Skip to content

autoscaling

Sample rules

A few rules that use objects from this package:

non_car_ensure_imdsv2 
from typing import List, Dict

from cloudrail.knowledge.context.aws.aws_environment_context import AwsEnvironmentContext
from cloudrail.knowledge.rules.aws.aws_base_rule import AwsBaseRule
from cloudrail.knowledge.rules.base_rule import Issue
from cloudrail.knowledge.rules.rule_parameters.base_paramerter import ParameterType


class EnsureImdsv2IsUsedRule(AwsBaseRule):

    def get_id(self) -> str:
        return 'non_car_ensure_imdsv2'

    def execute(self, env_context: AwsEnvironmentContext, parameters: Dict[ParameterType, any]) -> List[Issue]:
        issues: List[Issue] = []

        for ec2 in env_context.ec2s:
            if ec2.http_tokens != 'required':
                issues.append(
                    Issue(f"The {ec2.get_type()} `{ec2.get_friendly_name()}` is allowing IMDSv1", ec2, ec2)
                )

        for launch_config in env_context.launch_configurations:
            if launch_config.http_tokens != 'required':
                issues.append(
                    Issue(f"The {launch_config.get_type()} `{launch_config.get_friendly_name()}` is allowing IMDSv1", \
                          launch_config, launch_config)
                )

        for launch_template in env_context.launch_templates:
            if launch_template.http_token != 'required':
                issues.append(
                    Issue(f"The {launch_template.get_type()} `{launch_template.get_friendly_name()}` is allowing IMDSv1", \
                          launch_template, launch_template)
                )

        return issues

    def should_run_rule(self, environment_context: AwsEnvironmentContext) -> bool:
        return bool(environment_context.ec2s or
                    environment_context.launch_templates or
                    environment_context.launch_configurations)

AutoScalingGroup (AwsResource)

Attributes:

Name Type Description
arn

The ARN of the auto-scaling group.
target_group_arns

May list the ALB/ELB target groups to be used with this ASG.
name

The name of the auto-scaling group.
availability_zones

The availability zones to initialize instances in.
subnet_ids

The subnets to initialize instances in.
launch_configuration Optional[LaunchConfiguration]

Points to the associated launch configuration, if there is one.
launch_template Optional[LaunchTemplate]

Points to the associated launch template, if there is one.

custom_invalidation(self) inherited

A list of manual reasons why this resource should be invalidated

exclude_from_invalidation(self) inherited

A list of attributes that should be excluded from the invalidation process

AutoScalingGroupRawData dataclass

Attributes:

Name Type Description
launch_configuration_name Optional[str]

The name of the launch configuration as read directly from the live environment.
launch_template_data Optional[cloudrail.knowledge.context.aws.resources.autoscaling.launch_configuration.LaunchTemplateData]

The launch template data as read directly from the live environment.

LaunchConfiguration (AwsResource)

Attributes:

Name Type Description
arn str

The ARN of the launch config.
image_id str

The EC2 Image ID of the instance.
instance_type str

The Instance Type of the instance to launch.
key_name str

The Key Name used for the instance.
name str

The Name of the launch configuration.
security_group_ids List[str]

The security groups used with the instance.
http_tokens str

Either "optional" or "required" (if None, means "optional").
iam_instance_profile Optional[str]

The IAM Instance Profile to associate with launched instances (may be None).
associate_public_ip_address Optional[bool]

May be True to associate a public IP address with the launched instances.
ebs_optimized bool

Indication whether the EC2 instance has EBS optimization enabled of not.
monitoring_enabled bool

Indication if the launched EC2 instance will have detailed monitoring enabled.

custom_invalidation(self) inherited

A list of manual reasons why this resource should be invalidated

exclude_from_invalidation(self) inherited

A list of attributes that should be excluded from the invalidation process

LaunchTemplateData dataclass

Attributes:

Name Type Description
template_id str

The id of the template.
version str

The number of the version.
template_name str

The name of the template.

LaunchTemplate (AwsResource)

Attributes:

Name Type Description
template_id str

The ID of the template.
name str

The name of the template.
http_token str

"optional" or "required" (if None, means "optional").
image_id str

The EC2 Image ID of the instance.
security_group_ids List[str]

The security groups used with the instance.
version_number Optional[int]

The version number of this template.
iam_instance_profile Optional[str]

The IAM Instance Profile to associate with launched instances (may be None).
network_configurations List[NetworkConfiguration]

The network configuration(s) set in the template (may be None).
security_groups List[SecurityGroup]

Points to the actual security groups set in security_group_ids.
instance_type str

The Instance type (i.e. 'm5.8xlarge').
ebs_optimized bool

Indication whether the EC2 instance has EBS optimization enabled of not.
monitoring_enabled bool

Indication if the launched EC2 instance will have detailed monitoring enabled.

custom_invalidation(self) inherited

A list of manual reasons why this resource should be invalidated

exclude_from_invalidation(self) inherited

A list of attributes that should be excluded from the invalidation process