Aws notes/Getting Serious About AWS Config Rules

From Federal Burro of Information
Revision as of 18:02, 13 November 2018 by David (talk | contribs) (→‎The OS way)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Overview

There are a suite of service in AWS that can help you get yourself to an auditable position:

  • AWS config
  • AWS Cloudtrails

You can define rule about how your cloud account should be, and make an immutable record of how it is and changes over time with these two services.

There are published best practices , so you can go and roll your own setup.

You could pay someone else to do it:

Or you can use some open source tools:

The OS way

For those of you who just want results. ( not for those of you who want to write your own rules ). THink of this as 80/20. For 20% work, you get 80% of the functionality and effect. If you have nthing, or little time, this is for you.

  • You have the right amount of know-how.
  • You want the right amount of automation.
  • And open source is the right price.

0. ensure your env has AWS api keys loaded.

1. install rdk ( rule development kit )

pip install rdk

2. clone the rules:

cd ~/work
git clone git@github.com:awslabs/aws-config-rules.git
cd aws-config
cd python
rdk init
rdk deploy ANY_ONE_OF_RULE_IN_THIS_DIR

Then go take a look in the console to see how you are doing.

To Do

  • reporting
  • management
  • reconcile