Skip to content

Instantly share code, notes, and snippets.

@ashvinishinde-tudip

ashvinishinde-tudip/Academy_mid_proj.json

Created February 9, 2017 11:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ashvinishinde-tudip/79a445af4a1ca2adbb5241f5df7cce44 to your computer and use it in GitHub Desktop.
Save ashvinishinde-tudip/79a445af4a1ca2adbb5241f5df7cce44 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Academy_mid_proj.json
{
"DoNotify": "false",
"PassPercent": "70",
"1": {
"Title": "Create a group with administrative permission.",
"Points": "10",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": "IAM",
"Method": "step_one_check",
"Code": [
"def step_one_check(handles,points)\n",
" iam = handles[0]\n",
" ret_hash = { :done => false, :score => 0 }\n",
" resp = iam.list_groups\n",
" groups = resp.groups\n",
" if groups!=[]\n",
" groups.each do |group|\n",
" group_name = group.group_name\n",
" resp1 = iam.list_attached_group_policies({group_name: group_name})\n",
" attached_policies = resp1.attached_policies\n",
" if attached_policies!=[]\n",
" attached_policies.each do |policy|\n",
" policy_name = policy.policy_name\n",
" if (policy_name.include? 'SystemAdministrator') || (policy_name.include? 'AdministratorAccess')\n",
" ret_hash = { :done => true, :score => points, :message => 'User group is created with administrative permission'}\n",
" else\n",
" ret_hash[:message] = \"Attached permissions is not Administrative permission\"\n",
" end\n",
" break if ret_hash[:done]\n",
" end\n",
" else\n",
" ret_hash[:message] = \"Administrative permission is not given to User group\"\n",
" end\n",
" end\n",
" else\n",
" ret_hash[:message] = \"User group is not created\"\n",
" end\n",
" return ret_hash\n",
"end"]
}
},
"2": {
"Title": "Create IAM role with appropriate permissions.",
"Points": "20",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": "IAM",
"Method": "step_two_check",
"Code": [
"def step_two_check(handles,points)\n",
" iam = handles[0]\n",
" getScore = 0\n",
" putScore = 0\n",
" listScore = 0\n",
" ret_hash = { :done => false, :score => 0 }\n",
" resp = iam.list_roles\n",
" roles = resp.roles\n",
" if roles!=[]\n",
" roles.each do |role|\n",
" if role.assume_role_policy_document.include? 'ec2.amazonaws.com'\n",
" msg3 = 'Created an Amazon EC2 AWS Service role '\n",
" resp1 = iam.list_role_policies({role_name: role.role_name})\n",
" policies = resp1.policy_names\n",
" if policies!= []\n",
" policies.each do |policy|\n",
" permissions = iam.get_role_policy({role_name: role.role_name, policy_name: policy}).policy_document\n",
" if permissions.include? 's3'\n",
" if permissions.include? 'Get'\n",
" getScore = 5\n",
" end\n",
" if permissions.include? 'Put'\n",
" putScore = 5\n",
" end\n",
" if permissions.include? 'List'\n",
" listScore = 5\n",
" end\n",
" else\n",
" ret_hash[:message] = \"S3 permissions not found\"\n",
" end\n",
" break if ret_hash[:done]\n",
" end\n",
" else\n",
" ret_hash[:message] = \"Policies are not attached\"\n",
" end\n",
" points = getScore + putScore + listScore +5\n",
" if points == 20\n",
" ret_hash = { :done => true, :score => points, :message => 'Role created with all required permissions'}\n",
" end\n",
" if points > 0 and points < 20\n",
" ret_hash = { :done => true, :score => points, :message => 'Role created but some permissions are missing'}\n",
" end\n",
" else\n",
" ret_hash[:message] = \"Role is not Amazon ec2 service role\"\n",
" end\n",
" break if ret_hash[:done]\n",
" end\n",
" else\n",
" ret_hash[:message] = \"Amazon ec2 service role is not created\"\n",
" end\n",
" return ret_hash\n",
" end"]
}
},
"3": {
"Title": "Require Virtual MFA for administrator users.",
"Points": "10",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": "IAM",
"Method": "step_three_check",
"Code": [
"def step_three_check(handles,points)\n",
" iam = handles[0]\n",
" count = 0\n",
" arn = \"\"\n",
" ret_hash = { :done => false, :score => 0 }\n",
" resp = iam.list_users.users\n",
" if resp.count > 1\n",
" resp = iam.list_virtual_mfa_devices\n",
" virtual_mfa_devices = resp.virtual_mfa_devices\n",
" virtual_mfa_devices.each do |device|\n",
" arn = device.user.arn\n",
" if !arn.include? 'awsstudent'\n",
" count = count +1\n",
" end\n",
" end\n",
" if count == 1\n",
" ret_hash = { :done => true, :score => 5, :message => 'Enabled Virtual MFA device for first administrator users'}\n",
" elsif count == 2\n",
" ret_hash = { :done => true, :score => points, :message => 'Enabled virtual MFA device for both administrator user'}\n",
" else\n",
" ret_hash = { :done => true, :score => 0, :message => 'Virtual MFA device is not Enabled for administrator user'}\n",
" end\n",
" else\n",
" ret_hash[:message] = \"Administrator Users are not created yet\"\n",
" end\n",
" return ret_hash\n",
"end"]
}
},
"4": {
"Title": "Log all API calls.",
"Points": "10",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": "CloudTrail",
"Method": "step_four_check",
"Code": [
"def step_four_check(handles,points)\n",
" cloud_trail = handles[0]\n",
" ret_hash = { :done => false, :score => 0 }\n",
" resp = cloud_trail.describe_trails\n",
" trail_list = resp.trail_list\n",
" trail_list.each do |list|\n",
" trail_name = list.name\n",
" if !trail_name.include? 'qltrail-lab-'\n",
" ret_hash = { :done => true, :score => points, :message => 'Successfully Created CloudTrail to log all API calls'}\n",
" else\n",
" ret_hash[:message] = \"CloudTrail not created yet\"\n",
" end\n",
" break if ret_hash[:done]\n",
" end\n",
" return ret_hash\n",
"end"]
}
},
"5": {
"Title": "Create load balancers for web tier and app tier.",
"Points": "20",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": "ElasticLoadBalancing",
"Method": "step_five_check",
"Code": [
"def step_five_check(handles,points)\n",
" elb = handles[0]\n",
" resp = elb.describe_load_balancers.load_balancer_descriptions\n",
" if resp!=[]\n",
" appTireScore = 0\n",
" webTireScore = 0\n",
" internalScheme = 0\n",
" externalScheme = 0\n",
" total=0\n",
" resp.each do |load|\n",
" if load.load_balancer_name.downcase == 'web-elb'\n",
" webTireScore = 5\n",
" if load.scheme == 'internet-facing'\n",
" externalScheme = 5\n",
" end\n",
" end\n",
" if load.load_balancer_name.downcase == 'app-elb'\n",
" appTireScore = 5\n",
" if load.scheme == 'internal'\n",
" internalScheme = 5\n",
" end\n",
" end\n",
" end\n",
" total = appTireScore + webTireScore + internalScheme + externalScheme\n",
" if appTireScore == 5 && webTireScore == 5\n",
" if internalScheme == 5 && externalScheme == 5\n",
" ret_hash = { :done => true, :score => total, :message => 'ELB Created for both web and app tiers'}\n",
" elsif internalScheme == 5 && externalScheme == 0\n",
" ret_hash = { :done => true, :score => total, :message => 'Created 2 elb but scheme of web-elb is wrong'}\n",
" elsif internalScheme == 0 && externalScheme == 5\n",
" ret_hash = { :done => true, :score => total, :message => 'Created 2 elb but scheme of app-elb is wrong'}\n",
" else\n",
" ret_hash = { :done => true, :score => total, :message => 'app-elb and web-elb is created but scheme of both elb is wrong'}\n",
" end\n",
" elsif appTireScore == 5 && webTireScore == 0\n",
" if internalScheme == 5\n",
" ret_hash = { :done => true, :score => total, :message => 'app-elb is created with correct scheme, but failed to create web-elb'}\n",
" else\n",
" ret_hash = { :done => true, :score => total, :message => 'app-elb is created but scheme of app-elb is wrong and also failed to create web-elb'}\n",
" end\n",
" elsif appTireScore == 0 && webTireScore == 5\n",
" if externalScheme == 5\n",
" ret_hash = { :done => true, :score => total, :message => 'web-elb is created with correct scheme, but failed to create app-elb'}\n",
" else\n",
" ret_hash = { :done => true, :score => total, :message => 'web-elb is created but scheme of web-elb is wrong and also failed to create app-elb'}\n",
" end\n",
" else\n",
" ret_hash = { :done => true, :score => 0, :message => 'No valid ELB found'}\n",
" end\n",
" else\n",
" ret_hash = { :done => true, :score => 0, :message => 'Load balancer not created yet'}\n",
" end\n",
" return ret_hash\n",
"end"]
}
},
"6": {
"Title": "Computing capacity for web and application tiers are auto scalable.",
"Points": "30",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": ["AutoScaling"],
"Method": "step_six_check",
"Code": [
"def step_six_check(handles,points)\n",
" auto_scaling = handles[0]\n",
" auto_scaling_groups = auto_scaling.describe_auto_scaling_groups.auto_scaling_groups\n",
" if auto_scaling_groups != []\n",
" isAppAutoDone = false\n",
" isWebAutoDone = false\n",
" webAutoScale = 0\n",
" webElb = 0\n",
" webMinScore = 0\n",
" webMaxScore = 0\n",
" appAutoScale = 0\n",
" appElb = 0\n",
" appMinScore = 0\n",
" appMaxScore = 0\n",
" total= 0\n",
" ret_hash = { :done => false, :score => 0 }\n",
" auto_scaling_groups.each do |group|\n",
" if group.auto_scaling_group_name.downcase == 'webtier'\n",
" isWebAutoDone = true\n",
" webAutoScale = 5\n",
" elbArray=group.load_balancer_names\n",
" if elbArray != []\n",
" elbArray.each do |elbName|\n",
" if elbName.downcase == 'web-elb'\n",
" webElb = 5\n",
" end\n",
" end\n",
" end\n",
" if group.min_size == 2\n",
" webMinScore = 3\n",
" end\n",
" if group.max_size >= 4\n",
" webMaxScore = 2\n",
" end\n",
" end\n",
" if group.auto_scaling_group_name.downcase == 'apptier'\n",
" isAppAutoDone = true\n",
" appAutoScale = 5\n",
" elbArray=group.load_balancer_names\n",
" elbArray.each do |elbName|\n",
" if elbName.downcase == 'app-elb'\n",
" appElb = 5\n",
" end\n",
" end\n",
" if group.min_size == 2\n",
" appMinScore = 3\n",
" end\n",
" if group.max_size >= 4\n",
" appMaxScore = 2\n",
" end\n",
" end\n",
" break if (isAppAutoDone && isWebAutoDone)\n",
" end\n",
" total= webAutoScale + webElb + webMinScore + webMaxScore + appAutoScale + appElb + appMinScore + appMaxScore\n",
" if total == 30\n",
" ret_hash = { :done => true, :score => total, :message => 'Both Auto scalling groups are created and configured successfuly'}\n",
" elsif total < 30 && total > 0\n",
" ret_hash = { :done => true, :score => total, :message => 'Auto scalling group is created, but not configured correctly'}\n",
" else\n",
" ret_hash = { :done => true, :score => total, :message => 'No valid Auto scalling group is created'}\n",
" end\n",
" else\n",
" ret_hash = { :done => true, :score => total, :message => 'No valid Auto scalling group is created'}\n",
" end\n",
" return ret_hash\n",
"end"]
}
}
}
@Thrqureshi
Copy link

Sorry Sir

I am don't know Java script. I have tried to upload this script as it is in aws but I am getting error.

"Template validation error: Invalid template property or properties [1, 2, 3, DoNotify, 4, PassPercent, 5, 6]"

do I have to remove quotation marks?

could you please let me know which quotation mark need to be remove

@Thrqureshi
Copy link

after adding "Resources" and "Properties" I am getting different error

"Template format error: [/Resources/1] Every Resources object must contain a Type member"

{ "Resources": { "1": { "Properties": { "Title": "Create a group with administrative permission.", "Points": "10", "Interval": "30", "Max": "30", "Assessments": { "API": "AWS", "Service": "IAM", "Method": "step_one_check", "Code": [ "def step_one_check(handles,points)\n", " iam = handles[0]\n", " ret_hash = { :done => false, :score => 0 }\n", " resp = iam.list_groups\n", " groups = resp.groups\n", " if groups!=[]\n", " groups.each do |group|\n", " group_name = group.group_name\n", " resp1 = iam.list_attached_group_policies({group_name: group_name})\n", " attached_policies = resp1.attached_policies\n", " if attached_policies!=[]\n", " attached_policies.each do |policy|\n", " policy_name = policy.policy_name\n", " if (policy_name.include? 'SystemAdministrator') || (policy_name.include? 'AdministratorAccess')\n", " ret_hash = { :done => true, :score => points, :message => 'User group is created with administrative permission'}\n", " else\n", " ret_hash[:message] = \"Attached permissions is not Administrative permission\"\n", " end\n", " break if ret_hash[:done]\n", " end\n", " else\n", " ret_hash[:message] = \"Administrative permission is not given to User group\"\n", " end\n", " end\n", " else\n", " ret_hash[:message] = \"User group is not created\"\n", " end\n", " return ret_hash\n", "end"] } } },

@Thrqureshi
Copy link

Thrqureshi commented Nov 25, 2017
edited

I would like to know what are the pre-requisites to run this script?

because I can not see any VPC, public subnets or private subnets

if possible can you please share your CloudFormer of the above script

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment