Skip to content

Commit

Permalink
new: added policy ecc-aws-553-unused_clb
Browse files Browse the repository at this point in the history
  • Loading branch information
anna-shcherbak committed Sep 20, 2023
1 parent 11ef8ce commit f0dc7d1
Show file tree
Hide file tree
Showing 21 changed files with 457 additions and 0 deletions.
17 changes: 17 additions & 0 deletions policies/ecc-aws-553-unused_clb.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Copyright (c) 2023 EPAM Systems, Inc.
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.


policies:
- name: ecc-aws-553-unused_clb
comment: '010002022000'
description: |
Classic Load Balancers without attached instances
resource: aws.elb
filters:
- type: value
key: Instances
value: empty
24 changes: 24 additions & 0 deletions terraform/ecc-aws-553-unused_clb/green/clb.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
data "aws_availability_zones" "this" {
state = "available"
}

resource "aws_elb" "this" {
name = "clb-553-green"
subnets = [data.aws_subnets.this.ids[0]]
security_groups = ["${aws_security_group.this.id}"]

listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:80/"
interval = 30
}
instances = ["${aws_instance.this.id}"]
}
52 changes: 52 additions & 0 deletions terraform/ecc-aws-553-unused_clb/green/ec2.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
resource "aws_instance" "this" {
ami = data.aws_ami.this.id
instance_type = "t2.micro"
user_data = file("userdata.sh")
vpc_security_group_ids = ["${aws_security_group.this.id}"]
subnet_id = data.aws_subnets.this.ids[0]
key_name = "anna_shcherbak_key"
tags = {
Name = "553_instance_green"
}
}

data "aws_ami" "this" {
most_recent = true
owners = ["amazon"]

filter {
name = "name"
values = ["amzn2-ami-hvm*"]
}
}

data "aws_vpc" "default" {
default = true
}

data "aws_subnets" "this" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default.id]
}
}

resource "aws_security_group" "this" {
name = "553_sg_green"
description = "http on port 80"
vpc_id = data.aws_vpc.default.id

ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
20 changes: 20 additions & 0 deletions terraform/ecc-aws-553-unused_clb/green/provider.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4"
}
}
}

provider "aws" {
profile = var.profile
region = var.default-region

default_tags {
tags = {
CustodianRule = "ecc-aws-553-unused_clb"
ComplianceStatus = "Green"
}
}
}
2 changes: 2 additions & 0 deletions terraform/ecc-aws-553-unused_clb/green/terraform.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
profile = "c7n"
default-region = "us-east-1"
7 changes: 7 additions & 0 deletions terraform/ecc-aws-553-unused_clb/green/userdata.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/bin/bash
sudo yum update -y
sudo yum install -y amazon-linux-extras
sudo amazon-linux-extras enable nginx1
sudo amazon-linux-extras install nginx1
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
9 changes: 9 additions & 0 deletions terraform/ecc-aws-553-unused_clb/green/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
variable "default-region" {
type = string
description = "Default region for resources will be created"
}

variable "profile" {
type = string
description = "Profile name configured before running apply"
}
14 changes: 14 additions & 0 deletions terraform/ecc-aws-553-unused_clb/iam/553-policy.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"tag:GetResources"
],
"Resource": "*"
}
]
}
15 changes: 15 additions & 0 deletions terraform/ecc-aws-553-unused_clb/red/clb.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
data "aws_availability_zones" "this" {
state = "available"
}

resource "aws_elb" "this" {
name = "clb-553-red"
availability_zones = data.aws_availability_zones.this.names

listener {
instance_port = 8000
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
}
20 changes: 20 additions & 0 deletions terraform/ecc-aws-553-unused_clb/red/provider.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4"
}
}
}

provider "aws" {
profile = var.profile
region = var.default-region

default_tags {
tags = {
CustodianRule = "ecc-aws-553-unused_clb"
ComplianceStatus = "Red"
}
}
}
2 changes: 2 additions & 0 deletions terraform/ecc-aws-553-unused_clb/red/terraform.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
profile = "c7n"
default-region = "us-east-1"
9 changes: 9 additions & 0 deletions terraform/ecc-aws-553-unused_clb/red/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
variable "default-region" {
type = string
description = "Default region for resources will be created"
}

variable "profile" {
type = string
description = "Profile name configured before running apply"
}
43 changes: 43 additions & 0 deletions terraform/ecc-aws-553-unused_clb/red2/clb.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
resource "aws_instance" "this" {
ami = data.aws_ami.this.id
instance_type = "t2.micro"

tags = {
Name = "553_instance_red"
}
}

data "aws_ami" "this" {
most_recent = true
owners = ["amazon"]

filter {
name = "name"
values = ["amzn2-ami-hvm*"]
}
}

data "aws_availability_zones" "this" {
state = "available"
}

resource "aws_elb" "this" {
name = "clb-553-red2"
availability_zones = data.aws_availability_zones.this.names

listener {
instance_port = 8000
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}

health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 31
target = "HTTP:8888/"
interval = 60
}
instances = ["${aws_instance.this.id}"]
}
20 changes: 20 additions & 0 deletions terraform/ecc-aws-553-unused_clb/red2/provider.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4"
}
}
}

provider "aws" {
profile = var.profile
region = var.default-region

default_tags {
tags = {
CustodianRule = "ecc-aws-553-unused_clb"
ComplianceStatus = "Red"
}
}
}
2 changes: 2 additions & 0 deletions terraform/ecc-aws-553-unused_clb/red2/terraform.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
profile = "c7n"
default-region = "us-east-1"
9 changes: 9 additions & 0 deletions terraform/ecc-aws-553-unused_clb/red2/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
variable "default-region" {
type = string
description = "Default region for resources will be created"
}

variable "profile" {
type = string
description = "Profile name configured before running apply"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
{
"status_code": 200,
"data": {
"LoadBalancerDescriptions": [
{
"LoadBalancerName": "clb-553-http-green",
"DNSName": "clb-553-http-green-1394940984.us-east-1.elb.amazonaws.com",
"CanonicalHostedZoneName": "clb-553-http-green-1394940984.us-east-1.elb.amazonaws.com",
"CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
"ListenerDescriptions": [
{
"Listener": {
"Protocol": "HTTP",
"LoadBalancerPort": 80,
"InstanceProtocol": "HTTP",
"InstancePort": 8000
},
"PolicyNames": []
}
],
"Policies": {
"AppCookieStickinessPolicies": [],
"LBCookieStickinessPolicies": [],
"OtherPolicies": []
},
"BackendServerDescriptions": [],
"AvailabilityZones": [
"us-east-1a",
"us-east-1b",
"us-east-1c"
],
"Subnets": [
"subnet-24287df2a",
"subnet-525874f63",
"subnet-815872abc7"
],
"VPCId": "vpc-281517",
"Instances": [
{
"InstanceId": "i-0203f7f0abccbf67a"
}
],
"HealthCheck": {
"Target": "TCP:8000",
"Interval": 30,
"Timeout": 5,
"UnhealthyThreshold": 2,
"HealthyThreshold": 10
},
"SourceSecurityGroup": {
"OwnerAlias": "123456789123",
"GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
},
"SecurityGroups": [
"sg-0146f212876718644b"
],
"CreatedTime": {
"__class__": "datetime",
"year": 2023,
"month": 9,
"day": 18,
"hour": 10,
"minute": 8,
"second": 55,
"microsecond": 560000
},
"Scheme": "internet-facing"
}
],
"ResponseMetadata": {}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"status_code": 200,
"data": {
"PaginationToken": "",
"ResourceTagMappingList": [
{
"ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:123456789123:loadbalancer/clb-553-http-green",
"Tags": [
{
"Key": "CustodianRule",
"Value": "ecc-aws-553-unused_clb"
},
{
"Key": "ComplianceStatus",
"Value": "Green"
}
]
}
],
"ResponseMetadata": {}
}
}
Loading

0 comments on commit f0dc7d1

Please sign in to comment.