Skip to content

Commit

Permalink
new: add policy ecc-azure-448-vm_stopped_instance
Browse files Browse the repository at this point in the history
  • Loading branch information
vit-corp committed Nov 27, 2024
1 parent 253de73 commit 40d0930
Show file tree
Hide file tree
Showing 9 changed files with 149 additions and 0 deletions.
29 changes: 29 additions & 0 deletions policies/ecc-azure-448-vm_stopped_instance.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Copyright (c) 2023 EPAM Systems, Inc.
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

policies:
- name: ecc-azure-448-vm_stopped_instance
comment: '020002032000'
description: |
Stopped Azure VM instances are not removed after a specified time period
resource: azure.vm
filters:
- or:
- type: instance-view
key: statuses[].code
op: in
value_type: swap
value: PowerState/deallocated
- type: instance-view
key: statuses[].code
op: in
value_type: swap
value: PowerState/stopped
- type: instance-view
key: statuses[0].time
value_type: age
op: greater-than
value: 0.00000006
12 changes: 12 additions & 0 deletions terraform/ecc-azure-448-vm_stopped_instance/green/provider.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>4"
}
}
}

provider "azurerm" {
features {}
}
12 changes: 12 additions & 0 deletions terraform/ecc-azure-448-vm_stopped_instance/green/random.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
resource "random_password" "this" {
length = 13
special = true
numeric = true
override_special = "_%@"
}

resource "random_string" "this" {
length = 8
numeric = false
special = false
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
resource "azurerm_resource_group" "this" {
name = "${var.prefix}-rg-green"
location = var.location

tags = var.tags
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
prefix = "448"

location = "eastus"

tags = {
CustodianRule = "ecc-azure-448-vm_stopped_instance"
ComplianceStatus = "Green"
}
11 changes: 11 additions & 0 deletions terraform/ecc-azure-448-vm_stopped_instance/green/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
variable "prefix" {
type = string
}

variable "location" {
type = string
}

variable "tags" {
type = map(string)
}
27 changes: 27 additions & 0 deletions terraform/ecc-azure-448-vm_stopped_instance/green/vm.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
resource "azurerm_linux_virtual_machine" "linuxvm" {
name = "${var.prefix}linuxvmgreen"
resource_group_name = azurerm_resource_group.this.name
location = azurerm_resource_group.this.location
size = "Standard_B1ms"
disable_password_authentication = false
admin_username = random_string.this.result
admin_password = random_password.this.result

network_interface_ids = [
azurerm_network_interface.nif1.id,
]

os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}

source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}

tags = var.tags
}
25 changes: 25 additions & 0 deletions terraform/ecc-azure-448-vm_stopped_instance/green/vnet.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
resource "azurerm_virtual_network" "this" {
name = "${var.prefix}-network-green"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.this.location
resource_group_name = azurerm_resource_group.this.name
}

resource "azurerm_subnet" "this" {
name = "${var.prefix}internal-green"
resource_group_name = azurerm_resource_group.this.name
virtual_network_name = azurerm_virtual_network.this.name
address_prefixes = ["10.0.2.0/24"]
}

resource "azurerm_network_interface" "nif1" {
name = "${var.prefix}first-green"
location = azurerm_resource_group.this.location
resource_group_name = azurerm_resource_group.this.name

ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.this.id
private_ip_address_allocation = "Dynamic"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"properties": {
"roleName": "Custodian-ecc-azure-448-vm_stopped_instance",
"description": "",
"assignableScopes": [
"/subscriptions/{subscription_id}"
],
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}

0 comments on commit 40d0930

Please sign in to comment.