This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# encoding: utf-8 | |
# copyright: 2021, mk::labs | |
title 'Network related resources compliance checks' | |
control 'Security groups hardening default - port 22' do | |
impact 0.7 | |
title 'Ensure default security groups do not allow port 22' | |
desc 'Ensure default security groups do not allow port 22' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# encoding: utf-8 | |
# copyright: 2021, mk::labs | |
title 'general AWS IAM account best practices' | |
control 'All human users should have MFA enabled' do | |
impact 0.7 | |
title 'Ensure there all human users have MFA enabled' | |
desc 'Ensure there all human users have MFA enabled' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Feature: Buckets config | |
Scenario: encryption at rest | |
Given I have AWS S3 Bucket defined | |
Then encryption at rest must be enabled | |
Scenario: resources are tagged | |
Given I have AWS S3 Bucket defined | |
Then it must contain tags | |
And its value must not be null |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package tests | |
import ( | |
"fmt" | |
"github.com/gruntwork-io/terratest/modules/random" | |
"github.com/gruntwork-io/terratest/modules/terraform" | |
"github.com/stretchr/testify/assert" | |
"strings" | |
"testing" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package tests | |
import ( | |
"github.com/gruntwork-io/terratest/modules/aws" | |
"github.com/gruntwork-io/terratest/modules/terraform" | |
"github.com/stretchr/testify/assert" | |
"testing" | |
) | |
func TestTerraformAwsEnvironment(t *testing.T) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# terraform validate will catch typo in resource reference | |
resource "aws_s3_bukcet" "wrong_resource" { | |
name = "my-bucket" | |
} | |
# terraform validate will catch wrong CIDR | |
resource "aws_vpc" "default" { | |
cidr_block = "0.0.0.0/0" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -x -e | |
JUPYTER_PASSWORD=${1:-myJupyterPassword} | |
PYTHON_VERSION=${2:-3.5} | |
test -d ~/venv_notebooks || python -m virtualenv venv_notebooks --python=python$PYTHON_VERSION | |
. venv_notebooks/bin/activate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
regions: | |
- eu-west-1 | |
account-blacklist: | |
- "999999999999" # production | |
resource-types: | |
# only nuke these three resources | |
targets: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
regions: | |
- eu-west-1 | |
account-blacklist: | |
- "999999999999" # production | |
resource-types: | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export AWS_NUKE_VERSION=2.7.0 | |
sudo apt-get install -y wget | |
wget https://github.com/rebuy-de/aws-nuke/releases/download/v$AWS_NUKE_VERSION/aws-nuke-v$AWS_NUKE_VERSION-linux-amd64.tar.gz --no-check-certificate | |
tar xvf aws-nuke-v$AWS_NUKE_VERSION-linux-amd64.tar.gz | |
chmod +x aws-nuke-v$AWS_NUKE_VERSION-linux-amd64 | |
sudo mv aws-nuke-v$AWS_NUKE_VERSION-linux-amd64 /usr/local/bin/aws-nuke | |
# test it | |
aws-nuke --help |
NewerOlder