/audit-aws-ec2

Primary LanguageRubyApache License 2.0Apache-2.0

audit EC2

This stack will monitor EC2 and alert on things CloudCoreo developers think are violations of best practices

Description

This repo is designed to work with CloudCoreo. It will monitor EC2 against best practices for you and send a report to the email address designated by the config.yaml AUDIT_AWS_EC2_ALERT_RECIPIENT value

Hierarchy

composite inheritance hierarchy

Required variables with no default

None

Required variables with default

AUDIT_AWS_EC2_REGIONS:

  • description: List of AWS regions to check. Default is all regions. Choices are us-east-1,us-east-2,us-west-1,us-west-2,ca-central-1,ap-south-1,ap-northeast-2,ap-southeast-1,ap-southeast-2,ap-northeast-1,eu-central-1,eu-west-1,eu-west-1,sa-east-1
  • default: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, ap-south-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, eu-central-1, eu-west-1, eu-west-2, sa-east-1

AUDIT_AWS_EC2_ALLOW_EMPTY:

  • description: Would you like to receive empty reports? Options - true / false. Default is false.
  • default: false

AUDIT_AWS_EC2_SEND_ON:

  • description: Send reports always or only when there is a change? Options - always / change. Default is change.
  • default: change

Optional variables with default

AUDIT_AWS_EC2_ALERT_LIST:

  • description: Which alerts would you like to check for? Default is all EC2 alerts. Choices are ec2-inventory-instances,ec2-inventory-security-groups,ec2-ip-address-whitelisted,ec2-unrestricted-traffic,ec2-TCP-1521-0.0.0.0/0,ec2-TCP-3306-0.0.0.0/0,ec2-TCP-5432-0.0.0.0/0,ec2-TCP-27017-0.0.0.0/0,ec2-TCP-1433-0.0.0.0/0,ec2-TCP-3389-0.0.0.0/0,ec2-TCP-22-0.0.0.0/0,ec2-TCP-5439-0.0.0.0/0,ec2-TCP-23,ec2-TCP-21,ec2-TCP-20,ec2-ports-range,ec2-not-used-security-groups
  • default: ec2-inventory-instances, ec2-inventory-security-groups, ec2-ip-address-whitelisted, ec2-unrestricted-traffic, ec2-TCP-1521-0.0.0.0/0, ec2-TCP-3306-0.0.0.0/0, ec2-TCP-5432-0.0.0.0/0, ec2-TCP-27017-0.0.0.0/0, ec2-TCP-1433-0.0.0.0/0, ec2-TCP-3389-0.0.0.0/0, ec2-TCP-22-0.0.0.0/0, ec2-TCP-5439-0.0.0.0/0, ec2-TCP-23, ec2-TCP-21, ec2-TCP-20, ec2-ports-range, ec2-not-used-security-groups

AUDIT_AWS_EC2_OWNER_TAG:

  • description: Enter an AWS tag whose value is an email address of the owner of the EC2 object. (Optional)
  • default: NOT_A_TAG

Optional variables with no default

AUDIT_AWS_EC2_ALERT_RECIPIENT:

  • description: Enter the email address(es) that will receive notifications. If more than one, separate each with a comma.

Tags

  1. Audit
  2. Best Practices
  3. Alert
  4. EC2

Categories

  1. Audit

Diagram

diagram

Icon

icon