
- type: value
key: Port
value: 5432
20 changes: 20 additions & 0 deletions terraform/ecc-aws-873-rds_database_cluster_engine_no_default_ports/green/provider.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5"
}
}
}

provider "aws" {
profile = var.profile
region = var.default-region

default_tags {
tags = {
CustodianRule = "ecc-aws-873-rds_database_cluster_engine_no_default_ports"
ComplianceStatus = "Green"
}
}
}
25 changes: 25 additions & 0 deletions terraform/ecc-aws-873-rds_database_cluster_engine_no_default_ports/green/rds.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
resource "random_password" "this" {
length = 12
lower = true
min_lower = 1
upper = true
min_upper = 1
special = true
min_special = 1
numeric = true
min_numeric = 1
override_special = "!#$%*()-_=+[]{}:?"
}

resource "aws_rds_cluster" "this" {
cluster_identifier = "cluster-873-green"
engine = "mysql"
db_cluster_instance_class = "db.c6gd.large"
storage_type = "gp3"
allocated_storage = 20
master_username = "root"
master_password = random_password.this.result
skip_final_snapshot = true
port = 11111
engine_lifecycle_support = "open-source-rds-extended-support-disabled"
}
2 changes: 2 additions & 0 deletions terraform/ecc-aws-873-rds_database_cluster_engine_no_default_ports/green/terraform.tfvars
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
profile = "c7n"
default-region = "us-east-1"
9 changes: 9 additions & 0 deletions terraform/ecc-aws-873-rds_database_cluster_engine_no_default_ports/green/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
variable "default-region" {
type = string
description = "Default region for resources will be created"
}

variable "profile" {
type = string
description = "Profile name configured before running apply"
}
12 changes: 12 additions & 0 deletions terraform/ecc-aws-873-rds_database_cluster_engine_no_default_ports/iam/163-policy.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBClusters"
],
"Resource": "*"
}
]
}
20 changes: 20 additions & 0 deletions terraform/ecc-aws-873-rds_database_cluster_engine_no_default_ports/red/provider.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5"
}
}
}

provider "aws" {
profile = var.profile
region = var.default-region

default_tags {
tags = {
CustodianRule = "ecc-aws-873-rds_database_cluster_engine_no_default_ports"
ComplianceStatus = "Red"
}
}
}
24 changes: 24 additions & 0 deletions terraform/ecc-aws-873-rds_database_cluster_engine_no_default_ports/red/rds.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
resource "random_password" "this" {
length = 12
lower = true
min_lower = 1
upper = true
min_upper = 1
special = true
min_special = 1
numeric = true
min_numeric = 1
override_special = "!#$%*()-_=+[]{}:?"
}

resource "aws_rds_cluster" "this" {
cluster_identifier = "cluster-873-red"
engine = "mysql"
db_cluster_instance_class = "db.c6gd.large"
storage_type = "gp3"
allocated_storage = 20
master_username = "root"
master_password = random_password.this.result
skip_final_snapshot = true
engine_lifecycle_support = "open-source-rds-extended-support-disabled"
}
2 changes: 2 additions & 0 deletions terraform/ecc-aws-873-rds_database_cluster_engine_no_default_ports/red/terraform.tfvars
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
profile = "c7n"
default-region = "us-east-1"
9 changes: 9 additions & 0 deletions terraform/ecc-aws-873-rds_database_cluster_engine_no_default_ports/red/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
variable "default-region" {
type = string
description = "Default region for resources will be created"
}

variable "profile" {
type = string
description = "Profile name configured before running apply"
}
134 changes: 134 additions & 0 deletions ...-rds_database_cluster_engine_no_default_ports/placebo-green/rds.DescribeDBClusters_1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
{
"status_code": 200,
"data": {
"DBClusters": [
{
"AllocatedStorage": 20,
"AvailabilityZones": [
"us-east-1b",
"us-east-1c",
"us-east-1f"
],
"BackupRetentionPeriod": 1,
"DBClusterIdentifier": "cluster-873-green",
"DBClusterParameterGroup": "default.mysql8.0",
"DBSubnetGroup": "default",
"Status": "available",
"EarliestRestorableTime": {
"__class__": "datetime",
"year": 2025,
"month": 1,
"day": 28,
"hour": 22,
"minute": 25,
"second": 0,
"microsecond": 0
},
"Endpoint": "cluster-873-green.cluster-0000000000.us-east-1.rds.amazonaws.com",
"ReaderEndpoint": "cluster-873-green.cluster-ro-0000000000.us-east-1.rds.amazonaws.com",
"MultiAZ": true,
"Engine": "mysql",
"EngineVersion": "8.0.40",
"LatestRestorableTime": {
"__class__": "datetime",
"year": 2025,
"month": 1,
"day": 29,
"hour": 22,
"minute": 25,
"second": 0,
"microsecond": 0
},
"Port": 11111,
"MasterUsername": "root",
"PreferredBackupWindow": "05:52-06:22",
"PreferredMaintenanceWindow": "fri:03:50-fri:04:20",
"ReadReplicaIdentifiers": [],
"DBClusterMembers": [
{
"DBInstanceIdentifier": "cluster-873-green-instance-1",
"IsClusterWriter": true,
"DBClusterParameterGroupStatus": "in-sync",
"PromotionTier": 1
},
{
"DBInstanceIdentifier": "cluster-873-green-instance-2",
"IsClusterWriter": false,
"DBClusterParameterGroupStatus": "in-sync",
"PromotionTier": 1
},
{
"DBInstanceIdentifier": "cluster-873-green-instance-3",
"IsClusterWriter": false,
"DBClusterParameterGroupStatus": "in-sync",
"PromotionTier": 1
}
],
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-0000000000",
"Status": "active"
}
],
"HostedZoneId": "Z2R2ITUGPM61AM",
"StorageEncrypted": true,
"KmsKeyId": "arn:aws:kms:us-east-1:644160558196:key/0000000000",
"DbClusterResourceId": "cluster-Z5QMOA52K5FGCUOLPZALC7ACIM",
"DBClusterArn": "arn:aws:rds:us-east-1:644160558196:cluster:cluster-873-green",
"AssociatedRoles": [],
"IAMDatabaseAuthenticationEnabled": false,
"ClusterCreateTime": {
"__class__": "datetime",
"year": 2025,
"month": 1,
"day": 29,
"hour": 22,
"minute": 14,
"second": 36,
"microsecond": 445000
},
"EngineMode": "provisioned",
"DeletionProtection": false,
"HttpEndpointEnabled": false,
"ActivityStreamStatus": "stopped",
"CopyTagsToSnapshot": false,
"CrossAccountClone": false,
"DomainMemberships": [],
"TagList": [
{
"Key": "CustodianRule",
"Value": "ecc-aws-873-rds_database_cluster_engine_no_default_ports"
},
{
"Key": "ComplianceStatus",
"Value": "Green"
}
],
"DBClusterInstanceClass": "db.c6gd.large",
"StorageType": "gp3",
"Iops": 3000,
"PubliclyAccessible": true,
"AutoMinorVersionUpgrade": true,
"MonitoringInterval": 0,
"PerformanceInsightsEnabled": false,
"NetworkType": "IPV4",
"StorageThroughput": 125,
"CertificateDetails": {
"CAIdentifier": "rds-ca-rsa2048-g1",
"ValidTill": {
"__class__": "datetime",
"year": 2026,
"month": 1,
"day": 29,
"hour": 22,
"minute": 18,
"second": 23,
"microsecond": 0
}
},
"EngineLifecycleSupport": "open-source-rds-extended-support-disabled"
}
],
"ResponseMetadata": {}
}
}
Loading

0 comments on commit 377c567

Please sign in to comment.