Skip to content

Commit cd5cc3f

Browse files
anna-shcherbakanna-shcherbak
committed
new: added policy ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances
1 parent 0574091 commit cd5cc3f

File tree

16 files changed

+651
-1
lines changed

16 files changed

+651
-1
lines changed

policies/ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances.yml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
# Copyright (c) 2023 EPAM Systems, Inc.
2+
#
3+
# This Source Code Form is subject to the terms of the Mozilla Public
4+
# License, v. 2.0. If a copy of the MPL was not distributed with this
5+
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
6+
7+
8+
policies:
9+
- name: ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances
10+
comment: '010002042000'
11+
description: |
12+
EBS volumes attached to stopped EC2 instances
13+
resource: aws.ebs
14+
filters:
15+
- type: instance
16+
key: State.Name
17+
value: stopped

terraform/ecc-aws-553-unused_clb/green/ec2.tf

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ resource "aws_instance" "this" {
44
user_data = file("userdata.sh")
55
vpc_security_group_ids = ["${aws_security_group.this.id}"]
66
subnet_id = data.aws_subnets.this.ids[0]
7-
key_name = "anna_shcherbak_key"
87
tags = {
98
Name = "553_instance_green"
109
}

terraform/ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances/green/ec2.tf

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
resource "aws_instance" "this" {
2+
ami = data.aws_ami.this.id
3+
instance_type = "t2.micro"
4+
subnet_id = data.aws_subnets.this.ids[0]
5+
tags = {
6+
Name = "575_instance_green"
7+
}
8+
}
9+
10+
data "aws_ami" "this" {
11+
most_recent = true
12+
owners = ["amazon"]
13+
14+
filter {
15+
name = "name"
16+
values = ["amzn2-ami-hvm*"]
17+
}
18+
}
19+
20+
data "aws_vpc" "default" {
21+
default = true
22+
}
23+
24+
data "aws_subnets" "this" {
25+
filter {
26+
name = "vpc-id"
27+
values = [data.aws_vpc.default.id]
28+
}
29+
}

terraform/ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances/green/provider.tf

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
terraform {
2+
required_providers {
3+
aws = {
4+
source = "hashicorp/aws"
5+
version = "~> 4"
6+
}
7+
}
8+
}
9+
10+
provider "aws" {
11+
profile = var.profile
12+
region = var.default-region
13+
14+
default_tags {
15+
tags = {
16+
CustodianRule = "ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances"
17+
ComplianceStatus = "Green"
18+
}
19+
}
20+
}

terraform/ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances/green/terraform.tfvars

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
profile = "c7n"
2+
default-region = "us-east-1"

terraform/ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances/green/variables.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
variable "default-region" {
2+
type = string
3+
description = "Default region for resources will be created"
4+
}
5+
6+
variable "profile" {
7+
type = string
8+
description = "Profile name configured before running apply"
9+
}

terraform/ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances/iam/575-policy.json

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
{
2+
"Version": "2012-10-17",
3+
"Statement": [
4+
{
5+
"Effect": "Allow",
6+
"Action": [
7+
"ec2:DescribeInstances",
8+
"ec2:DescribeVolumes"
9+
],
10+
"Resource": "*"
11+
}
12+
]
13+
}

terraform/ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances/red/ec2.tf

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
resource "aws_instance" "this" {
2+
ami = data.aws_ami.this.id
3+
instance_type = "t2.micro"
4+
subnet_id = data.aws_subnets.this.ids[0]
5+
tags = {
6+
Name = "575_instance_red"
7+
}
8+
}
9+
10+
resource "aws_ec2_instance_state" "this" {
11+
instance_id = aws_instance.this.id
12+
state = "stopped"
13+
}
14+
15+
data "aws_ami" "this" {
16+
most_recent = true
17+
owners = ["amazon"]
18+
19+
filter {
20+
name = "name"
21+
values = ["amzn2-ami-hvm*"]
22+
}
23+
}
24+
25+
data "aws_vpc" "default" {
26+
default = true
27+
}
28+
29+
data "aws_subnets" "this" {
30+
filter {
31+
name = "vpc-id"
32+
values = [data.aws_vpc.default.id]
33+
}
34+
}
35+
36+
37+

terraform/ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances/red/provider.tf

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
terraform {
2+
required_providers {
3+
aws = {
4+
source = "hashicorp/aws"
5+
version = "~> 4"
6+
}
7+
}
8+
}
9+
10+
provider "aws" {
11+
profile = var.profile
12+
region = var.default-region
13+
14+
default_tags {
15+
tags = {
16+
CustodianRule = "ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances"
17+
ComplianceStatus = "Red"
18+
}
19+
}
20+
}

terraform/ecc-aws-575-ebs_volumes_attached_to_stopped_ec2_instances/red/terraform.tfvars

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
profile = "c7n"
2+
default-region = "us-east-1"

0 commit comments

Comments
 (0)