diff --git a/.github/ISSUE_TEMPLATE/calculated-policy---create-bug-report.md b/.github/ISSUE_TEMPLATE/calculated-policy---create-bug-report.md deleted file mode 100644 index b7a64694d..000000000 --- a/.github/ISSUE_TEMPLATE/calculated-policy---create-bug-report.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Calculated Policy - Create bug report -about: Create a new bug report for a calculated policy -title: Calculated Policy - -labels: bug, calculated-policy -assignees: '' - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behaviour: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Additional context** -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/calculated-policy---create-new-policy.md b/.github/ISSUE_TEMPLATE/calculated-policy---create-new-policy.md deleted file mode 100644 index f6f2707ee..000000000 --- a/.github/ISSUE_TEMPLATE/calculated-policy---create-new-policy.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -name: Calculated Policy - Create new policy -about: Create a new calculated policy -title: Calculated Policy - -labels: calculated-policy -assignees: '' - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. - -**Workspace Reference URL** -- [ ] Create README.md (Required) -- [ ] Add `outputs.tf` (If applicable) -- [ ] Add `variables.tf` (Required) -- [ ] Add `providers.tf` (Required) -- [ ] Add `smart_folder.tf` (Required) -- [ ] Policies end with `*_policies.tf` (Required) -- [ ] Cloud specific resources are in own files -- [ ] No customer data present diff --git a/.github/ISSUE_TEMPLATE/graphql---bug-report.md b/.github/ISSUE_TEMPLATE/graphql---bug-report.md deleted file mode 100644 index e4b457c39..000000000 --- a/.github/ISSUE_TEMPLATE/graphql---bug-report.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -name: GraphQL - Bug report -about: Create a report on a bug in a query -title: GraphQL - -labels: bug, graphql -assignees: '' - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Desktop (please complete the following information):** - - OS: [e.g. iOS] - - Browser [e.g. chrome, safari] - - Version [e.g. 22] - -**Smartphone (please complete the following information):** - - Device: [e.g. iPhone6] - - OS: [e.g. iOS8.1] - - Browser [e.g. stock browser, safari] - - Version [e.g. 22] - -**Additional context** -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/graphql---create-new-query-example.md b/.github/ISSUE_TEMPLATE/graphql---create-new-query-example.md deleted file mode 100644 index 3a1fccb79..000000000 --- a/.github/ISSUE_TEMPLATE/graphql---create-new-query-example.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: GraphQL - Create new query example -about: Create a new useful Turbot GraphQL query -title: GraphQL - -labels: enhancement, graphql -assignees: '' - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/policy-pack---create-bug-report.md b/.github/ISSUE_TEMPLATE/policy-pack---create-bug-report.md new file mode 100644 index 000000000..11325c9d2 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/policy-pack---create-bug-report.md @@ -0,0 +1,28 @@ +--- +name: Policy Pack - Bug report +about: Create a bug report for a policy pack +title: - +labels: bug +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To reproduce** +Steps to reproduce the behaviour: +1. Go to '...' +2. Click on '...' +3. Scroll down to '...' +4. Run the command '...' +5. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/policy-pack---create-new-pack.md b/.github/ISSUE_TEMPLATE/policy-pack---create-new-pack.md new file mode 100644 index 000000000..efdb4a1c6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/policy-pack---create-new-pack.md @@ -0,0 +1,20 @@ +--- +name: Policy Pack - New policy pack +about: Suggest a new policy pack +title: Add policy pack - +labels: enhancement +assignees: '' + +--- + +**Control objective** +A clear and concise description of what the control objective is and why it's important. + +**Remediation** +The remediation action(s) to satisfy the control objective. + +**Categories** +Proposed primary category and categories from the [available list of categories](https://github.com/turbot/guardrails-samples/tree/main/policy_packs#readmemd). + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/security-hub---bug-report.md b/.github/ISSUE_TEMPLATE/security-hub---bug-report.md deleted file mode 100644 index c0d4bea8f..000000000 --- a/.github/ISSUE_TEMPLATE/security-hub---bug-report.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -name: Security Hub - Bug report -about: Create a report to help us improve -title: SecHub - -labels: bug, security_hub -assignees: '' - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Desktop (please complete the following information):** - - OS: [e.g. iOS] - - Browser [e.g. chrome, safari] - - Version [e.g. 22] - -**Smartphone (please complete the following information):** - - Device: [e.g. iPhone6] - - OS: [e.g. iOS8.1] - - Browser [e.g. stock browser, safari] - - Version [e.g. 22] - -**Additional context** -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/security-hub---create-new-feature.md b/.github/ISSUE_TEMPLATE/security-hub---create-new-feature.md deleted file mode 100644 index d1eddf3ac..000000000 --- a/.github/ISSUE_TEMPLATE/security-hub---create-new-feature.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: Security Hub - Create new feature -about: Suggest an idea for this project -title: SecHub - -labels: enhancement, security_hub -assignees: '' - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/trimbot---bug-report.md b/.github/ISSUE_TEMPLATE/trimbot---bug-report.md deleted file mode 100644 index eb9018a20..000000000 --- a/.github/ISSUE_TEMPLATE/trimbot---bug-report.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -name: TrimBot - Bug report -about: Create a report to help us improve TrimBot -title: TrimBot - -labels: bug, trimbot -assignees: '' - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Desktop (please complete the following information):** - - OS: [e.g. iOS] - - Browser [e.g. chrome, safari] - - Version [e.g. 22] - -**Smartphone (please complete the following information):** - - Device: [e.g. iPhone6] - - OS: [e.g. iOS8.1] - - Browser [e.g. stock browser, safari] - - Version [e.g. 22] - -**Additional context** -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/trimbot---create-new-feature.md b/.github/ISSUE_TEMPLATE/trimbot---create-new-feature.md deleted file mode 100644 index 77c82e05a..000000000 --- a/.github/ISSUE_TEMPLATE/trimbot---create-new-feature.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: TrimBot - Create new feature -about: Suggest an idea for this project -title: TrimBot - -labels: enhancement, trimbot -assignees: '' - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/.github/workflows/baselines.yml b/.github/workflows/baselines.yml new file mode 100644 index 000000000..0012d01b7 --- /dev/null +++ b/.github/workflows/baselines.yml @@ -0,0 +1,52 @@ +name: Baselines + +on: + workflow_dispatch: + inputs: + dryRun: + description: Set to true for a dry run + required: false + default: "false" + type: string + push: + paths: + - baselines/** + +jobs: + terraform: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + # with: + # terraform_version: 1.4.6 + + - name: Set Turbot credentials + run: | + echo "TURBOT_WORKSPACE=${{ secrets.TURBOT_WORKSPACE }}" >> $GITHUB_ENV + echo "TURBOT_ACCESS_KEY=${{ secrets.TURBOT_ACCESS_KEY }}" >> $GITHUB_ENV + echo "TURBOT_SECRET_KEY=${{ secrets.TURBOT_SECRET_KEY }}" >> $GITHUB_ENV + + - name: Find all Terraform folders + id: find_folders + run: | + folders=$(find baselines -type d -name "*.tf" -exec dirname {} \; | sort -u) + echo "folders=$folders" >> $GITHUB_ENV + echo "::set-output name=folders::$folders" + + - name: Run Terraform + run: | + for folder in ${{ steps.find_folders.outputs.folders }}; do + cd $folder + terraform init + if [[ "$folder" == *"mods"* ]]; then + terraform apply -auto-approve -parallelism=1 + else + terraform apply -auto-approve + fi + cd - > /dev/null + done diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 000000000..64fd28d8f --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,17 @@ +name: Stale Issues and PRs +on: + schedule: + - cron: "30 23 * * *" + workflow_dispatch: + inputs: + dryRun: + description: Set to true for a dry run + required: false + default: "false" + type: string + +jobs: + stale_workflow: + uses: turbot/steampipe-workflows/.github/workflows/stale.yml@main + with: + dryRun: ${{ github.event.inputs.dryRun }} \ No newline at end of file diff --git a/.gitignore b/.gitignore index 710994ca3..1a1b975ad 100644 --- a/.gitignore +++ b/.gitignore @@ -29,7 +29,6 @@ Temporary Items ### Node ### # Logs -logs *.log npm-debug.log* yarn-debug.log* diff --git a/.vscode/launch.json b/.vscode/launch.json deleted file mode 100644 index 4b56f6432..000000000 --- a/.vscode/launch.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - // Use IntelliSense to learn about possible attributes. - // Hover to view descriptions of existing attributes. - // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 - "version": "0.2.0", - "configurations": [ - { - "type": "bashdb", - "request": "launch", - "name": "run-controls.sh", - "cwd": "${workspaceFolder}/api_examples/graphql/clients/shell/run-controls/", - "program": "${workspaceFolder}/api_examples/graphql/clients/shell/run-controls/run-controls.sh", - "args": ["--filter", "state:error", "--dry-run", "true", "--batch-size", "2", "--sleep-time", "0"] - }, - { - "type": "bashdb", - "request": "launch", - "name": "run-policies.sh", - "cwd": "${workspaceFolder}/api_examples/graphql/clients/shell/run-policies/", - "program": "${workspaceFolder}/api_examples/graphql/clients/shell/run-policies/run-policies.sh", - "args": ["--filter", "state:ok", "--dry-run", "true"] - }, - { - "type": "node", - "request": "launch", - "name": "Gen Doc: API Examples", - "program": "${workspaceFolder}/repo-tools/gen-doc-api-examples.js", - "skipFiles": ["/**"] - }, - - { - "type": "node", - "request": "launch", - "name": "Gen Doc: Calculated Policies", - "program": "${workspaceFolder}/repo-tools/gen-doc-calc-policies.js", - "skipFiles": ["/**"] - } - ] -} diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 5ec051170..000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "cSpell.words": [ - "creds", - "graphql", - "nunjucks" - ], - "python.pythonPath": "/usr/bin/python3" -} diff --git a/README.md b/README.md index b778034f2..063bc15bd 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,68 @@ -# Turbot Guardrails Samples Repo +# Turbot Guardrails Samples -The Turbot Guardrails Samples Repo provides teams using [Turbot Guardrails](https://turbot.com/guardrails) automation and configuration-as-code examples for effective management of Guardrails for their organization. +[![policy packs](https://img.shields.io/badge/policy_packs-143-blue)](https://hub.guardrails.turbot.com/policy-packs?utm_id=gspreadme&utm_source=github&utm_medium=repo&utm_campaign=github&utm_content=readme)   +[![slack](https://img.shields.io/badge/slack-2500-blue)](https://turbot.com/community/join?utm_id=gspreadme&utm_source=github&utm_medium=repo&utm_campaign=github&utm_content=readme)   +[![maintained by](https://img.shields.io/badge/maintained%20by-Turbot-blue)](https://turbot.com?utm_id=gspreadme&utm_source=github&utm_medium=repo&utm_campaign=github&utm_content=readme) -## Download these examples +This repository contains sample Policy Packs and queries to help you get started with Turbot Guardrails, ensuring your cloud environments are secure, compliant, and well-governed. It provides teams using [Turbot Guardrails](https://turbot.com/guardrails) automation and configuration-as-code examples for effective management of Guardrails for their organization. -```shell +## Getting Started + +### Prerequisites + +Before you begin, ensure you have met the following requirements: + +- You have an active Guardrails workspace. +- You have the necessary permissions to create and manage policies in Guardrails. +- You have set up your cloud provider accounts (AWS, Azure, GCP) and imported them in your Guardrails workspace. + +### Usage + +Clone: + +```bash git clone https://github.com/turbot/guardrails-samples.git +cd guardrails-samples ``` -## GraphQL API +Please see each directory's README that contains specific usage instructions. + +### API Examples + +The [api_examples](https://github.com/turbot/guardrails-samples/tree/main/api_examples) directory includes working examples of how to call the Guardrails GraphQL API using Python and Javascript (node.js), this can serve a starting point for developing your own scripts or integrations. + +### Baselines + +The [baselines](https://github.com/turbot/guardrails-samples/tree/main/baselines) directory provides a starting point for the most common configuration templates needed when creating a new Turbot Guardrails workspace or onboarding a cloud provider resource into Guardrails. Baselines are implemented with [Terraform](https://www.terraform.io), allowing you to manage and provision Turbot Guardrails with a repeatable, idempotent, versioned infrastructure-as-code approach. + +### Enterprise Installation + +The [enterprise_installation](https://github.com/turbot/guardrails-samples/tree/main/enterprise_installation) directory contains some common (and uncommon) helpers that are sometimes used as part of complex enterprise installations of Guardrails. Guardrails support or professional services will direct you to use these when needed for your install. + +### Guardrails Utilities + +The [guardrails_utilities](https://github.com/turbot/guardrails-samples/tree/main/guardrails_utilities) directory contains useful scripts and utilities for common guardrails support operations (both enterprise and SaaS). Guardrails support or professional services will direct you to use these when needed. + +### Mod Examples + +The [mod_examples](https://github.com/turbot/guardrails-samples/tree/main/mod_examples) directory contains a working example of a custom mod that can serve as the basis for writing your own custom integration for Turbot Guardrails. + +### Policy Packs + +The [policy_packs](https://github.com/turbot/guardrails-samples/tree/main/policy_packs) directory includes policy configurations for implementing common best practices for security, FinOps and compliance configured via Guardrails policy settings. The Policy Packs are implemented with [Terraform](https://www.terraform.io), allowing you to manage and provision Guardrails with a repeatable, idempotent, versioned infrastructure-as-code approach. + +### Queries -Includes working examples, queries and integrations written using the Guardrails GraphQL API. It's intended as a resource for developers to use as a starting point for your own integrations. +The [queries](https://github.com/turbot/guardrails-samples/tree/main/queries) directory contains GraphQL queries that can be run in your [Turbot Guardrails](https://turbot.com/guardrails) environment to assess compliance and security status of your cloud resources. These queries are designed to retrieve specific data points from your cloud environment, enabling you to enforce policies, generate reports, and monitor compliance. Each query is tailored to address a particular governance requirement or best practice. -## Control Objectives +## Open Source & Contributing -Includes policy configurations (including some calculated policies) for implementing best-practice control objectives across cloud service platforms and services. The Control Objectives are implemented with [Terraform](https://www.terraform.io), allowing you to manage and provision Guardrails with a repeatable, idempotent, versioned infrastructure-as-code approach. +This repository is published under the [Apache 2.0 license](https://www.apache.org/licenses/LICENSE-2.0). Please see our [code of conduct](https://github.com/turbot/.github/blob/main/CODE_OF_CONDUCT.md). We look forward to collaborating with you! -## Baselines +## Get Involved -Baselines provide a starting point for the most common configuration templates needed when creating a new Turbot Guardrails workspace or onboarding a cloud provider resource into Guardrails. Baselines are implemented with [Terraform](https://www.terraform.io), allowing you to manage and provision Turbot Guardrails with a repeatable, idempotent, versioned infrastructure-as-code approach. +**[Join #guardrails on Slack →](https://turbot.com/community/join)** -## Calculated Policies +Want to help but not sure where to start? Pick up one of the `help wanted` issues: -Provides templates for implementing calculated policies. Calculated policies allow Guardrails administrators to modify or extend the default behavior and logic that Guardrails uses to evaluate controls. The calculated policy examples are implemented with [Terraform](https://www.terraform.io) allowing you to manage and provision Turbot Guardrails with a repeatable, idempotent, versioned infrastructure-as-code approach. +- [Guardrails Samples](https://github.com/turbot/guardrails-samples/labels/help%20wanted) diff --git a/api_examples/README.md b/api_examples/README.md index 90b131a1c..62536ba64 100644 --- a/api_examples/README.md +++ b/api_examples/README.md @@ -1,27 +1,14 @@ # @turbot/graphql-examples -This repository includes working examples, queries and integrations written using the -Turbot GraphQL API. It's intended as a resource for developers to use as a starting -point for your own integrations. +This repository includes working examples written using the +Turbot GraphQL API. It's intended as a resource for developers +to use as a starting point for your own integrations. ## GraphQL Clients Simple, example clients for running queries against Turbot's GraphQL API. -* [Node / Javascript](./graphql/clients/node) -* [Python](./graphql/clients/python) -* [Bash / Shell](./graphql/clients/shell/README.md) +* [Node / Javascript](./node) +* [Python](./python) - -## GraphQL Queries - -Practical examples of Turbot GraphQL queries: - -* [List all storage resources](./graphql/queries/storage-resources.graphql) -* [Full version history of a resource](./graphql/queries/resource-history.graphql) -* [List controls to investigate in states Error, Invalid or TBD](./graphql/queries/controls-to-investigate.graphql) -* [Paging through results](./graphql/queries/paging.graphql) -* [Run a control](./graphql/queries/run-control.graphql) -* [CIS controls summary (all providers, all resources)](./graphql/queries/cis-controls-summary.graphql) -* [Create a profile](./graphql/queries/create_profile.graphql) diff --git a/api_examples/graphql/clients/node/calculate-policy-values-for-filter/README.md b/api_examples/graphql/clients/node/calculate-policy-values-for-filter/README.md deleted file mode 100644 index fdcbf365d..000000000 --- a/api_examples/graphql/clients/node/calculate-policy-values-for-filter/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# Calculate policy values - -## Example - -### Dependencies - -Install the dependencies: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node calculate-policy-values-for-filter.js -``` diff --git a/api_examples/graphql/clients/node/controls-in-alert-by-tag/README.md b/api_examples/graphql/clients/node/controls-in-alert-by-tag/README.md deleted file mode 100644 index 01bee5cff..000000000 --- a/api_examples/graphql/clients/node/controls-in-alert-by-tag/README.md +++ /dev/null @@ -1,31 +0,0 @@ -# Filtered controls in alert - -Filters a list of controls by tag and finds the controls that are in alert - -## Example - -### Dependencies - -Install the dependencies: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node controls-in-alert-by-tag.js -``` diff --git a/api_examples/graphql/clients/node/controls-in-alert-by-tag/controls-in-alert-by-tag.js b/api_examples/graphql/clients/node/controls-in-alert-by-tag/controls-in-alert-by-tag.js deleted file mode 100644 index 9ff6250b3..000000000 --- a/api_examples/graphql/clients/node/controls-in-alert-by-tag/controls-in-alert-by-tag.js +++ /dev/null @@ -1,122 +0,0 @@ -const { GraphQLClient } = require('graphql-request'); -const btoa = require("btoa"); -const _ = require("lodash"); - -// Match a single cost center tag -const RESOURCE_FILTER = "$.turbot.tags.'Cost Center':zz-386651821766"; - -// Resources in Sales department -// const RESOURCE_FILTER = "$.turbot.tags.Department:Sales"; - -// Resources in Sales or Marketing -// const RESOURCE_FILTER = "$.turbot.tags.Department:Sales,Marketing"; - -// Resources with Department=Sales and Cost Center=zz-386651821766 -//const RESOURCE_FILTER = "$.turbot.tags.Department:Sales $.turbot.tags.'Cost Center':zz-386651821766"; - -// Resources with Department=Sales and in AWS region us-east-1 or us-east-2 -// const RESOURCE_FILTER = "$.turbot.tags.Department:Sales $.turbot.custom.aws.regionName:us-east-1,us-east-2"; - - -async function main() { - - const endpoint = process.env.TURBOT_GRAPHQL_ENDPOINT; - const accessKeyId = process.env.TURBOT_ACCESS_KEY_ID; - const secretAccessKey = process.env.TURBOT_SECRET_ACCESS_KEY; - - const graphQLClient = new GraphQLClient(endpoint, { - headers: { - authorization: 'Basic ' + btoa(`${accessKeyId}:${secretAccessKey}`) - } - }); - - const resourcesWithTagQuery = ` - query { - resources(filter: "${RESOURCE_FILTER} limit:300") { - items { - turbot { id } - } - } - } - `; - - const resourcesWithTag = await graphQLClient.request(resourcesWithTagQuery); - - const resourceIdsWithTag = resourcesWithTag.resources.items.map(i => { return i.turbot.id }); - - var controlsQuery = ` - query { - - controlSummariesByResource(filter:"resource:${resourceIdsWithTag.join(',')} limit:300") { - metadata { - stats { - control { error invalid alarm ok skipped tbd } - } - } - } - - controls(filter: "resource:${resourceIdsWithTag.join(',')} state:alarm,error,invalid limit:300 sort:resourceId,state") { - items { - state - turbot { id } - type { - uri - trunk { items { turbot { title } } } - } - resource { - turbot { id title } - trunk { items { turbot { title } } } - } - } - } - - } - - `; - - const controlsResult = await graphQLClient.request(controlsQuery, {}); - - console.log(); - console.log(`Filter: ${RESOURCE_FILTER}`); - console.log(); - console.log(`Resources found: ${resourceIdsWithTag.length}`); - console.log(); - console.log(`Control summary:`); - - Object.entries(controlsResult.controlsByResourceList.metadata.stats.control).forEach(([state,count]) => { - console.log(" " + state.toUpperCase().padStart(7) + ": " + count); - }); - - if (controlsResult.controlList.items.length > 0) { - - console.log(); - console.log(`Alerts by resource:`); - var currentResourceId = null; - for (const control of controlsResult.controlList.items) { - if (control.resource.turbot.id != currentResourceId) { - console.log(); - console.log(" " + control.resource.trunk.items.map(i => { return i.turbot.title }).join(" > ") + ":"); - currentResourceId = control.resource.turbot.id; - } - console.log(" " + control.state.toUpperCase().padStart(7) + ": " + control.type.trunk.items.map(i => { return i.turbot.title }).join(" > ")); - } - - console.log(); - console.log(`Alerts by control type:`); - var currentControlTypeUri = null; - for (const control of _.sortBy(controlsResult.controlList.items, i => { return i.type.uri })) { - if (control.type.uri != currentControlTypeUri) { - console.log(); - console.log(" " + control.type.trunk.items.map(i => { return i.turbot.title }).join(" > ") + ":"); - currentControlTypeUri = control.type.uri; - } - console.log(" " + control.state.toUpperCase().padStart(7) + ": " + control.resource.trunk.items.map(i => { return i.turbot.title }).join(" > ")); - } - - } - - console.log(); - -} - -main().catch(error => console.error(error)) diff --git a/api_examples/graphql/clients/node/controls-in-alert-by-tag/package-lock.json b/api_examples/graphql/clients/node/controls-in-alert-by-tag/package-lock.json deleted file mode 100644 index 124e776af..000000000 --- a/api_examples/graphql/clients/node/controls-in-alert-by-tag/package-lock.json +++ /dev/null @@ -1,274 +0,0 @@ -{ - "name": "controls-in-alert-by-tag", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/node/controls-in-alert-by-tag/package.json b/api_examples/graphql/clients/node/controls-in-alert-by-tag/package.json deleted file mode 100644 index 2c58aad3a..000000000 --- a/api_examples/graphql/clients/node/controls-in-alert-by-tag/package.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "name": "controls-in-alert-by-tag", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } -} diff --git a/api_examples/graphql/clients/node/get-notifications-by-class/README.md b/api_examples/graphql/clients/node/get-notifications-by-class/README.md deleted file mode 100644 index e8ea07eea..000000000 --- a/api_examples/graphql/clients/node/get-notifications-by-class/README.md +++ /dev/null @@ -1,38 +0,0 @@ -# Get notifications by notification class - -This script will return a filtered collection of notifications the notification class to filter results. -For more information on (filtering notifications)[https://turbot.com/v5/docs/reference/filter/notifications#filtering-notifications]. - -In this example, the script will return all notifications that were returned over the last 10 days. -For more information on how to use (datetime filters)[https://turbot.com/v5/docs/reference/filter#datetime-filters]. - -In this example, the script will sort the notifications displaying most recent first. -For more information on how to use (sorting)[https://turbot.com/v5/docs/reference/filter#sorting]. - -## Example - -### Dependencies - -Install the dependencies: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node get-notifications-by-class.js -``` diff --git a/api_examples/graphql/clients/node/get-notifications-by-class/get-notifications-by-class.js b/api_examples/graphql/clients/node/get-notifications-by-class/get-notifications-by-class.js deleted file mode 100644 index 818da86f3..000000000 --- a/api_examples/graphql/clients/node/get-notifications-by-class/get-notifications-by-class.js +++ /dev/null @@ -1,97 +0,0 @@ -const { GraphQLClient } = require("graphql-request"); -const btoa = require("btoa"); - -// Possible values allowed are: [ "resource", "policyValue", "policySetting", "control", "grant", "activeGrant" ] -const NOTIFICATION_TYPE_CLASS = "resource"; -// Multiple types are also possible, see commented example -// const NOTIFICATION_TYPE_CLASS = "resource,policyValue"; - -// Notifications can be filtered by a time range. The below examples returns all notifications for the last 10 days -// For more information on date time filters: https://turbot.com/v5/docs/reference/filter#datetime-filters -const DATE_TIME_FILTER = " console.error(error)); diff --git a/api_examples/graphql/clients/node/get-notifications-by-class/package-lock.json b/api_examples/graphql/clients/node/get-notifications-by-class/package-lock.json deleted file mode 100644 index 33bc0760b..000000000 --- a/api_examples/graphql/clients/node/get-notifications-by-class/package-lock.json +++ /dev/null @@ -1,263 +0,0 @@ -{ - "name": "get-notifications-by-class", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/node/get-notifications-by-class/package.json b/api_examples/graphql/clients/node/get-notifications-by-class/package.json deleted file mode 100644 index 64d93fd64..000000000 --- a/api_examples/graphql/clients/node/get-notifications-by-class/package.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "name": "get-notifications-by-class", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } -} diff --git a/api_examples/graphql/clients/node/get-notifications-by-type/README.md b/api_examples/graphql/clients/node/get-notifications-by-type/README.md deleted file mode 100644 index 4731a7628..000000000 --- a/api_examples/graphql/clients/node/get-notifications-by-type/README.md +++ /dev/null @@ -1,38 +0,0 @@ -# Get notifications by notification type - -This script will return a filtered collection of notifications using the notification type to filter results. -For more information on (notifications types)[https://turbot.com/v5/docs/concepts/notifications#notification-types]. - -In this example, the script will return all notifications that were returned over the last 10 days. -For more information on how to use (datetime filters)[https://turbot.com/v5/docs/reference/filter#datetime-filters]. - -In this example, the script will sort the notifications displaying most recent first. -For more information on how to use (sorting)[https://turbot.com/v5/docs/reference/filter#sorting]. - -## Example - -### Dependencies - -Install the dependencies: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node get-notifications-by-type.js -``` diff --git a/api_examples/graphql/clients/node/get-notifications-by-type/get-notifications-by-type.js b/api_examples/graphql/clients/node/get-notifications-by-type/get-notifications-by-type.js deleted file mode 100644 index f1566e440..000000000 --- a/api_examples/graphql/clients/node/get-notifications-by-type/get-notifications-by-type.js +++ /dev/null @@ -1,97 +0,0 @@ -const { GraphQLClient } = require("graphql-request"); -const btoa = require("btoa"); - -// Possible values can at the url https://turbot.com/v5/docs/concepts/notifications#notification-types -// Multiple type are possible - Below example is same as notificationType:resource -const NOTIFICATION_TYPE = "resource_created,resource_updated,resource_deleted"; -// Single types are also possible, see commented example -// const NOTIFICATION_TYPE = "resource_created"; - -// Notifications can be filtered by a time range. The below examples returns all notifications for the last 10 days -// For more information on date time filters: https://turbot.com/v5/docs/reference/filter#datetime-filters -const DATE_TIME_FILTER = " console.error(error)); diff --git a/api_examples/graphql/clients/node/get-notifications-by-type/package-lock.json b/api_examples/graphql/clients/node/get-notifications-by-type/package-lock.json deleted file mode 100644 index f33697626..000000000 --- a/api_examples/graphql/clients/node/get-notifications-by-type/package-lock.json +++ /dev/null @@ -1,263 +0,0 @@ -{ - "name": "get-notifications-by-type", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.1.tgz", - "integrity": "sha512-RHkBKtLWUVwd7SqRIvCZMEvAMoGUp0XU+seQiZejj0COz3RI3hWP4sCv3gZWWLjJTd7rGwcsF5eKZGii0r/hbg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "16.8.1", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-16.8.1.tgz", - "integrity": "sha512-59LZHPdGZVh695Ud9lRzPBVTtlX9ZCV150Er2W43ro37wVof0ctenSaskPPjN7lVTIN8mSZt8PHUNKZuNQUuxw==", - "peer": true, - "engines": { - "node": "^12.22.0 || ^14.16.0 || ^16.0.0 || >=17.0.0" - } - }, - "node_modules/graphql-request": { - "version": "3.7.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.7.0.tgz", - "integrity": "sha512-dw5PxHCgBneN2DDNqpWu8QkbbJ07oOziy8z+bK/TAXufsOLaETuVO4GkXrbs0WjhdKhBMN3BkpN/RIvUHkmNUQ==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14 - 16" - } - }, - "node_modules/mime-db": { - "version": "1.52.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.35", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", - "dependencies": { - "mime-db": "1.52.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.1.tgz", - "integrity": "sha512-RHkBKtLWUVwd7SqRIvCZMEvAMoGUp0XU+seQiZejj0COz3RI3hWP4sCv3gZWWLjJTd7rGwcsF5eKZGii0r/hbg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "16.8.1", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-16.8.1.tgz", - "integrity": "sha512-59LZHPdGZVh695Ud9lRzPBVTtlX9ZCV150Er2W43ro37wVof0ctenSaskPPjN7lVTIN8mSZt8PHUNKZuNQUuxw==", - "peer": true - }, - "graphql-request": { - "version": "3.7.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.7.0.tgz", - "integrity": "sha512-dw5PxHCgBneN2DDNqpWu8QkbbJ07oOziy8z+bK/TAXufsOLaETuVO4GkXrbs0WjhdKhBMN3BkpN/RIvUHkmNUQ==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "mime-db": { - "version": "1.52.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==" - }, - "mime-types": { - "version": "2.1.35", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", - "requires": { - "mime-db": "1.52.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/node/get-notifications-by-type/package.json b/api_examples/graphql/clients/node/get-notifications-by-type/package.json deleted file mode 100644 index 6843a463a..000000000 --- a/api_examples/graphql/clients/node/get-notifications-by-type/package.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "name": "get-notifications-by-type", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } -} diff --git a/api_examples/graphql/clients/node/get-specific-resource-last-notification/README.md b/api_examples/graphql/clients/node/get-specific-resource-last-notification/README.md deleted file mode 100644 index 17171ec44..000000000 --- a/api_examples/graphql/clients/node/get-specific-resource-last-notification/README.md +++ /dev/null @@ -1,38 +0,0 @@ -# Get notifications for a specific resource - -This script provides an example of how to look up a resource id using a Turbot aka. -From there the script will return the last notification for the found resource if it exists. - -In this example, the script is configured to return the last notification only. -For more information on how to (limit results)[https://turbot.com/v5/docs/reference/filter#limiting-results]. - -In this example, the script will sort the notifications displaying most recent first. -For more information on how to use (sorting)[https://turbot.com/v5/docs/reference/filter#sorting]. - -## Example - -### Dependencies - -Install the dependencies: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node get-specific-resource-last-notification.js -``` diff --git a/api_examples/graphql/clients/node/get-specific-resource-last-notification/get-notifications-by-type.js b/api_examples/graphql/clients/node/get-specific-resource-last-notification/get-notifications-by-type.js deleted file mode 100644 index 582ae2345..000000000 --- a/api_examples/graphql/clients/node/get-specific-resource-last-notification/get-notifications-by-type.js +++ /dev/null @@ -1,117 +0,0 @@ -const { GraphQLClient } = require("graphql-request"); -const btoa = require("btoa"); - -// For this example, we have used the aka of the Turbot resource as we know this is constant. -// The code will take the resource AKA and do a resource id lookup. -// The code will then use this resource id to get the notifications for that resource. -const RESOURCE_AKA = "tmod:@turbot/turbot#/"; - -// Sets the amount of notifications we want to get back from the Turbot instance. -// In the example it is set to 1, getting the last notification. -// Changing this will return the last n notifications, where n is the limit. -const FILTER_LIMIT = "1"; - -async function main() { - const endpoint = process.env.TURBOT_GRAPHQL_ENDPOINT; - const accessKeyId = process.env.TURBOT_ACCESS_KEY_ID; - const secretAccessKey = process.env.TURBOT_SECRET_ACCESS_KEY; - - const graphQLClient = new GraphQLClient(endpoint, { - headers: { - authorization: "Basic " + btoa(`${accessKeyId}:${secretAccessKey}`), - }, - }); - - const emptyVariables = {}; - - // ------------------------------------------------------------------- - // Query 1: Find the resource id when an aka is provided - // ------------------------------------------------------------------- - - console.log(`Looking up resource id for resource: ${RESOURCE_AKA}`); - const lookupQuery = ` - query { - resource(id: "${RESOURCE_AKA}") { - turbot { - title - id - } - } - } - `; - - const lookupResult = await graphQLClient.request(lookupQuery, emptyVariables); - - // Look up was successful, set the id - const foundItem = lookupResult.resource.turbot; - console.log(`Resource id found: ${foundItem.id}`); - - // ------------------------------------------------------------------- - // Query 2: Find the notifications based on the id found in the lookup - // ------------------------------------------------------------------- - - console.log(`Querying last ${FILTER_LIMIT} notification(s) for resource ${foundItem.title}`); - - /* - The query returns unnecessary fields which will be populated depending on the value of the resource type class - - If the type is a member of the notification class resource, fields returned: [ resource ] - If the type is a member of the notification class policyValue, fields returned: [ resource, policyValue ] - If the type is a member of the notification class policySetting, fields returned: [ resource, policySetting ] - If the type is a member of the notification class control, fields returned: [ resource, control ] - If the type is a member of the notification class grant, fields returned: [ resource, grant ] - If the type is a member of the notification class activeGrant, fields returned: [ resource ] - */ - const notificationsQuery = ` - query { - notifications(filter: "resource:${foundItem.id} limit:${FILTER_LIMIT} sort:-timestamp") { - items - { - notificationType - - policyValue { - default - value - state - reason - details - secretValue - isCalculated - } - - policyValue { - default - value - state - reason - details - secretValue - isCalculated - } - grant { - permissionTypeId - permissionLevelId - roleName - validFromTimestamp - validToTimestamp - } - - control { - reason - details - } - - resource { - object - } - } - } - } - `; - - const notificationsResult = await graphQLClient.request(notificationsQuery, emptyVariables); - - console.log(JSON.stringify(notificationsResult, null, 2)); -} - -main().catch((error) => console.error(error)); diff --git a/api_examples/graphql/clients/node/get-specific-resource-last-notification/package-lock.json b/api_examples/graphql/clients/node/get-specific-resource-last-notification/package-lock.json deleted file mode 100644 index 5564f8bdd..000000000 --- a/api_examples/graphql/clients/node/get-specific-resource-last-notification/package-lock.json +++ /dev/null @@ -1,263 +0,0 @@ -{ - "name": "get-specific-resource-last-notification", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/node/get-specific-resource-last-notification/package.json b/api_examples/graphql/clients/node/get-specific-resource-last-notification/package.json deleted file mode 100644 index a563fee74..000000000 --- a/api_examples/graphql/clients/node/get-specific-resource-last-notification/package.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "name": "get-specific-resource-last-notification", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } -} diff --git a/api_examples/graphql/clients/node/list-all-policies-in-environment/README.md b/api_examples/graphql/clients/node/list-all-policies-in-environment/README.md deleted file mode 100644 index 3b354bd67..000000000 --- a/api_examples/graphql/clients/node/list-all-policies-in-environment/README.md +++ /dev/null @@ -1,31 +0,0 @@ -# List all policies - -Lists all policies in the target Turbot environment - -## Example - -### Dependencies - -Install the dependencies: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node list-all-policies-in-environment.js -``` diff --git a/api_examples/graphql/clients/node/list-mods-to-updated/README.md b/api_examples/graphql/clients/node/list-mods-to-updated/README.md deleted file mode 100644 index 0d591a261..000000000 --- a/api_examples/graphql/clients/node/list-mods-to-updated/README.md +++ /dev/null @@ -1,31 +0,0 @@ -# List mods to updated - -Script will determine which mods in the Turbot environment is out of date and can be update. - -## Example - -### Dependencies - -Install the dependencies: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node list-mods-to-updated.js -``` diff --git a/api_examples/graphql/clients/node/list-mods-to-updated/list-mods-to-updated.js b/api_examples/graphql/clients/node/list-mods-to-updated/list-mods-to-updated.js deleted file mode 100644 index fa0932754..000000000 --- a/api_examples/graphql/clients/node/list-mods-to-updated/list-mods-to-updated.js +++ /dev/null @@ -1,107 +0,0 @@ -/** - * To get the list of installed mods which requires update. - */ - -const { GraphQLClient } = require("graphql-request"); -const btoa = require("btoa"); - -const filter = - "resourceType:'tmod:@turbot/turbot#/resource/types/mod' resourceTypeLevel:self limit:300"; - -async function main() { - const endpoint = process.env.TURBOT_GRAPHQL_ENDPOINT; - const accessKeyId = process.env.TURBOT_ACCESS_KEY_ID; - const secretAccessKey = process.env.TURBOT_SECRET_ACCESS_KEY; - - const graphQLClient = new GraphQLClient(endpoint, { - headers: { - authorization: "Basic " + btoa(`${accessKeyId}:${secretAccessKey}`) - } - }); - - const installedModsQuery = ` - query installedMods($filter: [String!]!, $paging: String) { - installedMods: resources(filter: $filter, paging: $paging) { - items { - modId: get(path: "$id") - tModId: get(path: "tmod.$id") - initialName: get(path: "package.name") - initialVersion: get(path: "package.version") - name: get(path: "name") - version: get(path: "version") - } - paging { - next - } - } - } - `; - - const eachModInfo = ` - query modInfo($orgName: String, $modName: String) { - modInfo: modVersionSearches(orgName: $orgName, modName: $modName) { - items { - identityName - name - versions { - status - version - } - } - } - } - `; - - let installedMods = []; - let modsToUpdate = []; - let modWithoutRecommended = []; - let paging = null; - - // Get list of all installed Mods in workspace - do { - const variables = { filter, paging }; - const data = await graphQLClient.request(installedModsQuery, variables); - installedMods = installedMods.concat(data.installedMods.items); - paging = data.installedMods.paging.next; - } while (paging); - console.log(`No of Mods : ${installedMods.length}`); - - // For each installed Mod get details from registry and - for (mod of installedMods) { - let modName = mod.modId.split("/").pop(); - console.log("\nMod Name: ", modName); - let vars = { orgName: "turbot", modName }; - try { - let run = await graphQLClient.request(eachModInfo, vars); - let currentVersion = mod.version; - - // Get the recommended version of the mod - let recommended = run.modInfo.items[0].versions.find( - info => info.status === "RECOMMENDED" - ); - - // If recommended version is not available mod not required to be updated - if (!recommended) { - modWithoutRecommended.push(run.modInfo.items[0].name); - continue; - } - console.info("\x1b[37mCurrent : \x1b[0m", currentVersion); - console.info("\x1b[34mRecommended : \x1b[0m", recommended.version); - - // If current version and recommended version is same mod is not required to be updated - if (currentVersion !== recommended.version) { - modsToUpdate.push({ - name: run.modInfo.items[0].name, - version: recommended.version - }); - } - } catch (e) { - console.error(e); - } - } - - console.info("\nMODS TO BE UPDATED: \n", modsToUpdate); - console.info("\nMODS WITHOUT RECOMMENDED VERSION: \n", modWithoutRecommended); -} - -main().catch(error => console.error(error)); diff --git a/api_examples/graphql/clients/node/list-mods-to-updated/package-lock.json b/api_examples/graphql/clients/node/list-mods-to-updated/package-lock.json deleted file mode 100644 index 39337de1a..000000000 --- a/api_examples/graphql/clients/node/list-mods-to-updated/package-lock.json +++ /dev/null @@ -1,274 +0,0 @@ -{ - "name": "list-mods-to-updated", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/node/list-mods-to-updated/package.json b/api_examples/graphql/clients/node/list-mods-to-updated/package.json deleted file mode 100644 index 9d1e9e61e..000000000 --- a/api_examples/graphql/clients/node/list-mods-to-updated/package.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "name": "list-mods-to-updated", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } -} diff --git a/api_examples/graphql/clients/node/run-controls/README.md b/api_examples/graphql/clients/node/run-controls/README.md deleted file mode 100644 index 0ff7cc0e6..000000000 --- a/api_examples/graphql/clients/node/run-controls/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# Run filtered list of controls - -The script will get a filtered list of target controls and then try run all filtered controls. -The filter in the example will trigger runs for all Discovery controls in the Turbot environment. - -## Example - -### Dependencies - -Install the dependencies: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node run-controls.js -``` diff --git a/api_examples/graphql/clients/node/run-controls/package-lock.json b/api_examples/graphql/clients/node/run-controls/package-lock.json deleted file mode 100644 index 9cec9a8f4..000000000 --- a/api_examples/graphql/clients/node/run-controls/package-lock.json +++ /dev/null @@ -1,269 +0,0 @@ -{ - "name": "run-controls-for-filter", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "name": "run-controls-for-filter", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/node/run-controls/package.json b/api_examples/graphql/clients/node/run-controls/package.json deleted file mode 100644 index 71bfe48f4..000000000 --- a/api_examples/graphql/clients/node/run-controls/package.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "name": "run-controls-for-filter", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } -} diff --git a/api_examples/graphql/clients/node/run-controls/run-controls.js b/api_examples/graphql/clients/node/run-controls/run-controls.js deleted file mode 100644 index 2decec692..000000000 --- a/api_examples/graphql/clients/node/run-controls/run-controls.js +++ /dev/null @@ -1,80 +0,0 @@ -const { GraphQLClient } = require("graphql-request"); -const btoa = require("btoa"); - -// Run any control stuck in TBD -//const filter = "state:tbd"; - -// Run any controls in error state -//const filter = "state:error"; - -// Run any controls in any bad state -//const filter = "state:tbd,error,alarm"; - -// Re-run installed control installed -// const filter = "state:tbd,error controlType:'tmod:@turbot/turbot#/control/types/controlInstalled'"; - -// Re-run all discovery controls -const filter = "Discovery controlCategory:'tmod:@turbot/turbot#/control/categories/cmdb'"; - -// Re-run all Event Handler controls -//const filter = "controlType:'tmod:@turbot/aws#/control/types/eventHandlers'"; - -async function main() { - const endpoint = process.env.TURBOT_GRAPHQL_ENDPOINT; - const accessKeyId = process.env.TURBOT_ACCESS_KEY_ID; - const secretAccessKey = process.env.TURBOT_SECRET_ACCESS_KEY; - - const graphQLClient = new GraphQLClient(endpoint, { - headers: { - authorization: "Basic " + btoa(`${accessKeyId}:${secretAccessKey}`), - }, - }); - - const query = ` - query Targets($filter: [String!]!, $paging: String) { - targets: controls(filter: $filter, paging: $paging) { - items { - turbot { id } - state - } - paging { - next - } - } - } - `; - - var mutation = ` - mutation RunControl($input: RunControlInput!) { - runControl(input: $input) { - turbot { - id - } - } - } - `; - - var targets = []; - var paging = null; - - do { - const variables = { filter, paging }; - const data = await graphQLClient.request(query, variables); - targets = targets.concat(data.targets.items); - console.log(`Targets: ${targets.length}`); - paging = data.targets.paging.next; - } while (paging); - - for (const i of targets) { - var vars = { input: { id: i.turbot.id } }; - console.log(vars); - try { - var run = await graphQLClient.request(mutation, vars); - console.log(run); - } catch (e) { - console.error(e); - } - } -} - -main().catch((error) => console.error(error)); diff --git a/api_examples/graphql/clients/node/run-policies/README.md b/api_examples/graphql/clients/node/run-policies/README.md deleted file mode 100644 index 8292c5103..000000000 --- a/api_examples/graphql/clients/node/run-policies/README.md +++ /dev/null @@ -1,48 +0,0 @@ -# Run Policies - -Run this script to run all policies using the states of the policy as a filter to select the policies to run. - -The variable `filter` is used by the script to configure the policies to run that match the specified policy state(s). - -The default state for the variable `filter` is `state:tbd`. - -States for policies in Turbot can be: - -- ok -- tbd -- error -- invalid - -For further reference see [filtering policy values](https://turbot.com/v5/docs/reference/filter/policies#filtering-policy-values) - -Multiple states can be added by separating each state using a comma. -For example when the variable `filter` is set to `state:tbd,error` the script will run all policies that are -in either the state of `tdb` or `error`. - -## Running Script - -### Dependencies - -Install the dependencies at in the script folder by running the command: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node run-policies.js -``` diff --git a/api_examples/graphql/clients/node/run-policies/package-lock.json b/api_examples/graphql/clients/node/run-policies/package-lock.json deleted file mode 100644 index f65db8ca3..000000000 --- a/api_examples/graphql/clients/node/run-policies/package-lock.json +++ /dev/null @@ -1,275 +0,0 @@ -{ - "name": "run-controls-for-filter", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "name": "run-controls-for-filter", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/node/run-policies/package.json b/api_examples/graphql/clients/node/run-policies/package.json deleted file mode 100644 index 71bfe48f4..000000000 --- a/api_examples/graphql/clients/node/run-policies/package.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "name": "run-controls-for-filter", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } -} diff --git a/api_examples/graphql/clients/node/run-policies/run-policies.js b/api_examples/graphql/clients/node/run-policies/run-policies.js deleted file mode 100644 index 85e507bc9..000000000 --- a/api_examples/graphql/clients/node/run-policies/run-policies.js +++ /dev/null @@ -1,75 +0,0 @@ -const { GraphQLClient } = require("graphql-request"); -const btoa = require("btoa"); - -// Example Filters -// --------------- -// Run policies in TBD (Default): "state:tbd" -// Run policies in error state: "state:error" -// Run policies in multiple states: "state:tbd,error,invalid" - -async function main() { - // Default filter - const filter = "state:tbd"; - - // Set up connection to Turbot Workspace using environment variables - const endpoint = process.env.TURBOT_GRAPHQL_ENDPOINT; - const accessKeyId = process.env.TURBOT_ACCESS_KEY_ID; - const secretAccessKey = process.env.TURBOT_SECRET_ACCESS_KEY; - - // Create the client and apply the authorization details - const graphQLClient = new GraphQLClient(endpoint, { - headers: { - authorization: "Basic " + btoa(`${accessKeyId}:${secretAccessKey}`), - }, - }); - - // The GraphQL query to return the policies that are match the filter - const query = ` - query Targets($filter: [String!]!, $paging: String) { - targets: policyValues(filter: $filter, paging: $paging) { - items { - turbot { - id - } - } - paging { - next - } - } - } - `; - - let targets = []; - let paging = null; - - do { - const variables = { filter, paging }; - - const data = await graphQLClient.request(query, variables); - targets = targets.concat(data.targets.items); - paging = data.targets.paging.next; - - console.log(`Targets: ${targets.length}`); - } while (paging); - - // Defines the GraphQL mutation to run the policies that were returned from the GraphQL query - const mutation = ` - mutation RunPolicy($input: RunPolicyInput!) { - runPolicy(input: $input) { - turbot { - id - } - } - } - `; - - for (const i of targets) { - const vars = { input: { id: i.turbot.id } }; - console.log(vars); - - const run = await graphQLClient.request(mutation, vars).catch((error) => console.error(error)); - console.log(run); - } -} - -main().catch((error) => console.error(JSON.stringify(error, null, 2))); diff --git a/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/README.md b/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/README.md deleted file mode 100644 index 31d204213..000000000 --- a/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# Set API enable policies for GCP - -The script enables a collection of API enabled policies for GCP services. -The configuration of services which will have their API enable is defined by a map of services. - -## Example - -### Dependencies - -Install the dependencies: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node set-api-enabled-policies-for-gcp-services.js -``` diff --git a/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/package-lock.json b/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/package-lock.json deleted file mode 100644 index 6c17df5f6..000000000 --- a/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/package-lock.json +++ /dev/null @@ -1,274 +0,0 @@ -{ - "name": "set-api-enabled-policies-for-gcp", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/package.json b/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/package.json deleted file mode 100644 index 5b9284a4d..000000000 --- a/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/package.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "name": "set-api-enabled-policies-for-gcp", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } -} diff --git a/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/set-api-enabled-policies-for-gcp.js b/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/set-api-enabled-policies-for-gcp.js deleted file mode 100644 index 7d8f627ba..000000000 --- a/api_examples/graphql/clients/node/set-api-enabled-policies-for-gcp/set-api-enabled-policies-for-gcp.js +++ /dev/null @@ -1,87 +0,0 @@ -const { GraphQLClient } = require("graphql-request"); -const btoa = require("btoa"); - -async function main() { - const endpoint = process.env.TURBOT_GRAPHQL_ENDPOINT; - const accessKeyId = process.env.TURBOT_ACCESS_KEY_ID; - const secretAccessKey = process.env.TURBOT_SECRET_ACCESS_KEY; - - const graphQLClient = new GraphQLClient(endpoint, { - headers: { - authorization: "Basic " + btoa(`${accessKeyId}:${secretAccessKey}`) - } - }); - - var mutation = ` - mutation CreatePolicySetting($input: CreatePolicySettingInput!) { - createPolicySetting(input: $input) { - turbot { - id - } - } - }`; - - let services = [ - ["gcp-appengine", "appEngineApiEnabled"], - ["gcp-bigquery", "bigQueryApiEnabled"], - ["gcp-bigtable", "bigtableApiEnabled"], - ["gcp-computeengine", "computeEngineApiEnabled"], - ["gcp-dataproc", "dataprocApiEnabled"], - ["gcp-dns", "dnsApiEnabled"], - ["gcp-functions", "functionsApiEnabled"], - ["gcp-iam", "iamApiEnabled"], - ["gcp-kms", "kmsApiEnabled"], - ["gcp-kubernetesengine", "kubernetesEngineApiEnabled"], - ["gcp-logging", "loggingApiEnabled"], - ["gcp-monitoring", "monitoringApiEnabled"], - ["gcp-network", "networkServiceApiEnabled"], - ["gcp-pubsub", "pubsubApiEnabled"], - ["gcp-spanner", "spannerApiEnabled"], - ["gcp-sql", "sqlApiEnabled"], - ["gcp-storage", "storageApiEnabled"] - ]; - - let policymap = new Map(services); - - // Query to get the ID of Turbot - const query = ` - query MyQuery { - resource(id: "tmod:@turbot/turbot#/") { - turbot { - id - } - } - }`; - - const data = await graphQLClient.request(query, {}); - console.log(data); - // Turbot resource Id of the resource at which the policy should be set. - // Can also set it explicitly to specific target like Folder or GCP Project - // let resourceId = "176097085664257"; - let resourceId = data.resource.turbot.id; - - for (let [key, value] of policymap) { - var vars = { - input: { - type: `tmod:@turbot/${key}#/policy/types/${value}`, - resource: resourceId, - precedence: "REQUIRED", - value: "Enforce: Enabled", - templateInput: null, - template: null, - note: null, - validFromTimestamp: null, - validToTimestamp: null - } - }; - console.log(vars); - try { - var run = await graphQLClient.request(mutation, vars); - console.log(run); - } catch (e) { - console.error(e); - } - } -} - -main().catch(error => console.error(error)); diff --git a/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/README.md b/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/README.md deleted file mode 100644 index dbbb259fc..000000000 --- a/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# Set enable policies for GCP - -The script enables a collection of enabled policies for GCP services. -The configuration of services to enable is defined by a map of services. - -## Example - -### Dependencies - -Install the dependencies: - -```shell -npm install -``` - -### Turbot configuration - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -### Running the example - -And run the example: - -```shell -node set-enabled-policies-for-gcp-services.js -``` diff --git a/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/package-lock.json b/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/package-lock.json deleted file mode 100644 index dba6c3a71..000000000 --- a/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/package-lock.json +++ /dev/null @@ -1,274 +0,0 @@ -{ - "name": "set-enabled-policies-for-gcp", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/package.json b/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/package.json deleted file mode 100644 index fdcc29a5f..000000000 --- a/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/package.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "name": "set-enabled-policies-for-gcp", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0", - "lodash": "^4.17.21" - } -} diff --git a/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/set-enabled-policies-for-gcp.js b/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/set-enabled-policies-for-gcp.js deleted file mode 100644 index 90e01a2ad..000000000 --- a/api_examples/graphql/clients/node/set-enabled-policies-for-gcp/set-enabled-policies-for-gcp.js +++ /dev/null @@ -1,87 +0,0 @@ -const { GraphQLClient } = require("graphql-request"); -const btoa = require("btoa"); - -async function main() { - const endpoint = process.env.TURBOT_GRAPHQL_ENDPOINT; - const accessKeyId = process.env.TURBOT_ACCESS_KEY_ID; - const secretAccessKey = process.env.TURBOT_SECRET_ACCESS_KEY; - - const graphQLClient = new GraphQLClient(endpoint, { - headers: { - authorization: "Basic " + btoa(`${accessKeyId}:${secretAccessKey}`) - } - }); - - var mutation = ` - mutation CreatePolicySetting($input: CreatePolicySettingInput!) { - createPolicySetting(input: $input) { - turbot { - id - } - } - }`; - - let services = [ - ["gcp-appengine", "appEngineEnabled"], - ["gcp-bigquery", "bigQueryEnabled"], - ["gcp-bigtable", "bigtableEnabled"], - ["gcp-computeengine", "computeEngineEnabled"], - ["gcp-dataproc", "dataprocEnabled"], - ["gcp-dns", "dnsEnabled"], - ["gcp-functions", "functionsEnabled"], - ["gcp-iam", "iamEnabled"], - ["gcp-kms", "kmsEnabled"], - ["gcp-kubernetesengine", "kubernetesEngineEnabled"], - ["gcp-logging", "loggingEnabled"], - ["gcp-monitoring", "monitoringEnabled"], - ["gcp-network", "networkServiceEnabled"], - ["gcp-pubsub", "pubsubEnabled"], - ["gcp-spanner", "spannerEnabled"], - ["gcp-sql", "sqlEnabled"], - ["gcp-storage", "storageEnabled"] - ]; - - let policymap = new Map(services); - - // Query to get the ID of Turbot - const query = ` - query MyQuery { - resource(id: "tmod:@turbot/turbot#/") { - turbot { - id - } - } - }`; - - const data = await graphQLClient.request(query, {}); - console.log(data); - // Turbot resource Id of the resource at which the policy should be set. - // Can also set it explicitly to specific target like Folder or GCP Project - // let resourceId = "176097085664257"; - let resourceId = data.resource.turbot.id; - - for (let [key, value] of policymap) { - var vars = { - input: { - type: `tmod:@turbot/${key}#/policy/types/${value}`, - resource: resourceId, - precedence: "REQUIRED", - value: "Enabled", - templateInput: null, - template: null, - note: null, - validFromTimestamp: null, - validToTimestamp: null - } - }; - console.log(vars); - try { - var run = await graphQLClient.request(mutation, vars); - console.log(run); - } catch (e) { - console.error(e); - } - } -} - -main().catch(error => console.error(error)); diff --git a/api_examples/graphql/clients/python/aws_import/requirements.txt b/api_examples/graphql/clients/python/aws_import/requirements.txt deleted file mode 100644 index c2184098b..000000000 --- a/api_examples/graphql/clients/python/aws_import/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -Click==8.1.6 -sgqlc==16.3 -../turbot \ No newline at end of file diff --git a/api_examples/graphql/clients/python/azure_import/requirements.txt b/api_examples/graphql/clients/python/azure_import/requirements.txt deleted file mode 100644 index c2184098b..000000000 --- a/api_examples/graphql/clients/python/azure_import/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -Click==8.1.6 -sgqlc==16.3 -../turbot \ No newline at end of file diff --git a/api_examples/graphql/clients/python/clean_malformed_akas/requirements.txt b/api_examples/graphql/clients/python/clean_malformed_akas/requirements.txt deleted file mode 100644 index a9f51b554..000000000 --- a/api_examples/graphql/clients/python/clean_malformed_akas/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -Click==8.1.6 -requests==2.31.0 \ No newline at end of file diff --git a/api_examples/graphql/clients/python/get-notifications-by-class/package-lock.json b/api_examples/graphql/clients/python/get-notifications-by-class/package-lock.json deleted file mode 100644 index 33bc0760b..000000000 --- a/api_examples/graphql/clients/python/get-notifications-by-class/package-lock.json +++ /dev/null @@ -1,263 +0,0 @@ -{ - "name": "get-notifications-by-class", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/python/get-notifications-by-class/package.json b/api_examples/graphql/clients/python/get-notifications-by-class/package.json deleted file mode 100644 index 64d93fd64..000000000 --- a/api_examples/graphql/clients/python/get-notifications-by-class/package.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "name": "get-notifications-by-class", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } -} diff --git a/api_examples/graphql/clients/python/get-notifications-by-class/requirements.txt b/api_examples/graphql/clients/python/get-notifications-by-class/requirements.txt deleted file mode 100644 index c2184098b..000000000 --- a/api_examples/graphql/clients/python/get-notifications-by-class/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -Click==8.1.6 -sgqlc==16.3 -../turbot \ No newline at end of file diff --git a/api_examples/graphql/clients/python/get-notifications-by-type/package-lock.json b/api_examples/graphql/clients/python/get-notifications-by-type/package-lock.json deleted file mode 100644 index 88f1e4473..000000000 --- a/api_examples/graphql/clients/python/get-notifications-by-type/package-lock.json +++ /dev/null @@ -1,263 +0,0 @@ -{ - "name": "get-notifications-by-type", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/python/get-notifications-by-type/package.json b/api_examples/graphql/clients/python/get-notifications-by-type/package.json deleted file mode 100644 index 6843a463a..000000000 --- a/api_examples/graphql/clients/python/get-notifications-by-type/package.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "name": "get-notifications-by-type", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } -} diff --git a/api_examples/graphql/clients/python/get-notifications-by-type/requirements.txt b/api_examples/graphql/clients/python/get-notifications-by-type/requirements.txt deleted file mode 100644 index c2184098b..000000000 --- a/api_examples/graphql/clients/python/get-notifications-by-type/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -Click==8.1.6 -sgqlc==16.3 -../turbot \ No newline at end of file diff --git a/api_examples/graphql/clients/python/get-notifications-for-resource/package-lock.json b/api_examples/graphql/clients/python/get-notifications-for-resource/package-lock.json deleted file mode 100644 index 373bad918..000000000 --- a/api_examples/graphql/clients/python/get-notifications-for-resource/package-lock.json +++ /dev/null @@ -1,264 +0,0 @@ -{ - "name": "get-specific-resource-last-notification", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "name": "get-specific-resource-last-notification", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "node_modules/btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==", - "bin": { - "btoa": "bin/btoa.js" - }, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "dependencies": { - "node-fetch": "2.6.7" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==", - "engines": { - "node": "^10.17.0 || ^12.0.0 || >= 13.7.0" - }, - "funding": { - "url": "https://github.com/sponsors/jaydenseric" - } - }, - "node_modules/form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true, - "engines": { - "node": ">= 10.x" - } - }, - "node_modules/graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "dependencies": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - }, - "peerDependencies": { - "graphql": "14.x || 15.x" - } - }, - "node_modules/mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dependencies": { - "mime-db": "1.44.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - }, - "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" - }, - "btoa": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz", - "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==" - }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "requires": { - "delayed-stream": "~1.0.0" - } - }, - "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", - "requires": { - "node-fetch": "2.6.7" - } - }, - "delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" - }, - "extract-files": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/extract-files/-/extract-files-9.0.0.tgz", - "integrity": "sha512-CvdFfHkC95B4bBBk36hcEmvdR2awOdhhVUYH6S/zrVj3477zven/fJMYg7121h4T1xHZC+tetUpubpAhxwI7hQ==" - }, - "form-data": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz", - "integrity": "sha512-CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - }, - "graphql": { - "version": "15.4.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.4.0.tgz", - "integrity": "sha512-EB3zgGchcabbsU9cFe1j+yxdzKQKAbGUWRb13DsrsMN1yyfmmIq+2+L5MqVWcDCE4V89R5AyUOi7sMOGxdsYtA==", - "peer": true - }, - "graphql-request": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/graphql-request/-/graphql-request-3.3.0.tgz", - "integrity": "sha512-NHj65WSIUh8j7TBYgzWU0fqvLfxrqFDrLG8nZUh+IREZw50ljR6JXlXRkr52/fL/46wpItiQNLDrG+UZI+KmzA==", - "requires": { - "cross-fetch": "^3.0.6", - "extract-files": "^9.0.0", - "form-data": "^3.0.0" - } - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "requires": { - "mime-db": "1.44.0" - } - }, - "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", - "requires": { - "whatwg-url": "^5.0.0" - } - }, - "tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" - }, - "webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" - }, - "whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "requires": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - } - } -} diff --git a/api_examples/graphql/clients/python/get-notifications-for-resource/package.json b/api_examples/graphql/clients/python/get-notifications-for-resource/package.json deleted file mode 100644 index a563fee74..000000000 --- a/api_examples/graphql/clients/python/get-notifications-for-resource/package.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "name": "get-specific-resource-last-notification", - "dependencies": { - "btoa": "^1.2.1", - "graphql-request": "^3.3.0" - } -} diff --git a/api_examples/graphql/clients/python/get-notifications-for-resource/requirements.txt b/api_examples/graphql/clients/python/get-notifications-for-resource/requirements.txt deleted file mode 100644 index c2184098b..000000000 --- a/api_examples/graphql/clients/python/get-notifications-for-resource/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -Click==8.1.6 -sgqlc==16.3 -../turbot \ No newline at end of file diff --git a/api_examples/graphql/clients/python/run_controls/README.md b/api_examples/graphql/clients/python/run_controls/README.md deleted file mode 100644 index d6ce98369..000000000 --- a/api_examples/graphql/clients/python/run_controls/README.md +++ /dev/null @@ -1,210 +0,0 @@ -# Run controls - -Finds all controls matching the provided filter, then re-runs them in batches if `--execute` is set. - -For further reference see [filtering controls](https://turbot.com/v5/docs/reference/filter/controls#filtering-controls). - -## Prerequisites - -To run the scripts, you must have: - -- [Python 3.\*.\*](https://www.python.org/downloads/) -- [Pip](https://pip.pypa.io/en/stable/installing/) - -## Setup - -This sections details how to set up an environment in order to run the script. - -### Virtual environments activation - -We recommend the use of [virtual environment](https://docs.python.org/3/library/venv.html). - -To setup a virtual environment: - -```shell -python3 -m venv .venv -``` - -Once created, to activate the environment: - -```shell -source .venv/bin/activate -``` - -### Dependencies - -Then install Python library dependencies: - -```shell -pip3 install -r requirements.txt -``` - -### Turbot configuration - -Credentials and end point details need to be configure before being able to connect to a Turbot installation. -This configuration can be entered either using environment variables or a configuration file. - -#### Environment variables - -Use either configuration for your Turbot installation: - -```shell -export TURBOT_WORKSPACE="https://.cloud.turbot.com/" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef172390814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4b67fa82ab2c -``` - -or - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -#### Configuration file - -Example configuration file: - -```yaml -default: - accessKey: dc61d2e4-730c-4b54-8c3c-6ef180150814 - secretKey: 6ef18015-7d0c-2b51-4d2c-dc61d2e63a22 - workspace: "https://demo-acme.cloud.turbot.com/" -``` - -This script will automatically search for a `credentials.yml` file in `~/.config/turbot/` or you can save the yaml configuration file anywhere and provide the `--config /path/to/config.yml --profile default` as a command line option. - -## Executing the script - -To run a the Python script: - -1. Install and configure the [pre-requisites](#pre-requisites) -1. Using the command line, navigate to the directory for the Python script -1. Create and activate the Python virtual environment -1. Install dependencies -1. Run the Python script using the command line -1. Deactivate the Python virtual environment - -### Synopsis - -```shell -python3 run_controls.py [options] -``` - -### Options - -#### Details - --c, --config-file - -> [String] Pass an optional yaml config file. - --p, --profile - -> [String] Profile to be used from config file. - --f, --filter - -> [String] Used to filter out matching controls. - --e, --execute - -> Will re-run controls when found. - ---help - -> Lists all the options and their usages. - -#### Example usage - -##### Example 1 - -The return the number of controls found that will be run by the script without re-running the control. - -```shell -python3 run_controls.py -``` - -##### Example 2 - -Re-runs all the controls found. - -```shell -python3 run_controls.py --execute -``` - -##### Example 3 - -Re-run controls in TBD state - default behavior. - -```shell -python3 run_controls.py -f "state:tbd" -``` - -##### Example 4 - -Re-run controls in error state. - -```shell -python3 run_controls.py -f "state:error" -``` - -##### Example 5 - -Re-run controls in multiple states. - -```shell -python3 run_controls.py -f "state:tbd,error,alarm" -``` - -##### Example 6 - -Re-run installed controls. - -```shell -python3 run_controls.py -f "state:tbd,error controlType:'tmod:@turbot/turbot#/control/types/controlInstalled'" -``` - -##### Example 7 - -Re-run AWS Event Handler controls. - -```shell -python3 run_controls.py -f "controlType:'tmod:@turbot/aws#/control/types/eventHandlers'" -``` - -##### Example 8 - -Re-run Discovery controls. - -```shell -python3 run_controls.py -f "Discovery controlCategory:'tmod:@turbot/turbot#/control/categories/cmdb'" -``` - -##### Example 9 - -Run the script using credentials given in a credential file `credentials.yml`. - -```shell -python3 run_controls.py -c .config/turbot/credentials.yml -``` - -##### Example 10 - -Run the script using a credentials file and using the credential details using the profile `env`. - -```shell -python3 run_controls.py -c .config/turbot/credentials.yml -p env --notification_class resource -``` - -## Virtual environments deactivation - -Once the script has been run, it is advised to deactivate the virtual environment if a virtual environment was used -to install the script dependencies. - -This is accomplished by running the command: - -```shell -deactivate -``` diff --git a/api_examples/graphql/clients/python/run_controls/requirements.txt b/api_examples/graphql/clients/python/run_controls/requirements.txt deleted file mode 100644 index 1f5410f0e..000000000 --- a/api_examples/graphql/clients/python/run_controls/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -Click==8.1.6 -requests==2.31.0 -../turbot \ No newline at end of file diff --git a/api_examples/graphql/clients/python/run_controls_batches/requirements.txt b/api_examples/graphql/clients/python/run_controls_batches/requirements.txt deleted file mode 100644 index c2184098b..000000000 --- a/api_examples/graphql/clients/python/run_controls_batches/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -Click==8.1.6 -sgqlc==16.3 -../turbot \ No newline at end of file diff --git a/api_examples/graphql/clients/python/run_policies/README.md b/api_examples/graphql/clients/python/run_policies/README.md deleted file mode 100644 index 04b9e685d..000000000 --- a/api_examples/graphql/clients/python/run_policies/README.md +++ /dev/null @@ -1,202 +0,0 @@ -# Run policies - -Finds all policies matching the provided filter, then re-runs them in batches if `--execute` is set. - -For further reference see [filtering policy values](https://turbot.com/v5/docs/reference/filter/policies#filtering-policy-values). - -## Prerequisites - -To run the scripts, you must have: - -- [Python 3.\*.\*](https://www.python.org/downloads/) -- [Pip](https://pip.pypa.io/en/stable/installing/) - -## Setup - -This sections details how to set up an environment in order to run the script. - -### Virtual environments activation - -We recommend the use of [virtual environment](https://docs.python.org/3/library/venv.html). - -To setup a virtual environment: - -```shell -python3 -m venv .venv -``` - -Once created, to activate the environment: - -```shell -source .venv/bin/activate -``` - -### Dependencies - -Then install Python library dependencies: - -```shell -pip3 install -r requirements.txt -``` - -### Turbot configuration - -Credentials and end point details need to be configure before being able to connect to a Turbot installation. -This configuration can be entered either using environment variables or a configuration file. - -#### Environment variables - -Use either configuration for your Turbot installation: - -```shell -export TURBOT_WORKSPACE="https://.cloud.turbot.com/" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef172390814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4b67fa82ab2c -``` - -or - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -#### Configuration file - -Example configuration file: - -```yaml -default: - accessKey: dc61d2e4-730c-4b54-8c3c-6ef180150814 - secretKey: 6ef18015-7d0c-2b51-4d2c-dc61d2e63a22 - workspace: "https://demo-acme.cloud.turbot.com/" -``` - -This script will automatically search for a `credentials.yml` file in `~/.config/turbot/` or you can save the yaml configuration file anywhere and provide the `--config /path/to/config.yml --profile default` as a command line option. - -## Executing the script - -To run a the Python script: - -1. Install and configure the [pre-requisites](#pre-requisites) -1. Using the command line, navigate to the directory for the Python script -1. Create and activate the Python virtual environment -1. Install dependencies -1. Run the Python script using the command line -1. Deactivate the Python virtual environment - -### Synopsis - -```shell -python3 run_policies.py [options] -``` - -### Options - -#### Details - --c, --config-file - -> [String] Pass an optional yaml config file. - --p, --profile - -> [String] Profile to be used from config file. - --f, --filter - -> [String] Used to filter out matching policies. - --e, --execute - -> Will re-run policies when found. - ---help - -> Lists all the options and their usages. - -#### Example usage - -##### Example 1 - -The return the number of policies found that will be run by the script without re-running the control. - -```shell -python3 run_policies.py -``` - -##### Example 2 - -Re-runs all the policies found. - -```shell -python3 run_policies.py --execute -``` - -##### Example 3 - -Re-run policies in TBD state - default behavior. - -```shell -python3 run_policies.py -f "state:tbd" -``` - -##### Example 4 - -Re-run policies in error state. - -```shell -python3 run_policies.py -f "state:error" -``` - -##### Example 5 - -Re-run policies in multiple states. - -```shell -python3 run_policies.py -f "state:tbd,error,alarm" -``` - -##### Example 6 - -Re-run all policies in categorized as CMDB polices. - -```shell -python3 run_policies.py -f "controlCategoryId:'tmod:@turbot/turbot#/control/categories/cmdb'" -``` - -##### Example 7 - -Re-run policies that match a specific policy type. - -```shell -python3 run_policies.py -f "policyTypeId:'tmod:@turbot/azure-activedirectory#/policy/types/directoryCmdb'" -``` - -##### Example 8 - -Run the script using credentials given in a credential file `credentials.yml`. - -```shell -python3 run_policies.py -c .config/turbot/credentials.yml -``` - -##### Example 9 - -Run the script using a credentials file and using the credential details using the profile `env`. - -```shell -python3 run_policies.py -c .config/turbot/credentials.yml -p env --notification_class resource -``` - -## Virtual environments deactivation - -Once the script has been run, it is advised to deactivate the virtual environment if a virtual environment was used -to install the script dependencies. - -This is accomplished by running the command: - -```shell -deactivate -``` diff --git a/api_examples/graphql/clients/python/run_policies/requirements.txt b/api_examples/graphql/clients/python/run_policies/requirements.txt deleted file mode 100644 index 483e2c842..000000000 --- a/api_examples/graphql/clients/python/run_policies/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -click==8.1.6 -requests==2.31.0 -../turbot \ No newline at end of file diff --git a/api_examples/graphql/clients/python/run_policies/run_policies.py b/api_examples/graphql/clients/python/run_policies/run_policies.py deleted file mode 100644 index 9b8f0a0bc..000000000 --- a/api_examples/graphql/clients/python/run_policies/run_policies.py +++ /dev/null @@ -1,115 +0,0 @@ -import turbot -import click -import requests -import sys - - -@click.command() -@click.option('-c', '--config-file', type=click.Path(dir_okay=False), help="[String] Pass an optional yaml config file.") -@click.option('-p', '--profile', default="default", help="[String] Profile to be used from config file.") -@click.option('-f', '--filter', default="state:tbd", help="[String] Used to filter out matching policies.") -@click.option('-e', '--execute', is_flag=True, help="Will re-run policies when found.") -def run_policies(config_file, profile, filter, execute): - """ Finds all policies matching the provided filter, then re-runs them if --execute is set.""" - """ - Example Filters - --------------- - Run policies in TBD (Default): "state:tbd" - Run policies in error state: "state:error" - Run policies in multiple states: "state:tbd,error,invalid" - Re-run CMDB policies: "controlCategoryId:'tmod:@turbot/turbot#/control/categories/cmdb'" - Re-run policies that match policy type: "policyTypeId:'tmod:@turbot/azure-activedirectory#/policy/types/directoryCmdb'" - """ - - config = turbot.Config(config_file, profile) - headers = {'Authorization': 'Basic {}'.format(config.auth_token)} - endpoint = config.graphql_endpoint - - query = ''' - query Targets($filter: [String!]!, $paging: String) { - targets: policyValues(filter: $filter, paging: $paging) { - items { - turbot { - id - } - } - paging { - next - } - } - } - ''' - - targets = [] - paging = None - print("Looking for targets...") - - while True: - variables = {'filter': filter, 'paging': paging} - result = run_query(endpoint, headers, query, variables) - - if "errors" in result: - for error in result['errors']: - print(error) - break - - for item in result['data']['targets']['items']: - targets.append(item) - if not result['data']['targets']['paging']['next']: - break - else: - print("{} found...".format(len(targets))) - paging = result['data']['targets']['paging']['next'] - - print("\nFound {} Total Targets".format(len(targets))) - - if not execute: - print("\n --execute flag not set... exiting.") - else: - mutation = ''' - mutation RunPolicy($input: RunPolicyInput!) { - runPolicy(input: $input) { - turbot { - id - } - } - } - ''' - - for policy in targets: - vars = {'input': {'id': policy['turbot']['id']}} - print(vars) - try: - run = run_query(endpoint, headers, mutation, vars) - print(run) - except Exception as e: - print(e) - - -def run_query(endpoint, headers, query, variables): - request = requests.post( - endpoint, - headers=headers, - json={'query': query, 'variables': variables} - ) - if request.status_code == 200: - return request.json() - else: - raise Exception("Query failed to run by returning code of {}. {}".format( - request.status_code, query)) - - -if __name__ == "__main__": - if (sys.version_info > (3, 4)): - try: - run_policies() - except Exception as e: - print(e) - else: - print("This script requires Python v3.5+") - print("Your Python version is: {}.{}.{}".format( - sys.version_info.major, sys.version_info.minor, sys.version_info.micro)) - if (sys.version_info < (3, 0)): - hint = ["Maybe try: `python3"] + sys.argv - hint[len(sys.argv)] = hint[len(sys.argv)] + "`" - print(*hint) diff --git a/api_examples/graphql/clients/python/run_policies_batches/requirements.txt b/api_examples/graphql/clients/python/run_policies_batches/requirements.txt deleted file mode 100644 index c2184098b..000000000 --- a/api_examples/graphql/clients/python/run_policies_batches/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -Click==8.1.6 -sgqlc==16.3 -../turbot \ No newline at end of file diff --git a/api_examples/graphql/clients/python/turbot/requirements.txt b/api_examples/graphql/clients/python/turbot/requirements.txt deleted file mode 100644 index 53dc3184a..000000000 --- a/api_examples/graphql/clients/python/turbot/requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -certifi==2023.7.22 -PyYAML==6.0.1 -requests==2.31.0 -xdg==6.0.0 diff --git a/api_examples/graphql/clients/shell/README.md b/api_examples/graphql/clients/shell/README.md deleted file mode 100644 index 35e8727f6..000000000 --- a/api_examples/graphql/clients/shell/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# Turbot GraphQL Shell / curl example - -Setup environment variables for your Turbot installation: - -```shell -export TURBOT_GRAPHQL_ENDPOINT="https://demo-acne.cloud.turbot.com/api/latest/graphql" -export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 -export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c -``` - -And run the example: - -```shell -./index.sh -``` - -### Available scripts - -| Title | Description | -| ---------------------------------------------- | --------------------------------------------------- | -| [AWS Account Import](./run-controls/README.md) | Run controls based on some filter using BASH shell. | diff --git a/api_examples/graphql/queries/churn_statistics.graphql b/api_examples/graphql/queries/churn_statistics.graphql deleted file mode 100644 index d11fa8056..000000000 --- a/api_examples/graphql/queries/churn_statistics.graphql +++ /dev/null @@ -1,110 +0,0 @@ -# Description -# ----------- -# -# Retrieves a summary of churn that Turbot saw or generated over a given time period. -# Lists number of resources created and destroyed by any actor -# List number of resources created, updated or destroyed by Turbot. -# -# STEP 1 Get the Turbot Identity resource ID. -# STEP 2 Retrieve churn stat - -# Prerequisites -# ------------- -# These queries require Turbot/ReadOnly access to the Turbot console. -# - - - -# Substitute -# ---------- -# -# Substitute real values for STEP 2. -# -# : -# After running the `GetTurbotIdentity` query, use the value of $.resources.items.turbot.id in place of -# This query is required because there is no generic identifier for the Turbot Identity in the notifications table. The resource ID must be used. - -# Use Cases -# --------- -# -# STEP 1 -# ------ -# 1. Get the Resource ID -# -# STEP 2 -# ------ -# 1. Get the Turbot Identity resource ID from STEP 1 and replace -# 2. Excute STEP 2 GraphQL script. - -# Documentation -# ------------- -# -# For full documentation to check how the import work and details on mutation: -# - Account Import: https://turbot.com/v5/docs/integrations/aws/import-aws-account -# - Mutations: https://turbot.com/v5/docs/reference/graphql/mutation - -################################# STEP 1 ################################# -####### Get Turbot Identity ID ####### - -query GetTurbotIdentity { - turbot_identity: resources( - filter: "resourceTypeId:'tmod:@turbot/turbot-iam#/resource/types/turbotIdentity'" - ) { - items { - turbot { - id - } - } - } -} - - -################################# STEP 2 ################################# -# Add the Turbot Identity resource ID from the first query into . -query Notifications { - created_resource: notifications( - filter: "timestamp:>=T-7d notificationType:resource_created" - ) { - metadata { - stats { - total - } - } - } - deleted_resource: notifications( - filter: "timestamp:>=T-7d notificationType:resource_deleted" - ) { - metadata { - stats { - total - } - } - } - turbot_deleted: notifications( - filter: "actorIdentityId:'' timestamp:>=T-7d notificationType:resource_deleted" - ) { - metadata { - stats { - total - } - } - } - turbot_created: notifications( - filter: "actorIdentityId:'' timestamp:>=T-7d notificationType:resource_created" - ) { - metadata { - stats { - total - } - } - } - turbot_updated: notifications( - filter: "actorIdentityId:'' timestamp:>=T-7d notificationType:resource_updated" - ) { - metadata { - stats { - total - } - } - } -} diff --git a/api_examples/graphql/queries/list_resources_by_resource_type_with_write_acl.graphql b/api_examples/graphql/queries/list_resources_by_resource_type_with_write_acl.graphql deleted file mode 100644 index a5c7c7470..000000000 --- a/api_examples/graphql/queries/list_resources_by_resource_type_with_write_acl.graphql +++ /dev/null @@ -1,45 +0,0 @@ -# Description -# ----------- -# -# The query filter the s3 bucket with ACL Grants Permission with Write Permissions. -# - -# Usage -# ----- -# -# turbot graphql --query ./list_resources_by_resource_type_with_write_acl.graphql -# - -# Filter -# ------ -# -# resourceTypeId: -# Filter resources of a specific resource type. -# In example, the resources 'tmod:@turbot/aws-s3#/resource/types/bucket' (aka for s3 bucket) are returned. -# -# Searching tags with $.: -# Using $. one can filter resources using any property of the object. -# In example, '$.Acl.Grants.*.Permission:WRITE_ACP,WRITE' returns resources with ACL Grants Permission with Write Permissions. -# - -# Documentation -# ------------- -# -# For full documentation see: -# - Filter documentation: https://turbot.com/v5/docs/reference/filter -# - GraphQL resources: https://turbot.com/v5/docs/reference/graphql/query/resources -# - -query ListResourcesByResourceTypeIdWithWriteACL { - resources(filter: "resourceTypeId:'tmod:@turbot/aws-s3#/resource/types/bucket' $.Acl.Grants.*.Permission:WRITE_ACP,WRITE limit:300") { - metadata { - stats { - total - } - } - items { - Name: get(path: "Name") - ACL: get(path: "Acl") - } - } -} diff --git a/api_examples/graphql/queries/mods/notes.md b/api_examples/graphql/queries/mods/notes.md deleted file mode 100644 index 2c40c7ab8..000000000 --- a/api_examples/graphql/queries/mods/notes.md +++ /dev/null @@ -1,5 +0,0 @@ -# Notes - -This whole section could be cleaned up. -The queries could be written into a tutorial format so that the usage of the queries can be demonstrated. -Each query could live in its own file. diff --git a/api_examples/graphql/queries/password_reset/README.md b/api_examples/graphql/queries/password_reset/README.md deleted file mode 100644 index 9ed4615e2..000000000 --- a/api_examples/graphql/queries/password_reset/README.md +++ /dev/null @@ -1,34 +0,0 @@ -# Run Controls - -Find a specific user then set the password - -## Prerequisites - -To run the scripts, you must have: - -- [Turbot CLI](https://turbot.com/v5/docs/7-minute-labs/cli) -- Turbot API Keys for the target environment. - -### Turbot configuration - -If not done so already, run `turbot configure` to setup proper credentials. - -### Setting a password - -1. Get the Turbot resource ID of the target user. - -```shell script -turbot graphql --profile client-prod --query ./get_users.graphql -``` - -2. From the user query, find the resource ID of the user. -3. Copy the resource ID into the `user` field in user_password.json -4. Set a good strong password in user_password.json. You must include symbols and numbers. -5. Run the below query to set the password. - -```shell script -turbot graphql --profile client-prod --query ./set_new_password.graphql --variables user_password.json -``` -If you get "Internal Error" messages when running the above command, it's likely that your password complexity isn't high enough. - -6. Login as that user to verify that the password applied properly. diff --git a/api_examples/graphql/queries/password_reset/get_users.graphql b/api_examples/graphql/queries/password_reset/get_users.graphql deleted file mode 100644 index 64589b8b5..000000000 --- a/api_examples/graphql/queries/password_reset/get_users.graphql +++ /dev/null @@ -1,15 +0,0 @@ -query localDirectoryUser { - resources(filter: "resourceType:'tmod:@turbot/turbot-iam#/resource/types/localDirectoryUser'") { - items { - trunk { - title - } - turbot { - id - } - type { - uri - } - } - } -} \ No newline at end of file diff --git a/api_examples/graphql/queries/password_reset/set_new_password.graphql b/api_examples/graphql/queries/password_reset/set_new_password.graphql deleted file mode 100644 index cdb10bee0..000000000 --- a/api_examples/graphql/queries/password_reset/set_new_password.graphql +++ /dev/null @@ -1,5 +0,0 @@ -mutation updatePassword($input: UpdateLocalDirectoryUserPasswordInput!) { - updateLocalDirectoryUserPassword(input: $input) { - password - } -} \ No newline at end of file diff --git a/api_examples/graphql/queries/password_reset/user_password.json b/api_examples/graphql/queries/password_reset/user_password.json deleted file mode 100644 index 8e80d1b64..000000000 --- a/api_examples/graphql/queries/password_reset/user_password.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "input": { - "user": "193080293691266", - "password": "ANiceStrong!PasswordGoesHere" - } -} \ No newline at end of file diff --git a/api_examples/graphql/queries/reset-password.graphql b/api_examples/graphql/queries/reset-password.graphql deleted file mode 100644 index 29da6495d..000000000 --- a/api_examples/graphql/queries/reset-password.graphql +++ /dev/null @@ -1,33 +0,0 @@ - -# Step 1 - Find the turbot Id of the local directory user -query localDirectoryUser { - resources(filter: "resourceTypeId:'tmod:@turbot/turbot-iam#/resource/types/localDirectoryUser'") { - items { - trunk { - title - } - turbot { - id - } - type { - uri - } - } - } -} - -# Step 2 - Update password for the above local directory user -mutation updatePassword($input: UpdateLocalDirectoryUserPasswordInput!) { - updateLocalDirectoryUserPassword(input: $input) { - password - } -} - - -# --------- Query variables --------- # -{ - "input": { - "user": "__find_user_id__", # Turbot Id of the local directory user from Step 1 - "password": "__create_new_password__" # New password for the local directory user - } -} diff --git a/api_examples/graphql/queries/resource_control_policy.graphql b/api_examples/graphql/queries/resource_control_policy.graphql deleted file mode 100644 index 900f768f8..000000000 --- a/api_examples/graphql/queries/resource_control_policy.graphql +++ /dev/null @@ -1,34 +0,0 @@ -query ResourceControlPolicyQuery { - resources(paging: "", filter: "resourceTypeId:'tmod:@turbot/aws#/resource/types/aws'") { - items { - data - controls(filter: "state:alarm,error,ok") { - items { - reason - state - turbot { - dependencies { - policyValues { - items { - state - value - type { - modUri - description - categoryUri - input - } - } - } - } - } - } - } - } - metadata { - stats { - total - } - } - } -} \ No newline at end of file diff --git a/api_examples/graphql/queries/storage-resources.graphql b/api_examples/graphql/queries/storage-resources.graphql deleted file mode 100644 index 4a05e2944..000000000 --- a/api_examples/graphql/queries/storage-resources.graphql +++ /dev/null @@ -1,123 +0,0 @@ -{ - # List statistics and details for storage related resources. The storage category - # is used across multiple providers (e.g. AWS & GCP) and all resources visible - # to the caller. Limit the first page of results to 5 items. - allStorageResources: resources( - filter: "resourceCategory:'@turbot/turbot#/resource/categories/storage' limit:5" - ) { - # Overall statistics for the environment, available through next pages - metadata { - stats { - total - } - } - # Items returned by the current query (limited to 5 in this case) - items { - # Turbot metadata about the resource. This is provider agnostic. - turbot { - title - id - tags - akas - } - # Resource Type for this specific item, e.g. AWS > EC2 > Volume. - type { - title - turbot { - akas - } - # Resource Category for the item & type. Per the filter, it will be a child of Resource > Storage. - category { - title - turbot { - akas - } - } - } - } - paging { - next - } - } -} - -query storageBucketsInSpecificAccount { - # Get statistics about all Storage bucket in the specific account - resources(filter: "resource:'175816468884383' resourceTypeId:'tmod:@turbot/aws-s3#/resource/types/bucket' limit:500") { - metadata { - stats { - total - } - } - items { - turbot { - title - tags - id - akas - createTimestamp - state - } - } - } -} - -query allStorageBuckets { - # Get statistics about all Storage buckets. - # This can give results across multiple AWS Accounts. - # Limit the results to 5 for convenience. - resources(filter: "resourceTypeId:'tmod:@turbot/aws-s3#/resource/types/bucket' limit:5") { - metadata { - stats { - total - } - } - items { - object - turbot { - title - id - akas - tags - } - } - } -} - -query allStorageBucketsWithSpecificTags { - # Gives all the buckets which has new tag with value that starts with tes- - resources(filter: "resourceTypeId:'tmod:@turbot/aws-s3#/resource/types/bucket' $.turbot.tags.'new':/^tes-/") { - items { - turbot { - title - } - object - } - } -} - -query storageBucketsWithNoPolicyStatement { - resources(filter: "resourceTypeId:'tmod:@turbot/aws-s3#/resource/types/bucket' $.Versioning.Status:Enabled") { - items { - turbot { - title - } - object - } - } -} - -query BucketsWithWriteACL { - # Gives all the buckets with write ACL on the bucket policy - resources(filter: "resourceTypeId:'tmod:@turbot/aws-s3#/resource/types/bucket' $.Acl.Grants.*.Permission:WRITE_ACP,WRITE limit:300") { - metadata { - stats { - total - } - } - items { - Name: get(path: "Name") - ACL: get(path: "Acl") - } - } -} \ No newline at end of file diff --git a/api_examples/node/mutation-example/README.md b/api_examples/node/mutation-example/README.md new file mode 100644 index 000000000..6c06dad2e --- /dev/null +++ b/api_examples/node/mutation-example/README.md @@ -0,0 +1,30 @@ +# GraphQL mutation example using node.js + +This example queries all policy values that match a specific filter state +and then iterate through and re-run the policy value using a GraphQL mutation. + +### Dependencies + +Install the dependencies: + +```shell +npm install +``` + +### Turbot configuration + +Setup environment variables for your Turbot installation: + +```shell +export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" +export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 +export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c +``` + +### Running the example + +And run the example: + +```shell +node calculate-policy-values-for-filter.js +``` diff --git a/api_examples/graphql/clients/node/calculate-policy-values-for-filter/calculate-policy-values-for-filter.js b/api_examples/node/mutation-example/calculate-policy-values-for-filter.js similarity index 100% rename from api_examples/graphql/clients/node/calculate-policy-values-for-filter/calculate-policy-values-for-filter.js rename to api_examples/node/mutation-example/calculate-policy-values-for-filter.js diff --git a/api_examples/graphql/clients/node/calculate-policy-values-for-filter/package-lock.json b/api_examples/node/mutation-example/package-lock.json similarity index 100% rename from api_examples/graphql/clients/node/calculate-policy-values-for-filter/package-lock.json rename to api_examples/node/mutation-example/package-lock.json diff --git a/api_examples/graphql/clients/node/calculate-policy-values-for-filter/package.json b/api_examples/node/mutation-example/package.json similarity index 100% rename from api_examples/graphql/clients/node/calculate-policy-values-for-filter/package.json rename to api_examples/node/mutation-example/package.json diff --git a/api_examples/node/paging-example/README.md b/api_examples/node/paging-example/README.md new file mode 100644 index 000000000..7f0da22aa --- /dev/null +++ b/api_examples/node/paging-example/README.md @@ -0,0 +1,31 @@ +# Paging graphql query example using node.js + +Lists all policies in the target Turbot environment + +## Example + +### Dependencies + +Install the dependencies: + +```shell +npm install +``` + +### Turbot configuration + +Setup environment variables for your Turbot installation: + +```shell +export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" +export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 +export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c +``` + +### Running the example + +And run the example: + +```shell +node list-all-policies-in-environment.js +``` diff --git a/api_examples/graphql/clients/node/list-all-policies-in-environment/list-all-policies-in-environment.js b/api_examples/node/paging-example/list-all-policies-in-environment.js similarity index 100% rename from api_examples/graphql/clients/node/list-all-policies-in-environment/list-all-policies-in-environment.js rename to api_examples/node/paging-example/list-all-policies-in-environment.js diff --git a/api_examples/graphql/clients/node/list-all-policies-in-environment/package-lock.json b/api_examples/node/paging-example/package-lock.json similarity index 100% rename from api_examples/graphql/clients/node/list-all-policies-in-environment/package-lock.json rename to api_examples/node/paging-example/package-lock.json diff --git a/api_examples/graphql/clients/node/list-all-policies-in-environment/package.json b/api_examples/node/paging-example/package.json similarity index 100% rename from api_examples/graphql/clients/node/list-all-policies-in-environment/package.json rename to api_examples/node/paging-example/package.json diff --git a/api_examples/graphql/clients/node/simple-query/README.md b/api_examples/node/simple-query/README.md similarity index 100% rename from api_examples/graphql/clients/node/simple-query/README.md rename to api_examples/node/simple-query/README.md diff --git a/api_examples/graphql/clients/node/simple-query/package-lock.json b/api_examples/node/simple-query/package-lock.json similarity index 100% rename from api_examples/graphql/clients/node/simple-query/package-lock.json rename to api_examples/node/simple-query/package-lock.json diff --git a/api_examples/graphql/clients/node/simple-query/package.json b/api_examples/node/simple-query/package.json similarity index 100% rename from api_examples/graphql/clients/node/simple-query/package.json rename to api_examples/node/simple-query/package.json diff --git a/api_examples/graphql/clients/node/simple-query/simple-query.js b/api_examples/node/simple-query/simple-query.js similarity index 100% rename from api_examples/graphql/clients/node/simple-query/simple-query.js rename to api_examples/node/simple-query/simple-query.js diff --git a/api_examples/graphql/clients/python/README.md b/api_examples/python/README.md similarity index 100% rename from api_examples/graphql/clients/python/README.md rename to api_examples/python/README.md diff --git a/api_examples/python/paging-mutation-example/README.md b/api_examples/python/paging-mutation-example/README.md new file mode 100644 index 000000000..04239d488 --- /dev/null +++ b/api_examples/python/paging-mutation-example/README.md @@ -0,0 +1,210 @@ +# GraphQL paging and mutation example using python. + +Finds all controls matching the provided filter, then re-runs them in batches if `--execute` is set. + +For further reference see [filtering controls](https://turbot.com/v5/docs/reference/filter/controls#filtering-controls). + +## Prerequisites + +To run the scripts, you must have: + +- [Python 3.\*.\*](https://www.python.org/downloads/) +- [Pip](https://pip.pypa.io/en/stable/installing/) + +## Setup + +This sections details how to set up an environment in order to run the script. + +### Virtual environments activation + +We recommend the use of [virtual environment](https://docs.python.org/3/library/venv.html). + +To setup a virtual environment: + +```shell +python3 -m venv .venv +``` + +Once created, to activate the environment: + +```shell +source .venv/bin/activate +``` + +### Dependencies + +Then install Python library dependencies: + +```shell +pip3 install -r requirements.txt +``` + +### Turbot configuration + +Credentials and end point details need to be configure before being able to connect to a Turbot installation. +This configuration can be entered either using environment variables or a configuration file. + +#### Environment variables + +Use either configuration for your Turbot installation: + +```shell +export TURBOT_WORKSPACE="https://.cloud.turbot.com/" +export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef172390814 +export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4b67fa82ab2c +``` + +or + +```shell +export TURBOT_GRAPHQL_ENDPOINT="https://.cloud.turbot.com/api/latest/graphql" +export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814 +export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2c +``` + +#### Configuration file + +Example configuration file: + +```yaml +default: + accessKey: dc61d2e4-730c-4b54-8c3c-6ef180150814 + secretKey: 6ef18015-7d0c-2b51-4d2c-dc61d2e63a22 + workspace: "https://demo-acme.cloud.turbot.com/" +``` + +This script will automatically search for a `credentials.yml` file in `~/.config/turbot/` or you can save the yaml configuration file anywhere and provide the `--config /path/to/config.yml --profile default` as a command line option. + +## Executing the script + +To run a the Python script: + +1. Install and configure the [pre-requisites](#pre-requisites) +1. Using the command line, navigate to the directory for the Python script +1. Create and activate the Python virtual environment +1. Install dependencies +1. Run the Python script using the command line +1. Deactivate the Python virtual environment + +### Synopsis + +```shell +python3 run_controls.py [options] +``` + +### Options + +#### Details + +-c, --config-file + +> [String] Pass an optional yaml config file. + +-p, --profile + +> [String] Profile to be used from config file. + +-f, --filter + +> [String] Used to filter out matching controls. + +-e, --execute + +> Will re-run controls when found. + +--help + +> Lists all the options and their usages. + +#### Example usage + +##### Example 1 + +The return the number of controls found that will be run by the script without re-running the control. + +```shell +python3 run_controls.py +``` + +##### Example 2 + +Re-runs all the controls found. + +```shell +python3 run_controls.py --execute +``` + +##### Example 3 + +Re-run controls in TBD state - default behavior. + +```shell +python3 run_controls.py -f "state:tbd" +``` + +##### Example 4 + +Re-run controls in error state. + +```shell +python3 run_controls.py -f "state:error" +``` + +##### Example 5 + +Re-run controls in multiple states. + +```shell +python3 run_controls.py -f "state:tbd,error,alarm" +``` + +##### Example 6 + +Re-run installed controls. + +```shell +python3 run_controls.py -f "state:tbd,error controlType:'tmod:@turbot/turbot#/control/types/controlInstalled'" +``` + +##### Example 7 + +Re-run AWS Event Handler controls. + +```shell +python3 run_controls.py -f "controlType:'tmod:@turbot/aws#/control/types/eventHandlers'" +``` + +##### Example 8 + +Re-run Discovery controls. + +```shell +python3 run_controls.py -f "Discovery controlCategory:'tmod:@turbot/turbot#/control/categories/cmdb'" +``` + +##### Example 9 + +Run the script using credentials given in a credential file `credentials.yml`. + +```shell +python3 run_controls.py -c .config/turbot/credentials.yml +``` + +##### Example 10 + +Run the script using a credentials file and using the credential details using the profile `env`. + +```shell +python3 run_controls.py -c .config/turbot/credentials.yml -p env --notification_class resource +``` + +## Virtual environments deactivation + +Once the script has been run, it is advised to deactivate the virtual environment if a virtual environment was used +to install the script dependencies. + +This is accomplished by running the command: + +```shell +deactivate +``` diff --git a/api_examples/python/paging-mutation-example/requirements.txt b/api_examples/python/paging-mutation-example/requirements.txt new file mode 100644 index 000000000..9cf5c5f36 --- /dev/null +++ b/api_examples/python/paging-mutation-example/requirements.txt @@ -0,0 +1,4 @@ +Click>=8.1.6 +requests>=2.31.0 +xdg>=6.0.0 +PyYAML>=6.0.1 \ No newline at end of file diff --git a/api_examples/graphql/clients/python/run_controls/run_controls.py b/api_examples/python/paging-mutation-example/run_controls.py similarity index 100% rename from api_examples/graphql/clients/python/run_controls/run_controls.py rename to api_examples/python/paging-mutation-example/run_controls.py diff --git a/api_examples/graphql/clients/python/clean_malformed_akas/turbot.py b/api_examples/python/paging-mutation-example/turbot.py similarity index 100% rename from api_examples/graphql/clients/python/clean_malformed_akas/turbot.py rename to api_examples/python/paging-mutation-example/turbot.py diff --git a/api_examples/python/simple-query/README.md b/api_examples/python/simple-query/README.md new file mode 100644 index 000000000..270dae1ac --- /dev/null +++ b/api_examples/python/simple-query/README.md @@ -0,0 +1,33 @@ +# Simple query + +A example of a basic GraphQL query to a Turbot environment + +## Example + +### Dependencies + +Install the dependencies: + +```shell +python3 -m venv .venv +source .venv/bin/activate +pip install -r requirements.txt +``` + +### Turbot configuration + +Setup environment variables for your Turbot installation: + +```shell +export TURBOT_GRAPHQL_ENDPOINT="https://demo-acme.cloud.turbot.com/api/latest/graphql" +export TURBOT_ACCESS_KEY_ID=12345678-1a2b-3c4b-5e6f-111222333444 +export TURBOT_SECRET_ACCESS_KEY=12345678-1a2b-3c4b-5e6f-111222333444 +``` + +### Running the example + +And run the example: + +```shell +python simple-query.py +``` diff --git a/api_examples/python/simple-query/graphql-query.py b/api_examples/python/simple-query/graphql-query.py new file mode 100644 index 000000000..22c40feeb --- /dev/null +++ b/api_examples/python/simple-query/graphql-query.py @@ -0,0 +1,60 @@ +import turbot +import click +import requests +import sys + +def simple_query(): + """ Queries 20 random resources and prints their title """ + + config = turbot.Config(None, None) + headers = {'Authorization': 'Basic {}'.format(config.auth_token)} + endpoint = config.graphql_endpoint + + query = ''' + { + resources { + items { + title + } + } + } + ''' + + result = run_query(endpoint, headers, query, variables) + + if "errors" in result: + for error in result['errors']: + print(error) + break + + for item in result['data']['resources']['items']: + print("Title: {}".format(item["title"])) + + +def run_query(endpoint, headers, query, variables): + request = requests.post( + endpoint, + headers=headers, + json={'query': query, 'variables': variables} + ) + if request.status_code == 200: + return request.json() + else: + raise Exception("Query failed to run by returning code of {}. {}".format( + request.status_code, query)) + + +if __name__ == "__main__": + if (sys.version_info > (3, 6)): + try: + simple_query() + except Exception as e: + print(e) + else: + print("This script requires Python v3.7+") + print("Your Python version is: {}.{}.{}".format( + sys.version_info.major, sys.version_info.minor, sys.version_info.micro)) + if (sys.version_info < (3, 0)): + hint = ["Maybe try: `python3"] + sys.argv + hint[len(sys.argv)] = hint[len(sys.argv)] + "`" + print(*hint) diff --git a/api_examples/python/simple-query/requirements.txt b/api_examples/python/simple-query/requirements.txt new file mode 100644 index 000000000..501304ef6 --- /dev/null +++ b/api_examples/python/simple-query/requirements.txt @@ -0,0 +1,3 @@ +requests>=2.31.0 +xdg>=6.0.0 +PyYAML>=6.0.1 \ No newline at end of file diff --git a/api_examples/graphql/clients/python/turbot/turbot.py b/api_examples/python/simple-query/turbot.py similarity index 100% rename from api_examples/graphql/clients/python/turbot/turbot.py rename to api_examples/python/simple-query/turbot.py diff --git a/aws_account_delete/requirements.txt b/aws_account_delete/requirements.txt deleted file mode 100644 index a1632fbcf..000000000 --- a/aws_account_delete/requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -PyYAML~=5.3 -requests~=2.24.0 -urllib3~=1.25.8 -click~=7.1.2 -xdg~=4.0.1 -./turbot diff --git a/aws_account_delete/turbot/setup.py b/aws_account_delete/turbot/setup.py deleted file mode 100644 index 4506f52cc..000000000 --- a/aws_account_delete/turbot/setup.py +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env python -import setuptools -from distutils.core import setup - -setup(name='Turbot', - version='1.0', - description='Turbot Python Library', - author='Omero Saienni', - author_email='omero@turbot.com', - packages=['.'], - ) diff --git a/baselines/README.md b/baselines/README.md index 5e664f634..64ffdfd52 100644 --- a/baselines/README.md +++ b/baselines/README.md @@ -1,6 +1,6 @@ # Baselines -Turbot Baselines provide best-practice configurations and examples for setting Turbot policies. Baselines are implemented with [Terraform](https://www.terraform.io), allowing you to manage and provision Turbot with a repeatable, idempotent, versioned infrastructure-as-code approach. +Turbot Guardrails Baselines provide best-practice configurations and examples for setting Turbot Guardrails policies. Baselines are implemented with [Terraform](https://www.terraform.io), allowing you to manage and provision Turbot Guardrails with a repeatable, idempotent, versioned infrastructure-as-code approach. ## Current Baselines @@ -8,29 +8,29 @@ Turbot Baselines provide best-practice configurations and examples for setting T | --------------------------- | ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------- | | Local Directory | [local_directory](./turbot/local_directory) | Create local directory and users in your workspace | | AWS Setup | [aws_setup](./aws/aws_setup) | Common quickstart setup for AWS - prepare your environment to import an AWS account | -| AWS Account Import | [aws_account_import](./aws/aws_account_import) | Import an AWS Account into Turbot | -| AWS Services | [aws_services](./aws/aws_services) | Enable/Disable AWS Services in Turbot | +| AWS Account Import | [aws_account_import](./aws/aws_account_import) | Import an AWS Account into Guardrails | +| AWS Services | [aws_services](./aws/aws_services) | Enable/Disable AWS Services in Guardrails | | GCP Setup | [gcp_setup](./gcp/gcp_setup) | Common quickstart setup for GCP - prepare your environment to import GCP Projects | -| GCP Services | [gcp_services](./gcp/gcp_services) | Enable/Disable GCP Services in Turbot & also enforce api enabled policy based on service Enable/Disable | -| Azure Subscription Import | [azure_sub_import](./azure/azure_sub_import) | Import an Azure subscription into Turbot | -| Azure Subscription Readonly | [azure_sub_import_ro](./azure/azure_sub_create_then_import_ro) | Import an Azure subscription into Turbot with event handler and readonly mode | -| Azure Services | [azure_services](./azure/azure_services) | Enable/Disable Azure Services in Turbot | +| GCP Services | [gcp_services](./gcp/gcp_services) | Enable/Disable GCP Services in Guardrails & also enforce api enabled policy based on service Enable/Disable | +| Azure Subscription Import | [azure_sub_import](./azure/azure_sub_import) | Import an Azure subscription into Guardrails | +| Azure Subscription Readonly | [azure_sub_import_ro](./azure/azure_sub_create_then_import_ro) | Import an Azure subscription into Guardrails with event handler and readonly mode | +| Azure Services | [azure_services](./azure/azure_services) | Enable/Disable Azure Services in Guardrails | | Azure Provider Registration | [azure_provider_registration](./azure/azure_provider_registration) | Set the policy for Azure provider registration | -## Pre-requisites +## Prerequisites -To run Turbot baselines, you must install: +To run Turbot Guardrails baselines, you must install: -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) +- [Terraform](https://developer.hashicorp.com/terraform/install) +- [Turbot Guardrails Terraform Provider](https://turbot.com/guardrails/docs/reference/terraform) -Additionally, You must set your config.tf or environment variables to connect to your Turbot workspace, as detail in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider) +Additionally, You must set your `config.tf` or environment variables to connect to your Turbot Guardrails workspace, as detail in the Turbot Guardrails Terraform Provider [Installation Instructions](https://turbot.com/guardrails/docs/reference/terraform/setup) -## Running a baseline +## Running a Baseline To run a baseline: -1. Install and configure the [pre-requisites](#pre-requisites) +1. Install and configure the [prerequisites](#prerequisites) 1. At the command line, go to the directory for the baseline, for example: `cd mod_install` 1. Run `terraform init` to initialize terraform in the directory 1. Edit any variables in the .tf file that you wish to change, or override with [environment variables](https://www.terraform.io/docs/commands/environment-variables.html) or [variable files](https://www.terraform.io/docs/configuration/variables.html#variable-definitions-tfvars-files) @@ -103,7 +103,7 @@ To maintain consistency between files and modules, we recommend adopting the bel - Use 4 hashes for comments that describe a group of resources, or general behavior: ```terraform - #### Set the credentials (Role, external id) for the account via Turbot policies + #### Set the credentials (Role, external id) for the account via Guardrails policies ``` - All variables should have a description, and as a result should not require individual comments diff --git a/baselines/aws/aws_cis/README.md b/baselines/aws/aws_cis/README.md deleted file mode 100644 index fb6bfbb46..000000000 --- a/baselines/aws/aws_cis/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# AWS Enumerated CIS Policies - -The AWS Enumerated CIS policies terraform lets you set individual CIS policies instead of turning all of them. - -- It is recommended that identify individual CIS policies relevant to your organization. Turn off all irrelevant policies. - -## Prerequisites - -To run the AWS Enumerated CIS policies, you must have: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) -- [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and AWS account - -## Running the Baseline - -To run the AWS CIS enumerated CIS policies: - -- Go to the AWS CIS directory/folder in the repository with `cd baselines/aws_cis` -- Update `default.tfvars` with appropriate values -- Run `terraform plan -var-file=default.tfvars` and review the plan for import -- Run `terraform apply -var-file=default.tfvars` to import the account diff --git a/baselines/aws/aws_cis/default.tfvars b/baselines/aws/aws_cis/default.tfvars deleted file mode 100644 index 9964d09e8..000000000 --- a/baselines/aws/aws_cis/default.tfvars +++ /dev/null @@ -1,2 +0,0 @@ -# Variable definitions are defined in variables.tf -full_cis = false diff --git a/baselines/aws/aws_cis/main.tf b/baselines/aws/aws_cis/main.tf deleted file mode 100644 index ffc8bbddf..000000000 --- a/baselines/aws/aws_cis/main.tf +++ /dev/null @@ -1,377 +0,0 @@ -#### Configures the provider to use a specific profile, otherwise the provider will use the default profile -provider "turbot" { - profile = "trailblazer" -} - -resource "turbot_smart_folder" "aws_cis_enumerated" { - title = "CISv1 Enumerated Policies" - description = "Create a smart folder to apply the Turbot Trail policy settings" - parent = "tmod:@turbot/turbot#/" -} - -//https://turbot.com/v5/mods/turbot/aws-cisv1/inspect#/policy/types/attestation -resource "turbot_policy_setting" "aws_cis_max_attestation_period" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/attestation" - value = "1 year" - // Skip - //30 days - //60 days - //90 days - //1 year - //2 years - //3 years -} - -resource "turbot_policy_setting" "aws_cis" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/cis" - value = "Skip" - count = var.full_cis ? 0 : 1 - // Skip - //Check: Level 1 (Scored) - //Check: Level 1 (Scored & Not Scored) - //Check: Level 1 & Level 2 (Scored) - //Check: Level 1 & Level 2 (Scored & Not Scored) -} - -resource "turbot_policy_setting" "aws_cis_r0101" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0101" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0102" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0102" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0103" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0103" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0104" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0104" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0105" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0105" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0106" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0106" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0107" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0107" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0108" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0108" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0109" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0109" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0110" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0110" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0111" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0111" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0112" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0112" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0113" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0113" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0114" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0114" - value = "Check: Level 2 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0115" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0115" - value = "Check: Level 1 (Not Scored) using attestation" - count = var.full_cis ? 1 : 0 -} - -// https://turbot.com/v5/mods/turbot/aws-cisv1/inspect#/policy/types/r0115Attestation -// The format should be a date-time. As the data cannot be programmatically verified, this should be done manually. -// resource "turbot_policy_setting" "aws_cis_r0115Attestation" { -// resource = turbot_smart_folder.aws_cis_enumerated.id -// type = "tmod:@turbot/aws-cisv1#/policy/types/r0115Attestation" -// value = "" -// count = var.full_cis ? 1 : 0 -// } - -resource "turbot_policy_setting" "aws_cis_r0116" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0116" - value = "Check: Level 1 (Scored)" - count = var.full_cis ? 1 : 0 -} - -resource "turbot_policy_setting" "aws_cis_r0117" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0117" - value = "Check: Level 1 (Not Scored) using attestation" - count = var.full_cis ? 1 : 0 -} - -// The format should be a date-time. As the data cannot be programmatically verified, this should be done manually. -// resource "turbot_policy_setting" "aws_cis_r0117Attestation" { -// resource = turbot_smart_folder.aws_cis_enumerated.id -// type = "tmod:@turbot/aws-cisv1#/policy/types/r0117Attestation" -// } - -resource "turbot_policy_setting" "aws_cis_r0118" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0118" - value = "Check: Level 1 (Not Scored) using attestation" - count = var.full_cis ? 1 : 0 -} - -// The format should be a date-time. As the data cannot be programmatically verified, this should be done manually. -// resource "turbot_policy_setting" "aws_cis_r0118Attestation" { -// resource = turbot_smart_folder.aws_cis_enumerated.id -// type = "tmod:@turbot/aws-cisv1#/policy/types/r0118Attestation" -// } - -resource "turbot_policy_setting" "aws_cis_r0119" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0119" - value = "Check: Level 2 (Not Scored) using attestation" -} - -// The format should be a date-time. As the data cannot be programmatically verified, this should be done manually. -// resource "turbot_policy_setting" "aws_cis_r0119Attestation" { -// resource = turbot_smart_folder.aws_cis_enumerated.id -// type = "tmod:@turbot/aws-cisv1#/policy/types/r0119Attestation" -// } - -resource "turbot_policy_setting" "aws_cis_r0121" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0121" - value = "Check: Level 1 (Not Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0122" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0122" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0201" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0201" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0202" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0202" - value = "Check: Level 2 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0203" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0203" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0204" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0204" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0205" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0205" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0206" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0206" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0207" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0207" - value = "Check: Level 2 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0208" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0208" - value = "Check: Level 2 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0209" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0209" - value = "Check: Level 2 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0301" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0301" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0302" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0302" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0303" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0303" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0304" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0304" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0305" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0305" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0306" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0306" - value = "Check: Level 2 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0307" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0307" - value = "Check: Level 2 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0308" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0308" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0309" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0309" - value = "Check: Level 2 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0310" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0310" - value = "Check: Level 2 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0311" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0311" - value = "Check: Level 2 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0312" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0312" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0313" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0313" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0314" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0314" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0401" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0401" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0402" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0402" - value = "Check: Level 1 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0403" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0403" - value = "Check: Level 2 (Scored)" -} - -resource "turbot_policy_setting" "aws_cis_r0404" { - resource = turbot_smart_folder.aws_cis_enumerated.id - type = "tmod:@turbot/aws-cisv1#/policy/types/r0404" - value = "Check: Level 2 (Not Scored) using attestation" -} - -// The format should be a date-time. As the data cannot be programmatically verified, this should be done manually. -// resource "turbot_policy_setting" "aws_cis_r0404Attestation" { -// resource = turbot_smart_folder.aws_cis_enumerated.id -// type = "tmod:@turbot/aws-cisv1#/policy/types/r0404Attestation" -// value = "" -// } -// \ No newline at end of file diff --git a/baselines/aws/aws_cis/variables.tf b/baselines/aws/aws_cis/variables.tf deleted file mode 100644 index c072111d0..000000000 --- a/baselines/aws/aws_cis/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "full_cis" { - description = "Boolean value to turn on the single CIS policy" - type = bool -} \ No newline at end of file diff --git a/baselines/aws/aws_services/README.md b/baselines/aws/aws_services/README.md deleted file mode 100644 index f5ec61989..000000000 --- a/baselines/aws/aws_services/README.md +++ /dev/null @@ -1,26 +0,0 @@ -# AWS Services Baseline - -Turbot AWS Services baseline provides a Terraform configuration to enable or disable AWS services in Turbot. - - - Service names must match the `policy_map`. - -## Prerequisites - -To run the AWS Services baseline, you must have: - - - [Terraform](https://www.terraform.io) Version 12 - - [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - - [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and AWS account - -## Running the Baseline - -To execute the AWS Services baseline, run terraform and specify the AWS services you wish to enable or disable. - -To run the AWS Services baseline: - - - Go to the AWS services directory with `cd aws_services` - - Update the `target_resource` in `default.tfvars` - - Run `terraform plan -var-file=default.tfvars` to review the changes to be applied - - Run `terraform apply -var-file=default.tfvars` to apply the changes - -> You may also choose to enable or disable your own set of services from the `aws_service_list.txt` file. diff --git a/baselines/aws/aws_services/aws_service_list.txt b/baselines/aws/aws_services/aws_service_list.txt deleted file mode 100644 index d2d6e682a..000000000 --- a/baselines/aws/aws_services/aws_service_list.txt +++ /dev/null @@ -1,228 +0,0 @@ -This is a full list of available AWS services in prod - -aws-acm = "acmEnabled", -aws-amplify = "amplifyEnabled", -aws-apigateway = "apiGatewayEnabled", -aws-appflow = "appFlowEnabled", -aws-appmesh = "appMeshEnabled", -aws-appstream = "appStreamEnabled", -aws-appsync = "appSyncEnabled", -aws-artifact = "artifactEnabled", -aws-athena = "athenaEnabled", -aws-backup = "backupEnabled", -aws-batch = "batchEnabled", -aws-chime = "chimeEnabled", -aws-cloud9 = "cloud9Enabled", -aws-cloudformation = "cloudFormationEnabled", -aws-cloudfront = "cloudFrontEnabled", -aws-cloudhsm = "cloudHsmEnabled", -aws-cloudsearch = "cloudSearchEnabled", -aws-cloudtrail = "cloudTrailEnabled", -aws-cloudwatch = "cloudWatchEnabled", -aws-codebuild = "codeBuildEnabled", -aws-codecommit = "codeCommitEnabled", -aws-codedeploy = "codeDeployEnabled", -aws-codepipeline = "codePipelineEnabled", -aws-codestar = "codeStarEnabled", -aws-comprehend = "comprehendEnabled", -aws-config = "configEnabled", -aws-datapipeline = "dataPipelineEnabled", -aws-dax = "daxEnabled", -aws-directoryservice = "directoryServiceEnabled", -aws-dms = "dmsEnabled", -aws-dynamodb = "dynamodbEnabled", -aws-ec2 = "ec2Enabled", -aws-ecr = "ecrEnabled", -aws-ecs = "ecsEnabled", -aws-efs = "efsEnabled", -aws-eks = "eksEnabled" -aws-elasticache = "elastiCacheEnabled", -aws-elasticbeanstalk = "elasticBeanstalkEnabled", -aws-elasticsearch = "esEnabled", -aws-emr = "emrEnabled", -aws-events = "eventsEnabled" -aws-fsx = "fsxEnabled", -aws-glacier = "glacierEnabled", -aws-glue = "glueEnabled", -aws-greengrass = "greengrassEnabled", -aws-guardduty = "guardDutyEnabled", -aws-health = "healthEnabled", -aws-iam = "iamEnabled", -aws-inspector = "inspectorEnabled", -aws-iot = "iotEnabled", -aws-iot1click = "iot1ClickEnabled", -aws-iotanalytics = "iotAnalyticsEnabled", -aws-iotevents = "iotEventsEnabled", -aws-iotsitewise = "iotSiteWiseEnabled", -aws-iotthingsgraph = "iotThingsGraphEnabled", -aws-kinesis = "kinesisEnabled", -aws-kms = "kmsEnabled", -aws-lambda = "lambdaEnabled" -aws-lex = "lexEnabled", -aws-logs = "logsEnabled" -aws-mediaconnect = "mediaConnectEnabled", -aws-mq = "mqEnabled", -aws-msk = "mskEnabled", -aws-qldb = "qldbEnabled", -aws-ram = "ramEnabled", -aws-rds = "rdsEnabled", -aws-redshift = "redshiftEnabled", -aws-resourcegroups = "resourceGroupsEnabled", -aws-robomaker = "roboMakerEnabled", -aws-route53 = "route53Enabled", -aws-route53resolver = "route53ResolverEnabled", -aws-s3 = "s3Enabled", -aws-sagemaker = "sageMakerEnabled", -aws-secretsmanager = "secretsManagerEnabled", -aws-securityhub = "securityHubEnabled", -aws-serverlessapplicationrepository = "serverlessApplicationRepositoryEnabled", -aws-servicecatalog = "serviceCatalogEnabled", -aws-shield = "shieldEnabled", -aws-snowball = "snowballEnabled", -aws-sns = "snsEnabled", -aws-sqs = "sqsEnabled", -aws-ssm = "ssmEnabled", -aws-stepfunctions = "stepFunctionsEnabled", -aws-swf = "swfEnabled", -aws-transfer = "transferEnabled" -aws-vpc-core = "vpcServiceEnabled" -aws-waf = "wafEnabled", -aws-wafregional = "wafRegionalEnabled", -aws-wellarchitected = "wellarchitectedEnabled", -aws-workspaces = "workSpacesEnabled", -aws-xray = "xrayEnabled" - -################################################################################ - -aws-acm = "Enabled" -aws-amplify = "Enabled" -aws-apigateway = "Enabled" -aws-appflow = "Enabled" -aws-appmesh = "Enabled" -aws-appstream = "Enabled" -aws-appsync = "Enabled" -aws-artifact = "Enabled" -aws-athena = "Enabled" -aws-backup = "Enabled" -aws-batch = "Enabled" -aws-chime = "Enabled" -aws-cloud9 = "Enabled" -aws-cloudformation = "Enabled" -aws-cloudfront = "Enabled" -aws-cloudhsm = "Enabled" -aws-cloudsearch = "Enabled" -aws-cloudtrail = "Enabled" -aws-cloudwatch = "Enabled" -aws-codebuild = "Enabled" -aws-codecommit = "Enabled" -aws-codedeploy = "Enabled" -aws-codepipeline = "Enabled" -aws-codestar = "Enabled" -aws-comprehend = "Enabled" -aws-config = "Enabled" -aws-datapipeline = "Enabled" -aws-dax = "Enabled" -aws-directoryservice = "Enabled" -aws-dms = "Enabled" -aws-dynamodb = "Enabled" -aws-ec2 = "Enabled" -aws-ecr = "Enabled" -aws-ecs = "Enabled" -aws-efs = "Enabled" -aws-eks = "Enabled" -aws-elasticache = "Enabled" -aws-elasticbeanstalk = "Enabled" -aws-elasticsearch = "Enabled" -aws-emr = "Enabled" -aws-events = "Enabled" -aws-fsx = "Enabled" -aws-glacier = "Enabled" -aws-glue = "Enabled" -aws-greengrass = "Enabled" -aws-guardduty = "Enabled" -aws-health = "Enabled" -aws-iam = "Enabled" -aws-inspector = "Enabled" -aws-iot = "Enabled" -aws-iot1click = "Enabled" -aws-iotanalytics = "Enabled" -aws-iotevents = "Enabled" -aws-iotsitewise = "Enabled" -aws-iotthingsgraph = "Enabled" -aws-kinesis = "Enabled" -aws-kms = "Enabled" -aws-lambda = "Enabled" -aws-lex = "Enabled" -aws-logs = "Enabled" -aws-mediaconnect = "Enabled" -aws-mq = "Enabled" -aws-msk = "Enabled" -aws-qldb = "Enabled" -aws-ram = "Enabled" -aws-rds = "Enabled" -aws-redshift = "Enabled" -aws-resourcegroups = "Enabled" -aws-robomaker = "Enabled" -aws-route53 = "Enabled" -aws-route53resolver = "Enabled" -aws-s3 = "Enabled" -aws-sagemaker = "Enabled" -aws-secretsmanager = "Enabled" -aws-securityhub = "Enabled" -aws-serverlessapplicationrepository = "Enabled" -aws-servicecatalog = "Enabled" -aws-shield = "Enabled" -aws-snowball = "Enabled" -aws-sns = "Enabled" -aws-sqs = "Enabled" -aws-ssm = "Enabled" -aws-stepfunctions = "Enabled" -aws-swf = "Enabled" -aws-transfer = "Enabled" -aws-vpc-core = "Enabled" -aws-waf = "Enabled" -aws-wafregional = "Enabled" -aws-wellarchitected = "Enabled" -aws-workspaces = "Enabled" -aws-xray = "Enabled" - - - ------------------------------------------------------------ - -This is the list of available AWS services which are not in prod - - -#aws-elastictranscoder = "elasticTranscoderEnabled", -#aws-gamelift = "gameliftEnabled", -#aws-machie = "macieEnabled", -#aws-machinelearning = "machineLearningEnabled", -#aws-mediaconvert = "mediaConvertEnabled", -#aws-medialive = "mediaLiveEnabled", -#aws-mediapackage = "mediaPackageEnabled", -#aws-mediastore = "mediaStoreEnabled" -#aws-mediatailor = "mediaTailorEnabled" -#aws-servermigration = "serverMigrationEnabled", -#aws-simpledb = "simpleDbEnabled" -#aws-textract = "textractEnabled", -#aws-transcribe = "transcribeEnabled", -#aws-trustedadvisor = "trustedAdvisorEnabled", -#aws-workdocs = "workDocsEnabled", - ----------------------------------------------------------------- - -#aws-elastictranscoder = "Enabled" -#aws-gamelift = "Enabled" -#aws-machie = "Enabled" -#aws-machinelearning = "Enabled" -#aws-mediaconvert = "Enabled" -#aws-medialive = "Enabled" -#aws-mediapackage = "Enabled" -#aws-mediastore = "Enabled" -#aws-mediatailor = "Enabled" -#aws-servermigration = "Enabled" -#aws-simpledb = "Enabled" -#aws-textract = "Enabled" -#aws-transcribe = "Enabled" -#aws-trustedadvisor = "Enabled" -#aws-workdocs = "Enabled" \ No newline at end of file diff --git a/baselines/aws/aws_services/default.tfvars b/baselines/aws/aws_services/default.tfvars deleted file mode 100644 index e4b55e461..000000000 --- a/baselines/aws/aws_services/default.tfvars +++ /dev/null @@ -1,19 +0,0 @@ -target_resource = "" - -service_status = { - aws-cloudtrail = "Enabled" - aws-cloudwatch = "Enabled" - aws-config = "Enabled" - aws-ec2 = "Enabled" - aws-iam = "Enabled" - aws-kms = "Enabled" - } - - policy_map = { - aws-cloudtrail = "cloudTrailEnabled" - aws-cloudwatch = "cloudWatchEnabled" - aws-config = "configEnabled" - aws-ec2 = "ec2Enabled" - aws-iam = "iamEnabled" - aws-kms = "kmsEnabled" - } \ No newline at end of file diff --git a/baselines/aws/aws_services/main.tf b/baselines/aws/aws_services/main.tf deleted file mode 100644 index e901f6eeb..000000000 --- a/baselines/aws/aws_services/main.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "turbot_policy_setting" "aws_enable" { - count = length(var.service_status) - resource = var.target_resource - type = "tmod:@turbot/${element(keys(var.service_status), count.index)}#/policy/types/${lookup(var.policy_map, "${element(keys(var.service_status), count.index)}")}" - value = "${lookup(var.service_status, "${element(keys(var.service_status), count.index)}")}" -} \ No newline at end of file diff --git a/baselines/aws/aws_services/variables.tf b/baselines/aws/aws_services/variables.tf deleted file mode 100644 index 61c943a80..000000000 --- a/baselines/aws/aws_services/variables.tf +++ /dev/null @@ -1,12 +0,0 @@ -variable "target_resource" { - description = "Enter a target_resource to set the policies on a specific resource(turbot,folder,aws account). This can be an AKA or resource id:" - type = string -} -variable "service_status" { - description = "Enter the list of services that you would like to Enable or Disable, Service names must match the policy_map:" - type = map -} -variable "policy_map" { - description = "This is a map of Turbot policy types to service names. You probably should not modify this:" - type = map -} \ No newline at end of file diff --git a/baselines/aws/aws_setup/README.md b/baselines/aws/aws_setup/README.md deleted file mode 100644 index bd1c97172..000000000 --- a/baselines/aws/aws_setup/README.md +++ /dev/null @@ -1,28 +0,0 @@ -# AWS Setup Baseline - -The AWS setup baseline terraform implements common configurations on your Turbot environment required to import an AWS account. - - - Before importing, you should determine a folder structure that is suitable for your environment. - - If you wish to enable cloudTrail, Set the default value to `true` for variable `setup_cloudtrail` - -> NOTE: The baseline does not create a logging bucket or Trail. It just enables the necessary policy settings for them. - - -## Prerequisites - -To run the aws setup baseline, you must have: - - - [Terraform](https://www.terraform.io) Version 12 - - [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - - [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and AWS account - - `turbot`, `turbot-iam`, `aws-cloudtrail`, `aws-s3` and `aws-cisv1` mods - - -## Running the Baseline - -To run the aws setup baseline: - - - Go to the aws setup baseline directory in the repository with `cd aws_setup` - - Update `smart_folder_title` in `default.tfvars` - - Run `terraform plan -var-file=default.tfvars` and review the plan to be applied. - - Run `terraform apply -var-file=default.tfvars` to apply the plan. \ No newline at end of file diff --git a/baselines/aws/aws_setup/default.tfvars b/baselines/aws/aws_setup/default.tfvars deleted file mode 100644 index cffce7158..000000000 --- a/baselines/aws/aws_setup/default.tfvars +++ /dev/null @@ -1,9 +0,0 @@ -smart_folder_title = "" - -folder_parent = "tmod:@turbot/turbot#/" - -aws_regions = < Account > Regions [Default] -resource "turbot_policy_setting" "regionsDefault" { - resource = turbot_smart_folder.aws_folder.id - type = "tmod:@turbot/aws#/policy/types/regionsDefault" - value = var.aws_regions -} - -# Approved Regions -# AWS > Account > Approved Regions [Default] -resource "turbot_policy_setting" "approvedRegionsDefault" { - resource = turbot_smart_folder.aws_folder.id - type = "tmod:@turbot/aws#/policy/types/approvedRegionsDefault" - value = var.aws_regions -} - -# Create AWS logging bucket -# AWS > Turbot > Logging > Bucket -resource "turbot_policy_setting" "loggingBucket" { - resource = turbot_smart_folder.aws_folder.id - type = "tmod:@turbot/aws#/policy/types/loggingBucket" - value = "Enforce: Configured" - count = var.setup_cloudtrail ? 1 : 0 -} - -# Create AWS CloudTrail using AuditTrail stack -# AWS > Turbot > Audit Trail -resource "turbot_policy_setting" "auditTrail" { - resource = turbot_smart_folder.aws_folder.id - type = "tmod:@turbot/aws#/policy/types/auditTrail" - value = "Enforce: Configured" - count = var.setup_cloudtrail ? 1 : 0 -} - -# Create the Trail type -# AWS > Turbot > Audit Trail > CloudTrail > Trail > Type -resource "turbot_policy_setting" "trailType" { - resource = turbot_smart_folder.aws_folder.id - type = "tmod:@turbot/aws#/policy/types/trailType" - value = "A multi-region trail in the `Trail > Global Region` in each account" - count = var.setup_cloudtrail ? 1 : 0 -} - -# Create Event Handlers as per the Region Defaults -# AWS > Turbot > Event Handlers -resource "turbot_policy_setting" "eventHandlers" { - resource = turbot_smart_folder.aws_folder.id - type = "tmod:@turbot/aws#/policy/types/eventHandlers" - - template_input = < Turbot > Service Roles -resource "turbot_policy_setting" "serviceRoles" { - resource = turbot_smart_folder.aws_folder.id - type = "tmod:@turbot/aws#/policy/types/serviceRoles" - value = "Enforce: Configured" -} diff --git a/baselines/aws/aws_setup/variables.tf b/baselines/aws/aws_setup/variables.tf deleted file mode 100644 index ed4eb8ca4..000000000 --- a/baselines/aws/aws_setup/variables.tf +++ /dev/null @@ -1,21 +0,0 @@ -variable "smart_folder_title" { - description = "Smart folder for importing the aws account:" - type = string -} - -variable "aws_regions" { - type = string - - default = < Account > Approved Regions [Default] -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/approvedRegionsDefault -resource "turbot_policy_setting" "aws_approved_regions" { - resource = turbot_smart_folder.turbot_event_handlers_folder.id - type = "tmod:@turbot/aws#/policy/types/approvedRegionsDefault" - value = yamlencode(var.aws_approved_regions) - count = var.aws_approved_regions != null ? 1 : 0 -} - -// AWS > Turbot > Event Handlers -// https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/eventHandlers -resource "turbot_policy_setting" "turbot_event_handlers_enabled" { - resource = turbot_smart_folder.turbot_event_handlers_folder.id - type = "tmod:@turbot/aws#/policy/types/eventHandlers" - value = "Enforce: Configured" - count = var.event_handlers_enabled ? 1 : 0 -} - -# AWS > Turbot > Event Handlers > Events > Rules > Name Prefix -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/eventHandlersEventsRulesNamePrefix -resource "turbot_policy_setting" "turbot_event_rule_prefix" { - resource = turbot_smart_folder.turbot_event_handlers_folder.id - type = "tmod:@turbot/aws#/policy/types/eventHandlersEventsRulesNamePrefix" - value = var.event_handlers_prefix - count = var.event_handlers_enabled && var.event_handlers_prefix != null ? 1 : 0 -} - -# AWS > Turbot > Event Handlers > SNS > Topic > Name Prefix -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/eventHandlersSnsTopicNamePrefix -resource "turbot_policy_setting" "turbot_event_topic_prefix" { - resource = turbot_smart_folder.turbot_event_handlers_folder.id - type = "tmod:@turbot/aws#/policy/types/eventHandlersSnsTopicNamePrefix" - value = var.event_handlers_prefix - count = var.event_handlers_enabled && var.event_handlers_prefix != null ? 1 : 0 -} - -# AWS > Turbot > Logging > Bucket -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/loggingBucket -resource "turbot_policy_setting" "turbot_logging_buckets" { - resource = turbot_smart_folder.turbot_event_handlers_folder.id - type = "tmod:@turbot/aws#/policy/types/loggingBucket" - value = "Enforce: Configured" - count = var.logging_buckets ? 1 : 0 -} - -# AWS > Turbot > Logging > Bucket > Name > Prefix -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/loggingBucketNamePrefix -resource "turbot_policy_setting" "turbot_logging_buckets_prefix" { - resource = turbot_smart_folder.turbot_event_handlers_folder.id - type = "tmod:@turbot/aws#/policy/types/loggingBucketNamePrefix" - value = var.logging_bucket_prefix - count = var.logging_buckets && var.logging_bucket_prefix != null ? 1 : 0 -} - -# AWS > Turbot > Audit Trail -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/auditTrail -resource "turbot_policy_setting" "turbot_cloudtrail_enabled" { - resource = turbot_smart_folder.turbot_event_handlers_folder.id - type = "tmod:@turbot/aws#/policy/types/auditTrail" - value = "Enforce: Configured" - count = var.turbot_cloudtrails ? 1 : 0 -} - -# AWS > Turbot > Audit Trail -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/auditTrailTrailNamePrefix -resource "turbot_policy_setting" "turbot_cloudtrail_prefix" { - resource = turbot_smart_folder.turbot_event_handlers_folder.id - type = "tmod:@turbot/aws#/policy/types/auditTrailTrailNamePrefix" - value = var.turbot_cloudtrails_prefix - count = var.turbot_cloudtrails && var.turbot_cloudtrails_prefix != null ? 1 : 0 -} diff --git a/baselines/aws/aws_v3_v5_migration/variables.tf b/baselines/aws/aws_v3_v5_migration/variables.tf deleted file mode 100644 index 00a363c75..000000000 --- a/baselines/aws/aws_v3_v5_migration/variables.tf +++ /dev/null @@ -1,47 +0,0 @@ -variable "turbot_profile" { - description = "Profile that has access into the desired workspace." -} - -variable "logging_buckets" { - description = "Boolean value to turn on regional logging buckets. Should be true if you don't have a logging solution already." - type = bool -} - -variable "service_roles" { - description = "Boolean value to turn on Turbot provisioned service roles. " - type = bool -} - -variable "turbot_cloudtrails" { - description = "Boolean value to turn on the Turbot CloudTrails. Only enable this if you don't already have a CloudTrail in your environment." - type = bool -} - -variable "event_handlers_enabled" { - description = "Boolean value to turn on the Turbot Event Handlers" - type = bool -} - -variable "event_handlers_prefix" { - description = "Boolean value to turn on the Turbot Event Handlers. Applies to SNS topic and Event Rule." - type = string - default = null -} - -variable "logging_bucket_prefix" { - description = "Prefix for the Turbot Logging Buckets. Defaults value out of the box from Turbot V5 to 'turbot-'. Applies to buckets and cloudtrails." - type = string - default = null -} - -variable "turbot_cloudtrails_prefix" { - description = "Prefix for the Turbot-managed CloudTrail. Defaults value out of the box from Turbot V5 to 'turbot-'. Applies to buckets and cloudtrails." - type = string - default = null -} - -variable "aws_approved_regions" { - description = "YAML list of approved AWS regions." - type = list(string) - default = null -} diff --git a/baselines/aws/aws_well_architected_tool/README.md b/baselines/aws/aws_well_architected_tool/README.md deleted file mode 100644 index 8f9409442..000000000 --- a/baselines/aws/aws_well_architected_tool/README.md +++ /dev/null @@ -1,94 +0,0 @@ -# AWS Well-Architected Tool - Automated answers to Well-Architected Framework questions - -## Use case - -The AWS Well-Architected Framework (WAF) is a fantastic tool for discussions about the various aspects of an application, roughly mapped to the five pillars: Cost, Operations, Reliability, Security and Performance. For the WAF Lens, Turbot provides policies to idempotently set the values for the various pillar questions. There are many questions and answers in WAF which can be time-consuming to answer. Some or many of these questions can be answered at an organizational level. The Turbot policies for WAF are intended to provide organizations with an ability to set these answers at scale. Engineers and architects can then focus on the most meaningful questions. - -## Implementation details - -These Terraform files create a smart folder then policies in that smart folder. - -Be aware that Turbot's core capability is to compare a resource against a policy then take remediation actions as often as required. Consider the following situation: An organization set a WAF policy to "False". Some time later an engineer sets the value to "True" in the AWS console. Turbot will detect that difference then set the answer back to "False". Be careful when choosing which questions to automatically answer. It's extremely easy to frustrate the engineers who have to answer Workload questions. - -The provided terraform is a complete list of all questions and answers in the Well-Architected Framework Lens. Get more details in the [Well-Architected Framework mod](https://turbot.com/v5/mods/turbot/aws-wellarchitected-framework/inspect) docs. - -Be aware that any of the WAF questions and answers can be interpreted multiple ways. They are intended to facilitate conversation and explore the many possible perspectives. If an organization chooses a specific interpretation, this should be documented. Conversations are more useful when everyone talks about the same thing. - -In `default.tfvars`, all policies are set to `Skip`. The policy values in `turbot-default.tfvars` represent answers where Turbot could largely cover the question. The Turbot-Default answers should not be considered the final word on what Turbot can or cannot do. Depending on how the question's interpretation, Turbot may or may not be able to cover the question. These are only a starting point. - -### Pillar Questions - -For the WAF questions, there's a number of policy values that follow the usual Turbot conventions for "Skip", "Check" and " -Enforce". - -- "Skip", -- "Check: Choices based on sub policies", -- "Check: None of these", -- "Check: Question does not apply to this workload", -- "Enforce: Choices based on sub policies", -- "Enforce: None of these", -- "Enforce: Question does not apply to this workload" - -### Pillar Answers - -For the WAF answers, customers can assert a "True" or "False" value or just "Skip". - -- "Skip" -- "True" -- "False" - -## Prerequisites - -To run these Terraform files, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) (Installed automatically with `terraform init`.) -- Configured credentials to connect to your Turbot workspace -- Install the [Well-Architected mod](https://turbot.com/v5/mods/turbot/aws-wellarchitected/inspect) -- Install the [Well-Architected Framework mod](https://turbot.com/v5/mods/turbot/aws-wellarchitected-framework/inspect) - -Note: The Well-Architected mod focuses on management of Workload resources. The Well-Architected Framework mod deals exclusively with answering the Well-Architected Framework Lens. Customers who wish to only manage or monitor Workloads should only install the Well-Architected mod. - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are matched to each WAF question and answer. They are too numerous to enumerate in this ReadMe. Open the file [variables.tf](variables.tf) for further details. - -Customers who wish to write calculated policies should alter the provided Terraform to their needs. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` - diff --git a/baselines/aws/aws_well_architected_tool/cost.tf b/baselines/aws/aws_well_architected_tool/cost.tf deleted file mode 100644 index dd77beacd..000000000 --- a/baselines/aws/aws_well_architected_tool/cost.tf +++ /dev/null @@ -1,275 +0,0 @@ -resource "turbot_policy_setting" "aws_wellarchitected_cost01" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost01 -} -resource "turbot_policy_setting" "aws_wellarchitected_cost02" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost02 -} -resource "turbot_policy_setting" "aws_wellarchitected_cost03" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost03 -} -resource "turbot_policy_setting" "aws_wellarchitected_cost04" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost04 -} -resource "turbot_policy_setting" "aws_wellarchitected_cost05" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost05 -} -resource "turbot_policy_setting" "aws_wellarchitected_cost06" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost06 -} -resource "turbot_policy_setting" "aws_wellarchitected_cost08" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost08 -} -resource "turbot_policy_setting" "aws_wellarchitected_cost07" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost07 -} -resource "turbot_policy_setting" "aws_wellarchitected_cost09" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost09 -} -resource "turbot_policy_setting" "aws_wellarchitected_cost10" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost10" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost10 -} -resource "turbot_policy_setting" "aws_wellarchitected_cost01BudgetForecast" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01BudgetForecast" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost01BudgetForecast -} -resource "turbot_policy_setting" "aws_wellarchitected_cost02Controls" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02Controls" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost02Controls -} -resource "turbot_policy_setting" "aws_wellarchitected_cost01Function" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01Function" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost01Function -} -resource "turbot_policy_setting" "aws_wellarchitected_cost01CostAwareness" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01CostAwareness" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost01CostAwareness -} -resource "turbot_policy_setting" "aws_wellarchitected_cost01Partnership" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01Partnership" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost01Partnership -} -resource "turbot_policy_setting" "aws_wellarchitected_cost01Scheduled" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01Scheduled" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost01Scheduled -} -resource "turbot_policy_setting" "aws_wellarchitected_cost01ProactiveProcess" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01ProactiveProcess" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost01ProactiveProcess -} -resource "turbot_policy_setting" "aws_wellarchitected_cost01UsageReport" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01UsageReport" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost01UsageReport -} -resource "turbot_policy_setting" "aws_wellarchitected_cost02GoalTarget" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02GoalTarget" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost02GoalTarget -} -resource "turbot_policy_setting" "aws_wellarchitected_cost02GroupsRoles" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02GroupsRoles" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost02GroupsRoles -} -resource "turbot_policy_setting" "aws_wellarchitected_cost02AccountStructure" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02AccountStructure" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost02AccountStructure -} -resource "turbot_policy_setting" "aws_wellarchitected_cost03AllocateOutcome" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03AllocateOutcome" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost03AllocateOutcome -} -resource "turbot_policy_setting" "aws_wellarchitected_cost02Policies" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02Policies" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost02Policies -} -resource "turbot_policy_setting" "aws_wellarchitected_cost02TrackLifecycle" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02TrackLifecycle" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost02TrackLifecycle -} -resource "turbot_policy_setting" "aws_wellarchitected_cost03ConfigTools" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03ConfigTools" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost03ConfigTools -} -resource "turbot_policy_setting" "aws_wellarchitected_cost03OrgInformation" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03OrgInformation" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost03OrgInformation -} -resource "turbot_policy_setting" "aws_wellarchitected_cost03DefineAttribution" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03DefineAttribution" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost03DefineAttribution -} -resource "turbot_policy_setting" "aws_wellarchitected_cost03DetailedSource" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03DetailedSource" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost03DetailedSource -} -resource "turbot_policy_setting" "aws_wellarchitected_cost03DefineKpi" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03DefineKpi" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost03DefineKpi -} -resource "turbot_policy_setting" "aws_wellarchitected_cost04DecommAutomated" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04DecommAutomated" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost04DecommAutomated -} -resource "turbot_policy_setting" "aws_wellarchitected_cost05AnalyzeAll" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05AnalyzeAll" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost05AnalyzeAll -} -resource "turbot_policy_setting" "aws_wellarchitected_cost04Track" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04Track" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost04Track -} -resource "turbot_policy_setting" "aws_wellarchitected_cost04Decommission" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04Decommission" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost04Decommission -} -resource "turbot_policy_setting" "aws_wellarchitected_cost04ImplementProcess" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04ImplementProcess" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost04ImplementProcess -} -resource "turbot_policy_setting" "aws_wellarchitected_cost05AnalyzeOverTime" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05AnalyzeOverTime" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost05AnalyzeOverTime -} -resource "turbot_policy_setting" "aws_wellarchitected_cost05Licensing" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05Licensing" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost05Licensing -} -resource "turbot_policy_setting" "aws_wellarchitected_cost05Requirements" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05Requirements" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost05Requirements -} -resource "turbot_policy_setting" "aws_wellarchitected_cost05SelectForCost" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05SelectForCost" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost05SelectForCost -} -resource "turbot_policy_setting" "aws_wellarchitected_cost05ThoroughAnalysis" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05ThoroughAnalysis" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost05ThoroughAnalysis -} -resource "turbot_policy_setting" "aws_wellarchitected_cost06Metrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06Metrics" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost06Metrics -} -resource "turbot_policy_setting" "aws_wellarchitected_cost07Analysis" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07Analysis" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost07Analysis -} -resource "turbot_policy_setting" "aws_wellarchitected_cost06Data" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06Data" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost06Data -} -resource "turbot_policy_setting" "aws_wellarchitected_cost06CostModeling" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06CostModeling" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost08Modeling -} -resource "turbot_policy_setting" "aws_wellarchitected_cost07ImplementModels" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07ImplementModels" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost07ImplementModels -} -resource "turbot_policy_setting" "aws_wellarchitected_cost07RegionCost" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07RegionCost" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost07RegionCost -} -resource "turbot_policy_setting" "aws_wellarchitected_cost07ThirdParty" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07ThirdParty" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost07ThirdParty -} -resource "turbot_policy_setting" "aws_wellarchitected_cost07MasterAnalysis" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07MasterAnalysis" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost07MasterAnalysis -} -resource "turbot_policy_setting" "aws_wellarchitected_cost08Modeling" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08Modeling" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost08Modeling -} -resource "turbot_policy_setting" "aws_wellarchitected_cost09BufferThrottle" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09BufferThrottle" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost09BufferThrottle -} -resource "turbot_policy_setting" "aws_wellarchitected_cost08ImplementServices" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08ImplementServices" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost08ImplementServices -} -resource "turbot_policy_setting" "aws_wellarchitected_cost10ReviewProcess" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost10ReviewProcess" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost10ReviewProcess -} -resource "turbot_policy_setting" "aws_wellarchitected_cost09Dynamic" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09Dynamic" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost09Dynamic -} -resource "turbot_policy_setting" "aws_wellarchitected_cost08OptimizedComponents" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08OptimizedComponents" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost08OptimizedComponents -} -resource "turbot_policy_setting" "aws_wellarchitected_cost09CostAnalysis" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09CostAnalysis" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost09CostAnalysis -} -resource "turbot_policy_setting" "aws_wellarchitected_cost10ReviewWorkload" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost10ReviewWorkload" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_cost10ReviewWorkload -} diff --git a/baselines/aws/aws_well_architected_tool/default.tfvars b/baselines/aws/aws_well_architected_tool/default.tfvars deleted file mode 100644 index 85ca445f1..000000000 --- a/baselines/aws/aws_well_architected_tool/default.tfvars +++ /dev/null @@ -1,343 +0,0 @@ -// For aws_waf_[cost,ops,sec,rel,perf]{number} policies, these are the Pillar Questions described in the README.md. -// For aws_waf_[cost,ops,sec,rel,perf]{number}{description} policies, these are the Pillar Answers described in the README.md. -aws_waf_cost01 = "Skip" -aws_waf_cost01BudgetForecast = "Skip" -aws_waf_cost01CostAwareness = "Skip" -aws_waf_cost01Function = "Skip" -aws_waf_cost01Partnership = "Skip" -aws_waf_cost01ProactiveProcess = "Skip" -aws_waf_cost01Scheduled = "Skip" -aws_waf_cost01UsageReport = "Skip" -aws_waf_cost02 = "Skip" -aws_waf_cost02AccountStructure = "Skip" -aws_waf_cost02Controls = "Skip" -aws_waf_cost02GoalTarget = "Skip" -aws_waf_cost02GroupsRoles = "Skip" -aws_waf_cost02Policies = "Skip" -aws_waf_cost02TrackLifecycle = "Skip" -aws_waf_cost03 = "Skip" -aws_waf_cost03AllocateOutcome = "Skip" -aws_waf_cost03ConfigTools = "Skip" -aws_waf_cost03DefineAttribution = "Skip" -aws_waf_cost03DefineKpi = "Skip" -aws_waf_cost03DetailedSource = "Skip" -aws_waf_cost03OrgInformation = "Skip" -aws_waf_cost04 = "Skip" -aws_waf_cost04DecommAutomated = "Skip" -aws_waf_cost04Decommission = "Skip" -aws_waf_cost04ImplementProcess = "Skip" -aws_waf_cost04Track = "Skip" -aws_waf_cost05 = "Skip" -aws_waf_cost05AnalyzeAll = "Skip" -aws_waf_cost05AnalyzeOverTime = "Skip" -aws_waf_cost05Licensing = "Skip" -aws_waf_cost05Requirements = "Skip" -aws_waf_cost05SelectForCost = "Skip" -aws_waf_cost05ThoroughAnalysis = "Skip" -aws_waf_cost06 = "Skip" -aws_waf_cost06CostModeling = "Skip" -aws_waf_cost06Data = "Skip" -aws_waf_cost06Metrics = "Skip" -aws_waf_cost07 = "Skip" -aws_waf_cost07Analysis = "Skip" -aws_waf_cost07ImplementModels = "Skip" -aws_waf_cost07MasterAnalysis = "Skip" -aws_waf_cost07RegionCost = "Skip" -aws_waf_cost07ThirdParty = "Skip" -aws_waf_cost08 = "Skip" -aws_waf_cost08ImplementServices = "Skip" -aws_waf_cost08Modeling = "Skip" -aws_waf_cost08OptimizedComponents = "Skip" -aws_waf_cost09 = "Skip" -aws_waf_cost09BufferThrottle = "Skip" -aws_waf_cost09CostAnalysis = "Skip" -aws_waf_cost09Dynamic = "Skip" -aws_waf_cost10 = "Skip" -aws_waf_cost10ReviewProcess = "Skip" -aws_waf_cost10ReviewWorkload = "Skip" -aws_waf_ops01 = "Skip" -aws_waf_ops01ComplianceReqs = "Skip" -aws_waf_ops01EvalThreatLandscape = "Skip" -aws_waf_ops01EvalTradeoffs = "Skip" -aws_waf_ops01ExtCustNeeds = "Skip" -aws_waf_ops01GovernanceReqs = "Skip" -aws_waf_ops01IntCustNeeds = "Skip" -aws_waf_ops01ManageRiskBenefit = "Skip" -aws_waf_ops02 = "Skip" -aws_waf_ops02DefActivityOwners = "Skip" -aws_waf_ops02DefNegTeamAgreements = "Skip" -aws_waf_ops02DefProcOwners = "Skip" -aws_waf_ops02DefResourceOwners = "Skip" -aws_waf_ops02FindOwner = "Skip" -aws_waf_ops02KnowMyJob = "Skip" -aws_waf_ops02ReqAddChgException = "Skip" -aws_waf_ops03 = "Skip" -aws_waf_ops03DiverseIncAccess = "Skip" -aws_waf_ops03EffectiveComms = "Skip" -aws_waf_ops03ExecutiveSponsor = "Skip" -aws_waf_ops03TeamEmpTakeAction = "Skip" -aws_waf_ops03TeamEncEscalation = "Skip" -aws_waf_ops03TeamEncExperiment = "Skip" -aws_waf_ops03TeamEncLearn = "Skip" -aws_waf_ops03TeamResAppro = "Skip" -aws_waf_ops04 = "Skip" -aws_waf_ops04ApplicationTelemetry = "Skip" -aws_waf_ops04CustomerTelemetry = "Skip" -aws_waf_ops04DependencyTelemetry = "Skip" -aws_waf_ops04DistTrace = "Skip" -aws_waf_ops04WorkloadTelemetry = "Skip" -aws_waf_ops05 = "Skip" -aws_waf_ops05AutoIntegDeploy = "Skip" -aws_waf_ops05BuildMgmtSys = "Skip" -aws_waf_ops05CodeQuality = "Skip" -aws_waf_ops05ConfMgmtSys = "Skip" -aws_waf_ops05FreqSmRevChg = "Skip" -aws_waf_ops05MultiEnv = "Skip" -aws_waf_ops05PatchMgmt = "Skip" -aws_waf_ops05ShareDesignStds = "Skip" -aws_waf_ops05TestValChg = "Skip" -aws_waf_ops05VersionControl = "Skip" -aws_waf_ops06 = "Skip" -aws_waf_ops06AutoIntegDeploy = "Skip" -aws_waf_ops06AutoTestingAndRollback = "Skip" -aws_waf_ops06DeployMgmtSys = "Skip" -aws_waf_ops06DeployToParallelEnv = "Skip" -aws_waf_ops06FreqSmRevChg = "Skip" -aws_waf_ops06PlanForUnsucessfulChanges = "Skip" -aws_waf_ops06TestLimitedDeploy = "Skip" -aws_waf_ops06TestValChg = "Skip" -aws_waf_ops07 = "Skip" -aws_waf_ops07ConstOrr = "Skip" -aws_waf_ops07InformedDeployDecisions = "Skip" -aws_waf_ops07PersonnelCapability = "Skip" -aws_waf_ops07UsePlaybooks = "Skip" -aws_waf_ops07UseRunbooks = "Skip" -aws_waf_ops08 = "Skip" -aws_waf_ops08BizLevelViewWorkload = "Skip" -aws_waf_ops08CollectAnalyzeWorkloadMetrics = "Skip" -aws_waf_ops08DefineWorkloadKpis = "Skip" -aws_waf_ops08DesignWorkloadMetrics = "Skip" -aws_waf_ops08LearnWorkloadUsagePatterns = "Skip" -aws_waf_ops08WorkloadAnomalyAlerts = "Skip" -aws_waf_ops08WorkloadMetricBaselines = "Skip" -aws_waf_ops08WorkloadOutcomeAlerts = "Skip" -aws_waf_ops09 = "Skip" -aws_waf_ops09BizLevelViewOps = "Skip" -aws_waf_ops09CollectAnalyzeOpsMetrics = "Skip" -aws_waf_ops09DefineOpsKpis = "Skip" -aws_waf_ops09DesignOpsMetrics = "Skip" -aws_waf_ops09LearnOpsUsagePatterns = "Skip" -aws_waf_ops09OpsAnomalyAlerts = "Skip" -aws_waf_ops09OpsMetricBaselines = "Skip" -aws_waf_ops09OpsOutcomeAlerts = "Skip" -aws_waf_ops10 = "Skip" -aws_waf_ops10AutoEventResponse = "Skip" -aws_waf_ops10Dashboards = "Skip" -aws_waf_ops10DefineEscalationPaths = "Skip" -aws_waf_ops10EventIncidentProblemProcess = "Skip" -aws_waf_ops10PrioritizeEvents = "Skip" -aws_waf_ops10ProcessPerAlert = "Skip" -aws_waf_ops10PushNotify = "Skip" -aws_waf_ops11 = "Skip" -aws_waf_ops11AllocateTimeForImp = "Skip" -aws_waf_ops11DriversForImp = "Skip" -aws_waf_ops11FeedbackLoops = "Skip" -aws_waf_ops11KnowledgeManagement = "Skip" -aws_waf_ops11MetricsReview = "Skip" -aws_waf_ops11PerformRcaProcess = "Skip" -aws_waf_ops11ProcessContImp = "Skip" -aws_waf_ops11ShareLessonsLearned = "Skip" -aws_waf_ops11ValidateInsights = "Skip" -aws_waf_perf01 = "Skip" -aws_waf_perf01Benchmark = "Skip" -aws_waf_perf01Cost = "Skip" -aws_waf_perf01EvaluateResources = "Skip" -aws_waf_perf01ExternalGuidance = "Skip" -aws_waf_perf01LoadTest = "Skip" -aws_waf_perf01Process = "Skip" -aws_waf_perf01UsePolicies = "Skip" -aws_waf_perf02 = "Skip" -aws_waf_perf02CollectMetrics = "Skip" -aws_waf_perf02ConfigOptions = "Skip" -aws_waf_perf02Elasticity = "Skip" -aws_waf_perf02EvaluateOptions = "Skip" -aws_waf_perf02RightSizing = "Skip" -aws_waf_perf02UseMetrics = "Skip" -aws_waf_perf03 = "Skip" -aws_waf_perf03EvaluatedOptions = "Skip" -aws_waf_perf03OptimizePatterns = "Skip" -aws_waf_perf03UnderstandChar = "Skip" -aws_waf_perf04 = "Skip" -aws_waf_perf04AccessPatterns = "Skip" -aws_waf_perf04CollectMetrics = "Skip" -aws_waf_perf04EvaluateOptions = "Skip" -aws_waf_perf04OptimizeMetrics = "Skip" -aws_waf_perf04UnderstandChar = "Skip" -aws_waf_perf05 = "Skip" -aws_waf_perf05EncryptionOffload = "Skip" -aws_waf_perf05EvaluateFeatures = "Skip" -aws_waf_perf05Hybrid = "Skip" -aws_waf_perf05Location = "Skip" -aws_waf_perf05Optimize = "Skip" -aws_waf_perf05Protocols = "Skip" -aws_waf_perf05UnderstandImpact = "Skip" -aws_waf_perf06 = "Skip" -aws_waf_perf06DefineProcess = "Skip" -aws_waf_perf06Evolve = "Skip" -aws_waf_perf06KeepUpToDate = "Skip" -aws_waf_perf07 = "Skip" -aws_waf_perf07EstablishKpi = "Skip" -aws_waf_perf07GenerateAlarms = "Skip" -aws_waf_perf07Proactive = "Skip" -aws_waf_perf07RecordMetrics = "Skip" -aws_waf_perf07ReviewMetrics = "Skip" -aws_waf_perf07ReviewMetricsCollected = "Skip" -aws_waf_perf08 = "Skip" -aws_waf_perf08CriticalAreas = "Skip" -aws_waf_perf08DesignPatterns = "Skip" -aws_waf_perf08ImplementStrategy = "Skip" -aws_waf_perf08Measure = "Skip" -aws_waf_perf08UnderstandImpact = "Skip" -aws_waf_rel01 = "Skip" -aws_waf_rel01AutomatedMonitorLimits = "Skip" -aws_waf_rel01AwareFixedLimits = "Skip" -aws_waf_rel01AwareQuotasAndConstraints = "Skip" -aws_waf_rel01LimitsConsidered = "Skip" -aws_waf_rel01MonitorManageLimits = "Skip" -aws_waf_rel01SuffBufferLimits = "Skip" -aws_waf_rel02 = "Skip" -aws_waf_rel02HaConnPrivateNetworks = "Skip" -aws_waf_rel02HaConnUsers = "Skip" -aws_waf_rel02IpSubnetAllocation = "Skip" -aws_waf_rel02NonOverlapIp = "Skip" -aws_waf_rel02PreferHubAndSpoke = "Skip" -aws_waf_rel03 = "Skip" -aws_waf_rel03ApiContracts = "Skip" -aws_waf_rel03BusinessDomains = "Skip" -aws_waf_rel03MonolithSoaMicroservice = "Skip" -aws_waf_rel04 = "Skip" -aws_waf_rel04ConstantWork = "Skip" -aws_waf_rel04Idempotent = "Skip" -aws_waf_rel04Identify = "Skip" -aws_waf_rel04LooselyCoupledSystem = "Skip" -aws_waf_rel05 = "Skip" -aws_waf_rel05ClientTimeouts = "Skip" -aws_waf_rel05EmergencyLevers = "Skip" -aws_waf_rel05FailFast = "Skip" -aws_waf_rel05FailureStateless = "Skip" -aws_waf_rel05GracefulDegradation = "Skip" -aws_waf_rel05LimitRetries = "Skip" -aws_waf_rel05ThrottleRequests = "Skip" -aws_waf_rel06 = "Skip" -aws_waf_rel06AutomateResponseMonitor = "Skip" -aws_waf_rel06EndToEnd = "Skip" -aws_waf_rel06MonitorResources = "Skip" -aws_waf_rel06NotificationAggregation = "Skip" -aws_waf_rel06NotificationMonitor = "Skip" -aws_waf_rel06ReviewMonitoring = "Skip" -aws_waf_rel06StorageAnalytics = "Skip" -aws_waf_rel07 = "Skip" -aws_waf_rel07AutoscaleAdapt = "Skip" -aws_waf_rel07LoadTestedAdapt = "Skip" -aws_waf_rel07ProactiveAdaptAuto = "Skip" -aws_waf_rel07ReactiveAdaptAuto = "Skip" -aws_waf_rel08 = "Skip" -aws_waf_rel08AutomatedChangemgmt = "Skip" -aws_waf_rel08FunctionalTesting = "Skip" -aws_waf_rel08ImmutableInfrastructure = "Skip" -aws_waf_rel08PlannedChangemgmt = "Skip" -aws_waf_rel08ResiliencyTesting = "Skip" -aws_waf_rel09 = "Skip" -aws_waf_rel09AutomatedBackupsData = "Skip" -aws_waf_rel09IdentifiedBackupsData = "Skip" -aws_waf_rel09PeriodicRecoveryTestingData = "Skip" -aws_waf_rel09SecuredBackupsData = "Skip" -aws_waf_rel10 = "Skip" -aws_waf_rel10MultiazRegionSystem = "Skip" -aws_waf_rel10SingleAzSystem = "Skip" -aws_waf_rel10UseBulkhead = "Skip" -aws_waf_rel11 = "Skip" -aws_waf_rel11AutoHealingSystem = "Skip" -aws_waf_rel11Failover2good = "Skip" -aws_waf_rel11MonitoringHealth = "Skip" -aws_waf_rel11NotificationsSentSystem = "Skip" -aws_waf_rel11StaticStability = "Skip" -aws_waf_rel12 = "Skip" -aws_waf_rel12FailureInjectionResiliency = "Skip" -aws_waf_rel12GameDaysResiliency = "Skip" -aws_waf_rel12PlaybookResiliency = "Skip" -aws_waf_rel12RcaResiliency = "Skip" -aws_waf_rel12TestFunctional = "Skip" -aws_waf_rel12TestNonFunctional = "Skip" -aws_waf_rel13 = "Skip" -aws_waf_rel13AutoRecovery = "Skip" -aws_waf_rel13ConfigDrift = "Skip" -aws_waf_rel13DisasterRecovery = "Skip" -aws_waf_rel13DrTested = "Skip" -aws_waf_rel13ObjectiveDefinedRecovery = "Skip" -aws_waf_sec01 = "Skip" -aws_waf_sec01AwsAccount = "Skip" -aws_waf_sec01ControlObjectives = "Skip" -aws_waf_sec01ImplementServicesFeatures = "Skip" -aws_waf_sec01MultiAccounts = "Skip" -aws_waf_sec01TestValidatePipeline = "Skip" -aws_waf_sec01ThreatModel = "Skip" -aws_waf_sec01UpdatedRecommendations = "Skip" -aws_waf_sec01UpdatedThreats = "Skip" -aws_waf_sec02 = "Skip" -aws_waf_sec02Audit = "Skip" -aws_waf_sec02EnforceMechanisms = "Skip" -aws_waf_sec02GroupsAttributes = "Skip" -aws_waf_sec02IdentityProvider = "Skip" -aws_waf_sec02Secrets = "Skip" -aws_waf_sec02Unique = "Skip" -aws_waf_sec03 = "Skip" -aws_waf_sec03AnalyzeCrossAccount = "Skip" -aws_waf_sec03ContinuousReduction = "Skip" -aws_waf_sec03Define = "Skip" -aws_waf_sec03DefineGuardrails = "Skip" -aws_waf_sec03EmergencyProcess = "Skip" -aws_waf_sec03LeastPrivileges = "Skip" -aws_waf_sec03Lifecycle = "Skip" -aws_waf_sec03ShareSecurely = "Skip" -aws_waf_sec04 = "Skip" -aws_waf_sec04ActionableEvents = "Skip" -aws_waf_sec04AnalyzeAll = "Skip" -aws_waf_sec04AppServiceLogging = "Skip" -aws_waf_sec04AutoResponse = "Skip" -aws_waf_sec05 = "Skip" -aws_waf_sec05AutoProtect = "Skip" -aws_waf_sec05CreateLayers = "Skip" -aws_waf_sec05Inspection = "Skip" -aws_waf_sec05Layered = "Skip" -aws_waf_sec06 = "Skip" -aws_waf_sec06ActionsDistance = "Skip" -aws_waf_sec06AutoProtection = "Skip" -aws_waf_sec06ImplementManagedServices = "Skip" -aws_waf_sec06ReduceSurface = "Skip" -aws_waf_sec06ValidateSoftwareIntegrity = "Skip" -aws_waf_sec06VulnerabilityManagement = "Skip" -aws_waf_sec07 = "Skip" -aws_waf_sec07AutoClassification = "Skip" -aws_waf_sec07DefineProtection = "Skip" -aws_waf_sec07IdentifyData = "Skip" -aws_waf_sec07LifecycleManagement = "Skip" -aws_waf_sec08 = "Skip" -aws_waf_sec08AccessControl = "Skip" -aws_waf_sec08AutomateProtection = "Skip" -aws_waf_sec08Encrypt = "Skip" -aws_waf_sec08KeyMgmt = "Skip" -aws_waf_sec08UsePeopleAway = "Skip" -aws_waf_sec09 = "Skip" -aws_waf_sec09Authentication = "Skip" -aws_waf_sec09AutoUnintendedAccess = "Skip" -aws_waf_sec09Encrypt = "Skip" -aws_waf_sec09KeyCertMgmt = "Skip" -aws_waf_sec10 = "Skip" -aws_waf_sec10AutoContain = "Skip" -aws_waf_sec10DevelopManagementPlans = "Skip" -aws_waf_sec10IdentifyPersonnel = "Skip" -aws_waf_sec10PreDeployTools = "Skip" -aws_waf_sec10PreProvisionAccess = "Skip" -aws_waf_sec10PrepareForensic = "Skip" -aws_waf_sec10RunGameDays = "Skip" diff --git a/baselines/aws/aws_well_architected_tool/operations.tf b/baselines/aws/aws_well_architected_tool/operations.tf deleted file mode 100644 index 590f3f4f5..000000000 --- a/baselines/aws/aws_well_architected_tool/operations.tf +++ /dev/null @@ -1,466 +0,0 @@ - -resource "turbot_policy_setting" "aws_wellarchitected_ops01" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops01 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops02" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops02 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops03" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops03 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops04" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops04 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops06" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops06 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops07" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops07 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops08" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops08 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops09" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops09 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops10" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops10 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops11" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops11 -} -resource "turbot_policy_setting" "aws_wellarchitected_ops01ComplianceReqs" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01ComplianceReqs" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops01ComplianceReqs -} -resource "turbot_policy_setting" "aws_wellarchitected_ops01ExtCustNeeds" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01ExtCustNeeds" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops01ExtCustNeeds -} -resource "turbot_policy_setting" "aws_wellarchitected_ops01EvalThreatLandscape" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01EvalThreatLandscape" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops01EvalThreatLandscape -} -resource "turbot_policy_setting" "aws_wellarchitected_ops01ManageRiskBenefit" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01ManageRiskBenefit" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops01ManageRiskBenefit -} -resource "turbot_policy_setting" "aws_wellarchitected_ops02DefActivityOwners" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefActivityOwners" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops02DefActivityOwners -} -resource "turbot_policy_setting" "aws_wellarchitected_ops01IntCustNeeds" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01IntCustNeeds" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops01ExtCustNeeds -} -resource "turbot_policy_setting" "aws_wellarchitected_ops01EvalTradeoffs" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01EvalTradeoffs" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops01EvalTradeoffs -} -resource "turbot_policy_setting" "aws_wellarchitected_ops02FindOwner" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02FindOwner" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops02FindOwner -} -resource "turbot_policy_setting" "aws_wellarchitected_ops02DefResourceOwners" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefResourceOwners" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops02DefResourceOwners -} -resource "turbot_policy_setting" "aws_wellarchitected_ops02DefNegTeamAgreements" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefNegTeamAgreements" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops02DefNegTeamAgreements -} -resource "turbot_policy_setting" "aws_wellarchitected_ops01GovernanceReqs" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01GovernanceReqs" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops01GovernanceReqs -} -resource "turbot_policy_setting" "aws_wellarchitected_ops03EffectiveComms" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03EffectiveComms" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops03EffectiveComms -} -resource "turbot_policy_setting" "aws_wellarchitected_ops02ReqAddChgException" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02ReqAddChgException" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops02ReqAddChgException -} -resource "turbot_policy_setting" "aws_wellarchitected_ops02DefProcOwners" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefProcOwners" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops02DefProcOwners -} -resource "turbot_policy_setting" "aws_wellarchitected_ops03ExecutiveSponsor" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03ExecutiveSponsor" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops03ExecutiveSponsor -} -resource "turbot_policy_setting" "aws_wellarchitected_ops03DiverseIncAccess" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03DiverseIncAccess" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops03DiverseIncAccess -} -resource "turbot_policy_setting" "aws_wellarchitected_ops02KnowMyJob" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02KnowMyJob" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops02KnowMyJob -} -resource "turbot_policy_setting" "aws_wellarchitected_ops03TeamResAppro" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamResAppro" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops03TeamResAppro -} -resource "turbot_policy_setting" "aws_wellarchitected_ops03TeamEncExperiment" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEncExperiment" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops03TeamEncExperiment -} -resource "turbot_policy_setting" "aws_wellarchitected_ops03TeamEmpTakeAction" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEmpTakeAction" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops03TeamEmpTakeAction -} -resource "turbot_policy_setting" "aws_wellarchitected_ops03TeamEncEscalation" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEncEscalation" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops03TeamEncEscalation -} -resource "turbot_policy_setting" "aws_wellarchitected_ops04ApplicationTelemetry" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04ApplicationTelemetry" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops04ApplicationTelemetry -} -resource "turbot_policy_setting" "aws_wellarchitected_ops03TeamEncLearn" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEncLearn" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops03TeamEncLearn -} -resource "turbot_policy_setting" "aws_wellarchitected_ops04CustomerTelemetry" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04CustomerTelemetry" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops04CustomerTelemetry -} -resource "turbot_policy_setting" "aws_wellarchitected_ops04DependencyTelemetry" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04DependencyTelemetry" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops04DependencyTelemetry -} -resource "turbot_policy_setting" "aws_wellarchitected_ops04DistTrace" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04DistTrace" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops04DistTrace -} -resource "turbot_policy_setting" "aws_wellarchitected_ops04WorkloadTelemetry" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04WorkloadTelemetry" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops04WorkloadTelemetry -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05AutoIntegDeploy" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05AutoIntegDeploy" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05AutoIntegDeploy -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05ConfMgmtSys" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05ConfMgmtSys" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05ConfMgmtSys -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05BuildMgmtSys" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05BuildMgmtSys" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05BuildMgmtSys -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05ShareDesignStds" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05ShareDesignStds" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05ShareDesignStds -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05PatchMgmt" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05PatchMgmt" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05PatchMgmt -} -resource "turbot_policy_setting" "aws_wellarchitected_ops06AutoTestingAndRollback" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06AutoTestingAndRollback" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops06AutoTestingAndRollback -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05CodeQuality" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05CodeQuality" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05CodeQuality -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05FreqSmRevChg" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05FreqSmRevChg" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05FreqSmRevChg -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05TestValChg" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05TestValChg" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05TestValChg -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05MultiEnv" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05MultiEnv" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05MultiEnv -} -resource "turbot_policy_setting" "aws_wellarchitected_ops05VersionControl" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05VersionControl" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops05VersionControl -} -resource "turbot_policy_setting" "aws_wellarchitected_ops06DeployToParallelEnv" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06DeployToParallelEnv" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops06DeployToParallelEnv -} -resource "turbot_policy_setting" "aws_wellarchitected_ops06FreqSmRevChg" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06FreqSmRevChg" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops06FreqSmRevChg -} -resource "turbot_policy_setting" "aws_wellarchitected_ops06AutoIntegDeploy" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06AutoIntegDeploy" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops06AutoIntegDeploy -} -resource "turbot_policy_setting" "aws_wellarchitected_ops06TestLimitedDeploy" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06TestLimitedDeploy" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops06TestLimitedDeploy -} -resource "turbot_policy_setting" "aws_wellarchitected_ops06TestValChg" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06TestValChg" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops06TestValChg -} -resource "turbot_policy_setting" "aws_wellarchitected_ops06DeployMgmtSys" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06DeployMgmtSys" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops06DeployMgmtSys -} -resource "turbot_policy_setting" "aws_wellarchitected_ops07UsePlaybooks" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07UsePlaybooks" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops07UsePlaybooks -} -resource "turbot_policy_setting" "aws_wellarchitected_ops07ConstOrr" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07ConstOrr" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops07ConstOrr -} -resource "turbot_policy_setting" "aws_wellarchitected_ops06PlanForUnsucessfulChanges" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06PlanForUnsucessfulChanges" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops06PlanForUnsucessfulChanges -} -resource "turbot_policy_setting" "aws_wellarchitected_ops07UseRunbooks" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07UseRunbooks" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops07UseRunbooks -} -resource "turbot_policy_setting" "aws_wellarchitected_ops07InformedDeployDecisions" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07InformedDeployDecisions" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops07InformedDeployDecisions -} -resource "turbot_policy_setting" "aws_wellarchitected_ops07PersonnelCapability" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07PersonnelCapability" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops07PersonnelCapability -} -resource "turbot_policy_setting" "aws_wellarchitected_ops08BizLevelViewWorkload" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08BizLevelViewWorkload" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops08BizLevelViewWorkload -} -resource "turbot_policy_setting" "aws_wellarchitected_ops08CollectAnalyzeWorkloadMetrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08CollectAnalyzeWorkloadMetrics" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops08CollectAnalyzeWorkloadMetrics -} -resource "turbot_policy_setting" "aws_wellarchitected_ops08DefineWorkloadKpis" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08DefineWorkloadKpis" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops08DefineWorkloadKpis -} -resource "turbot_policy_setting" "aws_wellarchitected_ops08DesignWorkloadMetrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08DesignWorkloadMetrics" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops08DesignWorkloadMetrics -} -resource "turbot_policy_setting" "aws_wellarchitected_ops08LearnWorkloadUsagePatterns" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08LearnWorkloadUsagePatterns" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops08LearnWorkloadUsagePatterns -} -resource "turbot_policy_setting" "aws_wellarchitected_ops08WorkloadAnomalyAlerts" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08WorkloadAnomalyAlerts" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops08WorkloadAnomalyAlerts -} -resource "turbot_policy_setting" "aws_wellarchitected_ops08WorkloadMetricBaselines" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08WorkloadMetricBaselines" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops08WorkloadMetricBaselines -} -resource "turbot_policy_setting" "aws_wellarchitected_ops08WorkloadOutcomeAlerts" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08WorkloadOutcomeAlerts" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops08WorkloadOutcomeAlerts -} -resource "turbot_policy_setting" "aws_wellarchitected_ops09DefineOpsKpis" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09DefineOpsKpis" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops09DefineOpsKpis -} -resource "turbot_policy_setting" "aws_wellarchitected_ops09BizLevelViewOps" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09BizLevelViewOps" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops09BizLevelViewOps -} -resource "turbot_policy_setting" "aws_wellarchitected_ops09DesignOpsMetrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09DesignOpsMetrics" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops09DesignOpsMetrics -} -resource "turbot_policy_setting" "aws_wellarchitected_ops09OpsAnomalyAlerts" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09OpsAnomalyAlerts" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops09OpsAnomalyAlerts -} -resource "turbot_policy_setting" "aws_wellarchitected_ops09OpsMetricBaselines" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09OpsMetricBaselines" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops09OpsMetricBaselines -} -resource "turbot_policy_setting" "aws_wellarchitected_ops09CollectAnalyzeOpsMetrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09CollectAnalyzeOpsMetrics" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops09CollectAnalyzeOpsMetrics -} -resource "turbot_policy_setting" "aws_wellarchitected_ops10AutoEventResponse" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10AutoEventResponse" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops10AutoEventResponse -} -resource "turbot_policy_setting" "aws_wellarchitected_ops09OpsOutcomeAlerts" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09OpsOutcomeAlerts" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops09OpsOutcomeAlerts -} -resource "turbot_policy_setting" "aws_wellarchitected_ops09LearnOpsUsagePatterns" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09LearnOpsUsagePatterns" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops09LearnOpsUsagePatterns -} -resource "turbot_policy_setting" "aws_wellarchitected_ops10PushNotify" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10PushNotify" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops10PushNotify -} -resource "turbot_policy_setting" "aws_wellarchitected_ops10EventIncidentProblemProcess" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10EventIncidentProblemProcess" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops10EventIncidentProblemProcess -} -resource "turbot_policy_setting" "aws_wellarchitected_ops10Dashboards" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10Dashboards" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops10Dashboards -} -resource "turbot_policy_setting" "aws_wellarchitected_ops10DefineEscalationPaths" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10DefineEscalationPaths" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops10DefineEscalationPaths -} -resource "turbot_policy_setting" "aws_wellarchitected_ops11AllocateTimeForImp" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11AllocateTimeForImp" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops11AllocateTimeForImp -} -resource "turbot_policy_setting" "aws_wellarchitected_ops10PrioritizeEvents" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10PrioritizeEvents" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops10PrioritizeEvents -} -resource "turbot_policy_setting" "aws_wellarchitected_ops10ProcessPerAlert" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10ProcessPerAlert" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops10ProcessPerAlert -} -resource "turbot_policy_setting" "aws_wellarchitected_ops11DriversForImp" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11DriversForImp" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops11DriversForImp -} -resource "turbot_policy_setting" "aws_wellarchitected_ops11FeedbackLoops" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11FeedbackLoops" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops11FeedbackLoops -} -resource "turbot_policy_setting" "aws_wellarchitected_ops11KnowledgeManagement" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11KnowledgeManagement" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops11KnowledgeManagement -} -resource "turbot_policy_setting" "aws_wellarchitected_ops11MetricsReview" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11MetricsReview" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops11MetricsReview -} -resource "turbot_policy_setting" "aws_wellarchitected_ops11PerformRcaProcess" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11PerformRcaProcess" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops11PerformRcaProcess -} -resource "turbot_policy_setting" "aws_wellarchitected_ops11ProcessContImp" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11ProcessContImp" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops11ProcessContImp -} -resource "turbot_policy_setting" "aws_wellarchitected_ops11ShareLessonsLearned" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11ShareLessonsLearned" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops11ShareLessonsLearned -} -resource "turbot_policy_setting" "aws_wellarchitected_ops11ValidateInsights" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11ValidateInsights" -resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_ops11ValidateInsights -} diff --git a/baselines/aws/aws_well_architected_tool/performance.tf b/baselines/aws/aws_well_architected_tool/performance.tf deleted file mode 100644 index 45606c242..000000000 --- a/baselines/aws/aws_well_architected_tool/performance.tf +++ /dev/null @@ -1,250 +0,0 @@ -resource "turbot_policy_setting" "aws_wellarchitected_perf01" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf01 -} -resource "turbot_policy_setting" "aws_wellarchitected_perf02" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf02 -} -resource "turbot_policy_setting" "aws_wellarchitected_perf03" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf03 -} -resource "turbot_policy_setting" "aws_wellarchitected_perf04" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf04 -} -resource "turbot_policy_setting" "aws_wellarchitected_perf05" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf05 -} -resource "turbot_policy_setting" "aws_wellarchitected_perf06" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf06 -} -resource "turbot_policy_setting" "aws_wellarchitected_perf08" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf08 -} -resource "turbot_policy_setting" "aws_wellarchitected_perf07" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf07 -} -resource "turbot_policy_setting" "aws_wellarchitected_perf01Benchmark" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01Benchmark" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf01Benchmark -} -resource "turbot_policy_setting" "aws_wellarchitected_perf01Cost" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01Cost" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf01Cost -} -resource "turbot_policy_setting" "aws_wellarchitected_perf01EvaluateResources" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01EvaluateResources" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf01EvaluateResources -} -resource "turbot_policy_setting" "aws_wellarchitected_perf01ExternalGuidance" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01ExternalGuidance" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf01ExternalGuidance -} -resource "turbot_policy_setting" "aws_wellarchitected_perf01LoadTest" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01LoadTest" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf01LoadTest -} -resource "turbot_policy_setting" "aws_wellarchitected_perf01Process" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01Process" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf01Process -} -resource "turbot_policy_setting" "aws_wellarchitected_perf01UsePolicies" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01UsePolicies" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf01UsePolicies -} -resource "turbot_policy_setting" "aws_wellarchitected_perf02CollectMetrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02CollectMetrics" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf02CollectMetrics -} -resource "turbot_policy_setting" "aws_wellarchitected_perf02ConfigOptions" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02ConfigOptions" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf02ConfigOptions -} -resource "turbot_policy_setting" "aws_wellarchitected_perf02Elasticity" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02Elasticity" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf02Elasticity -} -resource "turbot_policy_setting" "aws_wellarchitected_perf02EvaluateOptions" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02EvaluateOptions" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf02EvaluateOptions -} -resource "turbot_policy_setting" "aws_wellarchitected_perf02RightSizing" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02RightSizing" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf02RightSizing -} -resource "turbot_policy_setting" "aws_wellarchitected_perf02UseMetrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02UseMetrics" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf02UseMetrics -} -resource "turbot_policy_setting" "aws_wellarchitected_perf03EvaluatedOptions" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03EvaluatedOptions" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf03EvaluatedOptions -} -resource "turbot_policy_setting" "aws_wellarchitected_perf03OptimizePatterns" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03OptimizePatterns" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf03OptimizePatterns -} -resource "turbot_policy_setting" "aws_wellarchitected_perf03UnderstandChar" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03UnderstandChar" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf03UnderstandChar -} -resource "turbot_policy_setting" "aws_wellarchitected_perf04AccessPatterns" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04AccessPatterns" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf04AccessPatterns -} -resource "turbot_policy_setting" "aws_wellarchitected_perf04CollectMetrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04CollectMetrics" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf04CollectMetrics -} -resource "turbot_policy_setting" "aws_wellarchitected_perf04EvaluateOptions" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04EvaluateOptions" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf04EvaluateOptions -} -resource "turbot_policy_setting" "aws_wellarchitected_perf04OptimizeMetrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04OptimizeMetrics" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf04OptimizeMetrics -} -resource "turbot_policy_setting" "aws_wellarchitected_perf04UnderstandChar" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04UnderstandChar" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf04UnderstandChar -} -resource "turbot_policy_setting" "aws_wellarchitected_perf05EncryptionOffload" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05EncryptionOffload" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf05EncryptionOffload -} -resource "turbot_policy_setting" "aws_wellarchitected_perf05EvaluateFeatures" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05EvaluateFeatures" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf05EvaluateFeatures -} -resource "turbot_policy_setting" "aws_wellarchitected_perf05Hybrid" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Hybrid" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf05Hybrid -} -resource "turbot_policy_setting" "aws_wellarchitected_perf05Location" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Location" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf05Location -} -resource "turbot_policy_setting" "aws_wellarchitected_perf05Optimize" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Optimize" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf05Optimize -} -resource "turbot_policy_setting" "aws_wellarchitected_perf05Protocols" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Protocols" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf05Protocols -} -resource "turbot_policy_setting" "aws_wellarchitected_perf05UnderstandImpact" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05UnderstandImpact" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf05UnderstandImpact -} -resource "turbot_policy_setting" "aws_wellarchitected_perf06DefineProcess" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06DefineProcess" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf06DefineProcess -} -resource "turbot_policy_setting" "aws_wellarchitected_perf06Evolve" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06Evolve" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf06Evolve -} -resource "turbot_policy_setting" "aws_wellarchitected_perf06KeepUpToDate" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06KeepUpToDate" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf06KeepUpToDate -} -resource "turbot_policy_setting" "aws_wellarchitected_perf07EstablishKpi" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07EstablishKpi" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf07EstablishKpi -} -resource "turbot_policy_setting" "aws_wellarchitected_perf07GenerateAlarms" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07GenerateAlarms" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf07GenerateAlarms -} -resource "turbot_policy_setting" "aws_wellarchitected_perf07Proactive" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07Proactive" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf07Proactive -} -resource "turbot_policy_setting" "aws_wellarchitected_perf07RecordMetrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07RecordMetrics" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf07RecordMetrics -} -resource "turbot_policy_setting" "aws_wellarchitected_perf07ReviewMetrics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07ReviewMetrics" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf07ReviewMetrics -} -resource "turbot_policy_setting" "aws_wellarchitected_perf07ReviewMetricsCollected" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07ReviewMetricsCollected" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf07ReviewMetricsCollected -} -resource "turbot_policy_setting" "aws_wellarchitected_perf08CriticalAreas" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08CriticalAreas" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf08CriticalAreas -} -resource "turbot_policy_setting" "aws_wellarchitected_perf08DesignPatterns" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08DesignPatterns" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf08DesignPatterns -} -resource "turbot_policy_setting" "aws_wellarchitected_perf08ImplementStrategy" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08ImplementStrategy" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf08ImplementStrategy -} -resource "turbot_policy_setting" "aws_wellarchitected_perf08Measure" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08Measure" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf08Measure -} -resource "turbot_policy_setting" "aws_wellarchitected_perf08UnderstandImpact" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08UnderstandImpact" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_perf08UnderstandImpact -} diff --git a/baselines/aws/aws_well_architected_tool/reliability.tf b/baselines/aws/aws_well_architected_tool/reliability.tf deleted file mode 100644 index 4c64823a0..000000000 --- a/baselines/aws/aws_well_architected_tool/reliability.tf +++ /dev/null @@ -1,385 +0,0 @@ -resource "turbot_policy_setting" "aws_wellarchitected_rel01" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel01 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel02" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel02 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel03" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel03 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel04" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel04 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel05" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel05 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel06" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel06 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel07" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel07 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel08" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel08 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel09" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel09 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel10" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel10 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel11" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel11 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel12" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel12 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel13" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel13 -} -resource "turbot_policy_setting" "aws_wellarchitected_rel01AwareFixedLimits" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01AwareFixedLimits" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel01AwareFixedLimits -} -resource "turbot_policy_setting" "aws_wellarchitected_rel01AutomatedMonitorLimits" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01AutomatedMonitorLimits" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel01AutomatedMonitorLimits -} -resource "turbot_policy_setting" "aws_wellarchitected_rel01MonitorManageLimits" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01MonitorManageLimits" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel01MonitorManageLimits -} -resource "turbot_policy_setting" "aws_wellarchitected_rel01LimitsConsidered" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01LimitsConsidered" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel01LimitsConsidered -} -resource "turbot_policy_setting" "aws_wellarchitected_rel01SuffBufferLimits" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01SuffBufferLimits" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel01SuffBufferLimits -} -resource "turbot_policy_setting" "aws_wellarchitected_rel02NonOverlapIp" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02NonOverlapIp" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel02NonOverlapIp -} -resource "turbot_policy_setting" "aws_wellarchitected_rel02IpSubnetAllocation" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02IpSubnetAllocation" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel02IpSubnetAllocation -} -resource "turbot_policy_setting" "aws_wellarchitected_rel02HaConnPrivateNetworks" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02HaConnPrivateNetworks" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel02HaConnPrivateNetworks -} -resource "turbot_policy_setting" "aws_wellarchitected_rel01AwareQuotasAndConstraints" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01AwareQuotasAndConstraints" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel01AwareQuotasAndConstraints -} -resource "turbot_policy_setting" "aws_wellarchitected_rel03ApiContracts" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03ApiContracts" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel03ApiContracts -} -resource "turbot_policy_setting" "aws_wellarchitected_rel02PreferHubAndSpoke" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02PreferHubAndSpoke" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel02PreferHubAndSpoke -} -resource "turbot_policy_setting" "aws_wellarchitected_rel02HaConnUsers" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02HaConnUsers" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel02HaConnUsers -} -resource "turbot_policy_setting" "aws_wellarchitected_rel04ConstantWork" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04ConstantWork" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel04ConstantWork -} -resource "turbot_policy_setting" "aws_wellarchitected_rel03MonolithSoaMicroservice" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03MonolithSoaMicroservice" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel03MonolithSoaMicroservice -} -resource "turbot_policy_setting" "aws_wellarchitected_rel03BusinessDomains" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03BusinessDomains" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel03BusinessDomains -} -resource "turbot_policy_setting" "aws_wellarchitected_rel04Idempotent" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04Idempotent" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel04Idempotent -} -resource "turbot_policy_setting" "aws_wellarchitected_rel04Identify" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04Identify" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel04Identify -} -resource "turbot_policy_setting" "aws_wellarchitected_rel04LooselyCoupledSystem" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04LooselyCoupledSystem" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel04LooselyCoupledSystem -} -resource "turbot_policy_setting" "aws_wellarchitected_rel05FailFast" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05FailFast" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel05FailFast -} -resource "turbot_policy_setting" "aws_wellarchitected_rel05LimitRetries" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05LimitRetries" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel05LimitRetries -} -resource "turbot_policy_setting" "aws_wellarchitected_rel05ClientTimeouts" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05ClientTimeouts" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel05ClientTimeouts -} -resource "turbot_policy_setting" "aws_wellarchitected_rel05EmergencyLevers" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05EmergencyLevers" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel05EmergencyLevers -} -resource "turbot_policy_setting" "aws_wellarchitected_rel05ThrottleRequests" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05ThrottleRequests" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel05ThrottleRequests -} -resource "turbot_policy_setting" "aws_wellarchitected_rel05FailureStateless" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05FailureStateless" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel05FailureStateless -} -resource "turbot_policy_setting" "aws_wellarchitected_rel05GracefulDegradation" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05GracefulDegradation" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel05GracefulDegradation -} -resource "turbot_policy_setting" "aws_wellarchitected_rel06AutomateResponseMonitor" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06AutomateResponseMonitor" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel06AutomateResponseMonitor -} -resource "turbot_policy_setting" "aws_wellarchitected_rel06EndToEnd" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06EndToEnd" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel06EndToEnd -} -resource "turbot_policy_setting" "aws_wellarchitected_rel06MonitorResources" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06MonitorResources" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel06MonitorResources -} -resource "turbot_policy_setting" "aws_wellarchitected_rel06NotificationAggregation" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06NotificationAggregation" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel06NotificationAggregation -} -resource "turbot_policy_setting" "aws_wellarchitected_rel06NotificationMonitor" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06NotificationMonitor" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel06NotificationMonitor -} -resource "turbot_policy_setting" "aws_wellarchitected_rel06ReviewMonitoring" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06ReviewMonitoring" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel06ReviewMonitoring -} -resource "turbot_policy_setting" "aws_wellarchitected_rel06StorageAnalytics" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06StorageAnalytics" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel06StorageAnalytics -} -resource "turbot_policy_setting" "aws_wellarchitected_rel07ProactiveAdaptAuto" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07ProactiveAdaptAuto" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel07ProactiveAdaptAuto -} -resource "turbot_policy_setting" "aws_wellarchitected_rel07ReactiveAdaptAuto" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07ReactiveAdaptAuto" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel07ReactiveAdaptAuto -} -resource "turbot_policy_setting" "aws_wellarchitected_rel07AutoscaleAdapt" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07AutoscaleAdapt" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel07AutoscaleAdapt -} -resource "turbot_policy_setting" "aws_wellarchitected_rel07LoadTestedAdapt" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07LoadTestedAdapt" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel07LoadTestedAdapt -} -resource "turbot_policy_setting" "aws_wellarchitected_rel08AutomatedChangemgmt" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08AutomatedChangemgmt" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel08AutomatedChangemgmt -} -resource "turbot_policy_setting" "aws_wellarchitected_rel08FunctionalTesting" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08FunctionalTesting" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel08FunctionalTesting -} -resource "turbot_policy_setting" "aws_wellarchitected_rel08ImmutableInfrastructure" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08ImmutableInfrastructure" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel08ImmutableInfrastructure -} -resource "turbot_policy_setting" "aws_wellarchitected_rel08PlannedChangemgmt" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08PlannedChangemgmt" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel08PlannedChangemgmt -} -resource "turbot_policy_setting" "aws_wellarchitected_rel08ResiliencyTesting" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08ResiliencyTesting" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel08ResiliencyTesting -} -resource "turbot_policy_setting" "aws_wellarchitected_rel09AutomatedBackupsData" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09AutomatedBackupsData" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel09AutomatedBackupsData -} -resource "turbot_policy_setting" "aws_wellarchitected_rel09PeriodicRecoveryTestingData" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09PeriodicRecoveryTestingData" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel09PeriodicRecoveryTestingData -} -resource "turbot_policy_setting" "aws_wellarchitected_rel09SecuredBackupsData" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09SecuredBackupsData" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel09SecuredBackupsData -} -resource "turbot_policy_setting" "aws_wellarchitected_rel09IdentifiedBackupsData" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09IdentifiedBackupsData" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel09IdentifiedBackupsData -} -resource "turbot_policy_setting" "aws_wellarchitected_rel10UseBulkhead" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10UseBulkhead" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel10UseBulkhead -} -resource "turbot_policy_setting" "aws_wellarchitected_rel10SingleAzSystem" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10SingleAzSystem" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel10SingleAzSystem -} -resource "turbot_policy_setting" "aws_wellarchitected_rel11Failover2good" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11Failover2good" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel11Failover2good -} -resource "turbot_policy_setting" "aws_wellarchitected_rel11AutoHealingSystem" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11AutoHealingSystem" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel11AutoHealingSystem -} -resource "turbot_policy_setting" "aws_wellarchitected_rel11NotificationsSentSystem" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11NotificationsSentSystem" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel11NotificationsSentSystem -} -resource "turbot_policy_setting" "aws_wellarchitected_rel11MonitoringHealth" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11MonitoringHealth" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel11MonitoringHealth -} -resource "turbot_policy_setting" "aws_wellarchitected_rel10MultiazRegionSystem" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10MultiazRegionSystem" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel10MultiazRegionSystem -} -resource "turbot_policy_setting" "aws_wellarchitected_rel12RcaResiliency" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12RcaResiliency" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel12RcaResiliency -} -resource "turbot_policy_setting" "aws_wellarchitected_rel12FailureInjectionResiliency" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12FailureInjectionResiliency" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel12FailureInjectionResiliency -} -resource "turbot_policy_setting" "aws_wellarchitected_rel11StaticStability" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11StaticStability" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel11StaticStability -} -resource "turbot_policy_setting" "aws_wellarchitected_rel12TestFunctional" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12TestFunctional" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel12TestFunctional -} -resource "turbot_policy_setting" "aws_wellarchitected_rel12GameDaysResiliency" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12GameDaysResiliency" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel12GameDaysResiliency -} -resource "turbot_policy_setting" "aws_wellarchitected_rel12PlaybookResiliency" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12PlaybookResiliency" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel12PlaybookResiliency -} -resource "turbot_policy_setting" "aws_wellarchitected_rel13AutoRecovery" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13AutoRecovery" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel13AutoRecovery -} -resource "turbot_policy_setting" "aws_wellarchitected_rel12TestNonFunctional" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12TestNonFunctional" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel12TestNonFunctional -} -resource "turbot_policy_setting" "aws_wellarchitected_rel13ConfigDrift" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13ConfigDrift" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel13ConfigDrift -} -resource "turbot_policy_setting" "aws_wellarchitected_rel13DisasterRecovery" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13DisasterRecovery" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel13DisasterRecovery -} -resource "turbot_policy_setting" "aws_wellarchitected_rel13DrTested" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13DrTested" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel13DrTested -} -resource "turbot_policy_setting" "aws_wellarchitected_rel13ObjectiveDefinedRecovery" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13ObjectiveDefinedRecovery" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_rel13ObjectiveDefinedRecovery -} diff --git a/baselines/aws/aws_well_architected_tool/security.tf b/baselines/aws/aws_well_architected_tool/security.tf deleted file mode 100644 index 0aeba191e..000000000 --- a/baselines/aws/aws_well_architected_tool/security.tf +++ /dev/null @@ -1,330 +0,0 @@ -resource "turbot_policy_setting" "aws_wellarchitected_sec01" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec01 -} -resource "turbot_policy_setting" "aws_wellarchitected_sec02" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec02 -} -resource "turbot_policy_setting" "aws_wellarchitected_sec03" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec03 -} -resource "turbot_policy_setting" "aws_wellarchitected_sec04" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec04 -} -resource "turbot_policy_setting" "aws_wellarchitected_sec05" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec05 -} -resource "turbot_policy_setting" "aws_wellarchitected_sec06" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec06 -} -resource "turbot_policy_setting" "aws_wellarchitected_sec07" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec07 -} -resource "turbot_policy_setting" "aws_wellarchitected_sec08" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec08 -} -resource "turbot_policy_setting" "aws_wellarchitected_sec10" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec10 -} -resource "turbot_policy_setting" "aws_wellarchitected_sec09" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec09 -} -resource "turbot_policy_setting" "aws_wellarchitected_sec01AwsAccount" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01AwsAccount" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec01AwsAccount -} -resource "turbot_policy_setting" "aws_wellarchitected_sec01ControlObjectives" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01ControlObjectives" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec01ControlObjectives -} -resource "turbot_policy_setting" "aws_wellarchitected_sec01ImplementServicesFeatures" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01ImplementServicesFeatures" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec01ImplementServicesFeatures -} -resource "turbot_policy_setting" "aws_wellarchitected_sec01MultiAccounts" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01MultiAccounts" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec01MultiAccounts -} -resource "turbot_policy_setting" "aws_wellarchitected_sec01TestValidatePipeline" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01TestValidatePipeline" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec01TestValidatePipeline -} -resource "turbot_policy_setting" "aws_wellarchitected_sec01ThreatModel" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01ThreatModel" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec01ThreatModel -} -resource "turbot_policy_setting" "aws_wellarchitected_sec01UpdatedRecommendations" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01UpdatedRecommendations" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec01UpdatedRecommendations -} -resource "turbot_policy_setting" "aws_wellarchitected_sec01UpdatedThreats" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01UpdatedThreats" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec01UpdatedThreats -} -resource "turbot_policy_setting" "aws_wellarchitected_sec02Audit" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02Audit" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec02Audit -} -resource "turbot_policy_setting" "aws_wellarchitected_sec02EnforceMechanisms" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02EnforceMechanisms" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec02EnforceMechanisms -} -resource "turbot_policy_setting" "aws_wellarchitected_sec02GroupsAttributes" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02GroupsAttributes" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec02GroupsAttributes -} -resource "turbot_policy_setting" "aws_wellarchitected_sec02IdentityProvider" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02IdentityProvider" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec02IdentityProvider -} -resource "turbot_policy_setting" "aws_wellarchitected_sec02Secrets" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02Secrets" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec02Secrets -} -resource "turbot_policy_setting" "aws_wellarchitected_sec02Unique" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02Unique" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec02Unique -} -resource "turbot_policy_setting" "aws_wellarchitected_sec03AnalyzeCrossAccount" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03AnalyzeCrossAccount" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec03AnalyzeCrossAccount -} -resource "turbot_policy_setting" "aws_wellarchitected_sec03ContinuousReduction" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03ContinuousReduction" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec03ContinuousReduction -} -resource "turbot_policy_setting" "aws_wellarchitected_sec03Define" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03Define" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec03Define -} -resource "turbot_policy_setting" "aws_wellarchitected_sec03DefineGuardrails" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03DefineGuardrails" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec03DefineGuardrails -} -resource "turbot_policy_setting" "aws_wellarchitected_sec03EmergencyProcess" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03EmergencyProcess" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec03EmergencyProcess -} -resource "turbot_policy_setting" "aws_wellarchitected_sec03LeastPrivileges" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03LeastPrivileges" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec03LeastPrivileges -} -resource "turbot_policy_setting" "aws_wellarchitected_sec03Lifecycle" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03Lifecycle" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec03Lifecycle -} -resource "turbot_policy_setting" "aws_wellarchitected_sec03ShareSecurely" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03ShareSecurely" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec03ShareSecurely -} -resource "turbot_policy_setting" "aws_wellarchitected_sec04ActionableEvents" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04ActionableEvents" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec04ActionableEvents -} -resource "turbot_policy_setting" "aws_wellarchitected_sec04AnalyzeAll" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04AnalyzeAll" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec04AnalyzeAll -} -resource "turbot_policy_setting" "aws_wellarchitected_sec04AppServiceLogging" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04AppServiceLogging" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec04AppServiceLogging -} -resource "turbot_policy_setting" "aws_wellarchitected_sec04AutoResponse" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04AutoResponse" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec04AutoResponse -} -resource "turbot_policy_setting" "aws_wellarchitected_sec05AutoProtect" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05AutoProtect" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec05AutoProtect -} -resource "turbot_policy_setting" "aws_wellarchitected_sec05CreateLayers" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05CreateLayers" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec05CreateLayers -} -resource "turbot_policy_setting" "aws_wellarchitected_sec05Inspection" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05Inspection" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec05Inspection -} -resource "turbot_policy_setting" "aws_wellarchitected_sec05Layered" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05Layered" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec05Layered -} -resource "turbot_policy_setting" "aws_wellarchitected_sec06ActionsDistance" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ActionsDistance" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec06ActionsDistance -} -resource "turbot_policy_setting" "aws_wellarchitected_sec06AutoProtection" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06AutoProtection" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec06AutoProtection -} -resource "turbot_policy_setting" "aws_wellarchitected_sec06ImplementManagedServices" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ImplementManagedServices" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec06ImplementManagedServices -} -resource "turbot_policy_setting" "aws_wellarchitected_sec06ReduceSurface" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ReduceSurface" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec06ReduceSurface -} -resource "turbot_policy_setting" "aws_wellarchitected_sec06ValidateSoftwareIntegrity" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ValidateSoftwareIntegrity" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec06ValidateSoftwareIntegrity -} -resource "turbot_policy_setting" "aws_wellarchitected_sec06VulnerabilityManagement" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06VulnerabilityManagement" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec06VulnerabilityManagement -} -resource "turbot_policy_setting" "aws_wellarchitected_sec07AutoClassification" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07AutoClassification" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec07AutoClassification -} -resource "turbot_policy_setting" "aws_wellarchitected_sec07DefineProtection" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07DefineProtection" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec07DefineProtection -} -resource "turbot_policy_setting" "aws_wellarchitected_sec07IdentifyData" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07IdentifyData" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec07IdentifyData -} -resource "turbot_policy_setting" "aws_wellarchitected_sec07LifecycleManagement" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07LifecycleManagement" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec07LifecycleManagement -} -resource "turbot_policy_setting" "aws_wellarchitected_sec08AccessControl" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08AccessControl" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec08AccessControl -} -resource "turbot_policy_setting" "aws_wellarchitected_sec08AutomateProtection" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08AutomateProtection" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec08AutomateProtection -} -resource "turbot_policy_setting" "aws_wellarchitected_sec08KeyMgmt" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08KeyMgmt" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec08KeyMgmt -} -resource "turbot_policy_setting" "aws_wellarchitected_sec08UsePeopleAway" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08UsePeopleAway" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec08UsePeopleAway -} -resource "turbot_policy_setting" "aws_wellarchitected_sec08Encrypt" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08Encrypt" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec08Encrypt -} -resource "turbot_policy_setting" "aws_wellarchitected_sec09AutoUnintendedAccess" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09AutoUnintendedAccess" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec09AutoUnintendedAccess -} -resource "turbot_policy_setting" "aws_wellarchitected_sec09Authentication" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09Authentication" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec09Authentication -} -resource "turbot_policy_setting" "aws_wellarchitected_sec09Encrypt" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09Encrypt" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec09Encrypt -} -resource "turbot_policy_setting" "aws_wellarchitected_sec10AutoContain" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10AutoContain" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec10AutoContain -} -resource "turbot_policy_setting" "aws_wellarchitected_sec09KeyCertMgmt" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09KeyCertMgmt" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec09KeyCertMgmt -} -resource "turbot_policy_setting" "aws_wellarchitected_sec10DevelopManagementPlans" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10DevelopManagementPlans" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec10DevelopManagementPlans -} -resource "turbot_policy_setting" "aws_wellarchitected_sec10IdentifyPersonnel" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10IdentifyPersonnel" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec10IdentifyPersonnel -} -resource "turbot_policy_setting" "aws_wellarchitected_sec10PreDeployTools" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10PreDeployTools" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec10PreDeployTools -} -resource "turbot_policy_setting" "aws_wellarchitected_sec10PreProvisionAccess" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10PreProvisionAccess" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec10PreProvisionAccess -} -resource "turbot_policy_setting" "aws_wellarchitected_sec10PrepareForensic" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10PrepareForensic" - resource = turbot_smart_folder.well_architected_pillars.id - value = var.aws_waf_sec10PrepareForensic -} -resource "turbot_policy_setting" "aws_wellarchitected_sec10RunGameDays" { - type = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10RunGameDays" - resource = turbot_smart_folder.well_architected_pillars.id -value = var.aws_waf_sec10RunGameDays -} diff --git a/baselines/aws/aws_well_architected_tool/smart-folder.tf b/baselines/aws/aws_well_architected_tool/smart-folder.tf deleted file mode 100644 index 9a27b2585..000000000 --- a/baselines/aws/aws_well_architected_tool/smart-folder.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "turbot_smart_folder" "well_architected_pillars" { - parent = "tmod:@turbot/turbot#/" - title = "Well Architected Pillars" -} diff --git a/baselines/aws/aws_well_architected_tool/variables.tf b/baselines/aws/aws_well_architected_tool/variables.tf deleted file mode 100644 index a2e2f6c73..000000000 --- a/baselines/aws/aws_well_architected_tool/variables.tf +++ /dev/null @@ -1,1705 +0,0 @@ -variable "aws_waf_cost01" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01" -} -variable "aws_waf_cost01BudgetForecast" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01BudgetForecast" -} -variable "aws_waf_cost01CostAwareness" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01CostAwareness" -} -variable "aws_waf_cost01Function" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01Function" -} -variable "aws_waf_cost01Partnership" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01Partnership" -} -variable "aws_waf_cost01ProactiveProcess" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01ProactiveProcess" -} -variable "aws_waf_cost01Scheduled" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01Scheduled" -} -variable "aws_waf_cost01UsageReport" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01UsageReport" -} -variable "aws_waf_cost02" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02" -} -variable "aws_waf_cost02AccountStructure" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02AccountStructure" -} -variable "aws_waf_cost02Controls" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02Controls" -} -variable "aws_waf_cost02GoalTarget" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02GoalTarget" -} -variable "aws_waf_cost02GroupsRoles" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02GroupsRoles" -} -variable "aws_waf_cost02Policies" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02Policies" -} -variable "aws_waf_cost02TrackLifecycle" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02TrackLifecycle" -} -variable "aws_waf_cost03" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03" -} -variable "aws_waf_cost03AllocateOutcome" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03AllocateOutcome" -} -variable "aws_waf_cost03ConfigTools" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03ConfigTools" -} -variable "aws_waf_cost03DefineAttribution" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03DefineAttribution" -} -variable "aws_waf_cost03DefineKpi" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03DefineKpi" -} -variable "aws_waf_cost03DetailedSource" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03DetailedSource" -} -variable "aws_waf_cost03OrgInformation" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03OrgInformation" -} -variable "aws_waf_cost04" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04" -} -variable "aws_waf_cost04DecommAutomated" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04DecommAutomated" -} -variable "aws_waf_cost04Decommission" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04Decommission" -} -variable "aws_waf_cost04ImplementProcess" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04ImplementProcess" -} -variable "aws_waf_cost04Track" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04Track" -} -variable "aws_waf_cost05" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05" -} -variable "aws_waf_cost05AnalyzeAll" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05AnalyzeAll" -} -variable "aws_waf_cost05AnalyzeOverTime" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05AnalyzeOverTime" -} -variable "aws_waf_cost05Licensing" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05Licensing" -} -variable "aws_waf_cost05Requirements" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05Requirements" -} -variable "aws_waf_cost05SelectForCost" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05SelectForCost" -} -variable "aws_waf_cost05ThoroughAnalysis" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05ThoroughAnalysis" -} -variable "aws_waf_cost06" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06" -} -variable "aws_waf_cost06CostModeling" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06CostModeling" -} -variable "aws_waf_cost06Data" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06Data" -} -variable "aws_waf_cost06Metrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06Metrics" -} -variable "aws_waf_cost07" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07" -} -variable "aws_waf_cost07Analysis" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07Analysis" -} -variable "aws_waf_cost07ImplementModels" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07ImplementModels" -} -variable "aws_waf_cost07MasterAnalysis" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07MasterAnalysis" -} -variable "aws_waf_cost07RegionCost" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07RegionCost" -} -variable "aws_waf_cost07ThirdParty" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07ThirdParty" -} -variable "aws_waf_cost08" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08" -} -variable "aws_waf_cost08ImplementServices" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08ImplementServices" -} -variable "aws_waf_cost08Modeling" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08Modeling" -} -variable "aws_waf_cost08OptimizedComponents" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08OptimizedComponents" -} -variable "aws_waf_cost09" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09" -} -variable "aws_waf_cost09BufferThrottle" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09BufferThrottle" -} -variable "aws_waf_cost09CostAnalysis" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09CostAnalysis" -} -variable "aws_waf_cost09Dynamic" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09Dynamic" -} -variable "aws_waf_cost10" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost10" -} -variable "aws_waf_cost10ReviewProcess" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost10ReviewProcess" -} -variable "aws_waf_cost10ReviewWorkload" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost10ReviewWorkload" -} -variable "aws_waf_ops01" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01" -} -variable "aws_waf_ops01ComplianceReqs" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01ComplianceReqs" -} -variable "aws_waf_ops01EvalThreatLandscape" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01EvalThreatLandscape" -} -variable "aws_waf_ops01EvalTradeoffs" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01EvalTradeoffs" -} -variable "aws_waf_ops01ExtCustNeeds" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01ExtCustNeeds" -} -variable "aws_waf_ops01GovernanceReqs" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01GovernanceReqs" -} -variable "aws_waf_ops01IntCustNeeds" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01IntCustNeeds" -} -variable "aws_waf_ops01ManageRiskBenefit" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01ManageRiskBenefit" -} -variable "aws_waf_ops02" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02" -} -variable "aws_waf_ops02DefActivityOwners" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefActivityOwners" -} -variable "aws_waf_ops02DefNegTeamAgreements" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefNegTeamAgreements" -} -variable "aws_waf_ops02DefProcOwners" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefProcOwners" -} -variable "aws_waf_ops02DefResourceOwners" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefResourceOwners" -} -variable "aws_waf_ops02FindOwner" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02FindOwner" -} -variable "aws_waf_ops02KnowMyJob" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02KnowMyJob" -} -variable "aws_waf_ops02ReqAddChgException" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02ReqAddChgException" -} -variable "aws_waf_ops03" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03" -} -variable "aws_waf_ops03DiverseIncAccess" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03DiverseIncAccess" -} -variable "aws_waf_ops03EffectiveComms" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03EffectiveComms" -} -variable "aws_waf_ops03ExecutiveSponsor" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03ExecutiveSponsor" -} -variable "aws_waf_ops03TeamEmpTakeAction" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEmpTakeAction" -} -variable "aws_waf_ops03TeamEncEscalation" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEncEscalation" -} -variable "aws_waf_ops03TeamEncExperiment" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEncExperiment" -} -variable "aws_waf_ops03TeamEncLearn" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEncLearn" -} -variable "aws_waf_ops03TeamResAppro" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamResAppro" -} -variable "aws_waf_ops04" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04" -} -variable "aws_waf_ops04ApplicationTelemetry" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04ApplicationTelemetry" -} -variable "aws_waf_ops04CustomerTelemetry" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04CustomerTelemetry" -} -variable "aws_waf_ops04DependencyTelemetry" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04DependencyTelemetry" -} -variable "aws_waf_ops04DistTrace" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04DistTrace" -} -variable "aws_waf_ops04WorkloadTelemetry" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04WorkloadTelemetry" -} -variable "aws_waf_ops05" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05" -} -variable "aws_waf_ops05AutoIntegDeploy" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05AutoIntegDeploy" -} -variable "aws_waf_ops05BuildMgmtSys" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05BuildMgmtSys" -} -variable "aws_waf_ops05CodeQuality" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05CodeQuality" -} -variable "aws_waf_ops05ConfMgmtSys" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05ConfMgmtSys" -} -variable "aws_waf_ops05FreqSmRevChg" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05FreqSmRevChg" -} -variable "aws_waf_ops05MultiEnv" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05MultiEnv" -} -variable "aws_waf_ops05PatchMgmt" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05PatchMgmt" -} -variable "aws_waf_ops05ShareDesignStds" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05ShareDesignStds" -} -variable "aws_waf_ops05TestValChg" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05TestValChg" -} -variable "aws_waf_ops05VersionControl" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05VersionControl" -} -variable "aws_waf_ops06" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06" -} -variable "aws_waf_ops06AutoIntegDeploy" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06AutoIntegDeploy" -} -variable "aws_waf_ops06AutoTestingAndRollback" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06AutoTestingAndRollback" -} -variable "aws_waf_ops06DeployMgmtSys" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06DeployMgmtSys" -} -variable "aws_waf_ops06DeployToParallelEnv" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06DeployToParallelEnv" -} -variable "aws_waf_ops06FreqSmRevChg" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06FreqSmRevChg" -} -variable "aws_waf_ops06PlanForUnsucessfulChanges" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06PlanForUnsucessfulChanges" -} -variable "aws_waf_ops06TestLimitedDeploy" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06TestLimitedDeploy" -} -variable "aws_waf_ops06TestValChg" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06TestValChg" -} -variable "aws_waf_ops07" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07" -} -variable "aws_waf_ops07ConstOrr" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07ConstOrr" -} -variable "aws_waf_ops07InformedDeployDecisions" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07InformedDeployDecisions" -} -variable "aws_waf_ops07PersonnelCapability" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07PersonnelCapability" -} -variable "aws_waf_ops07UsePlaybooks" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07UsePlaybooks" -} -variable "aws_waf_ops07UseRunbooks" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07UseRunbooks" -} -variable "aws_waf_ops08" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08" -} -variable "aws_waf_ops08BizLevelViewWorkload" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08BizLevelViewWorkload" -} -variable "aws_waf_ops08CollectAnalyzeWorkloadMetrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08CollectAnalyzeWorkloadMetrics" -} -variable "aws_waf_ops08DefineWorkloadKpis" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08DefineWorkloadKpis" -} -variable "aws_waf_ops08DesignWorkloadMetrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08DesignWorkloadMetrics" -} -variable "aws_waf_ops08LearnWorkloadUsagePatterns" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08LearnWorkloadUsagePatterns" -} -variable "aws_waf_ops08WorkloadAnomalyAlerts" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08WorkloadAnomalyAlerts" -} -variable "aws_waf_ops08WorkloadMetricBaselines" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08WorkloadMetricBaselines" -} -variable "aws_waf_ops08WorkloadOutcomeAlerts" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08WorkloadOutcomeAlerts" -} -variable "aws_waf_ops09" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09" -} -variable "aws_waf_ops09BizLevelViewOps" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09BizLevelViewOps" -} -variable "aws_waf_ops09CollectAnalyzeOpsMetrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09CollectAnalyzeOpsMetrics" -} -variable "aws_waf_ops09DefineOpsKpis" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09DefineOpsKpis" -} -variable "aws_waf_ops09DesignOpsMetrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09DesignOpsMetrics" -} -variable "aws_waf_ops09LearnOpsUsagePatterns" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09LearnOpsUsagePatterns" -} -variable "aws_waf_ops09OpsAnomalyAlerts" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09OpsAnomalyAlerts" -} -variable "aws_waf_ops09OpsMetricBaselines" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09OpsMetricBaselines" -} -variable "aws_waf_ops09OpsOutcomeAlerts" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09OpsOutcomeAlerts" -} -variable "aws_waf_ops10" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10" -} -variable "aws_waf_ops10AutoEventResponse" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10AutoEventResponse" -} -variable "aws_waf_ops10Dashboards" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10Dashboards" -} -variable "aws_waf_ops10DefineEscalationPaths" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10DefineEscalationPaths" -} -variable "aws_waf_ops10EventIncidentProblemProcess" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10EventIncidentProblemProcess" -} -variable "aws_waf_ops10PrioritizeEvents" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10PrioritizeEvents" -} -variable "aws_waf_ops10ProcessPerAlert" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10ProcessPerAlert" -} -variable "aws_waf_ops10PushNotify" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10PushNotify" -} -variable "aws_waf_ops11" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11" -} -variable "aws_waf_ops11AllocateTimeForImp" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11AllocateTimeForImp" -} -variable "aws_waf_ops11DriversForImp" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11DriversForImp" -} -variable "aws_waf_ops11FeedbackLoops" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11FeedbackLoops" -} -variable "aws_waf_ops11KnowledgeManagement" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11KnowledgeManagement" -} -variable "aws_waf_ops11MetricsReview" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11MetricsReview" -} -variable "aws_waf_ops11PerformRcaProcess" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11PerformRcaProcess" -} -variable "aws_waf_ops11ProcessContImp" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11ProcessContImp" -} -variable "aws_waf_ops11ShareLessonsLearned" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11ShareLessonsLearned" -} -variable "aws_waf_ops11ValidateInsights" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11ValidateInsights" -} -variable "aws_waf_perf01" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01" -} -variable "aws_waf_perf01Benchmark" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01Benchmark" -} -variable "aws_waf_perf01Cost" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01Cost" -} -variable "aws_waf_perf01EvaluateResources" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01EvaluateResources" -} -variable "aws_waf_perf01ExternalGuidance" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01ExternalGuidance" -} -variable "aws_waf_perf01LoadTest" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01LoadTest" -} -variable "aws_waf_perf01Process" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01Process" -} -variable "aws_waf_perf01UsePolicies" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01UsePolicies" -} -variable "aws_waf_perf02" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02" -} -variable "aws_waf_perf02CollectMetrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02CollectMetrics" -} -variable "aws_waf_perf02ConfigOptions" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02ConfigOptions" -} -variable "aws_waf_perf02Elasticity" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02Elasticity" -} -variable "aws_waf_perf02EvaluateOptions" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02EvaluateOptions" -} -variable "aws_waf_perf02RightSizing" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02RightSizing" -} -variable "aws_waf_perf02UseMetrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02UseMetrics" -} -variable "aws_waf_perf03" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03" -} -variable "aws_waf_perf03EvaluatedOptions" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03EvaluatedOptions" -} -variable "aws_waf_perf03OptimizePatterns" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03OptimizePatterns" -} -variable "aws_waf_perf03UnderstandChar" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03UnderstandChar" -} -variable "aws_waf_perf04" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04" -} -variable "aws_waf_perf04AccessPatterns" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04AccessPatterns" -} -variable "aws_waf_perf04CollectMetrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04CollectMetrics" -} -variable "aws_waf_perf04EvaluateOptions" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04EvaluateOptions" -} -variable "aws_waf_perf04OptimizeMetrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04OptimizeMetrics" -} -variable "aws_waf_perf04UnderstandChar" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04UnderstandChar" -} -variable "aws_waf_perf05" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05" -} -variable "aws_waf_perf05EncryptionOffload" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05EncryptionOffload" -} -variable "aws_waf_perf05EvaluateFeatures" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05EvaluateFeatures" -} -variable "aws_waf_perf05Hybrid" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Hybrid" -} -variable "aws_waf_perf05Location" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Location" -} -variable "aws_waf_perf05Optimize" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Optimize" -} -variable "aws_waf_perf05Protocols" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Protocols" -} -variable "aws_waf_perf05UnderstandImpact" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05UnderstandImpact" -} -variable "aws_waf_perf06" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06" -} -variable "aws_waf_perf06DefineProcess" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06DefineProcess" -} -variable "aws_waf_perf06Evolve" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06Evolve" -} -variable "aws_waf_perf06KeepUpToDate" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06KeepUpToDate" -} -variable "aws_waf_perf07" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07" -} -variable "aws_waf_perf07EstablishKpi" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07EstablishKpi" -} -variable "aws_waf_perf07GenerateAlarms" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07GenerateAlarms" -} -variable "aws_waf_perf07Proactive" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07Proactive" -} -variable "aws_waf_perf07RecordMetrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07RecordMetrics" -} -variable "aws_waf_perf07ReviewMetrics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07ReviewMetrics" -} -variable "aws_waf_perf07ReviewMetricsCollected" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07ReviewMetricsCollected" -} -variable "aws_waf_perf08" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08" -} -variable "aws_waf_perf08CriticalAreas" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08CriticalAreas" -} -variable "aws_waf_perf08DesignPatterns" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08DesignPatterns" -} -variable "aws_waf_perf08ImplementStrategy" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08ImplementStrategy" -} -variable "aws_waf_perf08Measure" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08Measure" -} -variable "aws_waf_perf08UnderstandImpact" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08UnderstandImpact" -} -variable "aws_waf_rel01" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01" -} -variable "aws_waf_rel01AutomatedMonitorLimits" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01AutomatedMonitorLimits" -} -variable "aws_waf_rel01AwareFixedLimits" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01AwareFixedLimits" -} -variable "aws_waf_rel01AwareQuotasAndConstraints" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01AwareQuotasAndConstraints" -} -variable "aws_waf_rel01LimitsConsidered" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01LimitsConsidered" -} -variable "aws_waf_rel01MonitorManageLimits" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01MonitorManageLimits" -} -variable "aws_waf_rel01SuffBufferLimits" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01SuffBufferLimits" -} -variable "aws_waf_rel02" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02" -} -variable "aws_waf_rel02HaConnPrivateNetworks" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02HaConnPrivateNetworks" -} -variable "aws_waf_rel02HaConnUsers" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02HaConnUsers" -} -variable "aws_waf_rel02IpSubnetAllocation" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02IpSubnetAllocation" -} -variable "aws_waf_rel02NonOverlapIp" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02NonOverlapIp" -} -variable "aws_waf_rel02PreferHubAndSpoke" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02PreferHubAndSpoke" -} -variable "aws_waf_rel03" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03" -} -variable "aws_waf_rel03ApiContracts" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03ApiContracts" -} -variable "aws_waf_rel03BusinessDomains" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03BusinessDomains" -} -variable "aws_waf_rel03MonolithSoaMicroservice" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03MonolithSoaMicroservice" -} -variable "aws_waf_rel04" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04" -} -variable "aws_waf_rel04ConstantWork" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04ConstantWork" -} -variable "aws_waf_rel04Idempotent" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04Idempotent" -} -variable "aws_waf_rel04Identify" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04Identify" -} -variable "aws_waf_rel04LooselyCoupledSystem" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04LooselyCoupledSystem" -} -variable "aws_waf_rel05" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05" -} -variable "aws_waf_rel05ClientTimeouts" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05ClientTimeouts" -} -variable "aws_waf_rel05EmergencyLevers" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05EmergencyLevers" -} -variable "aws_waf_rel05FailFast" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05FailFast" -} -variable "aws_waf_rel05FailureStateless" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05FailureStateless" -} -variable "aws_waf_rel05GracefulDegradation" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05GracefulDegradation" -} -variable "aws_waf_rel05LimitRetries" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05LimitRetries" -} -variable "aws_waf_rel05ThrottleRequests" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05ThrottleRequests" -} -variable "aws_waf_rel06" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06" -} -variable "aws_waf_rel06AutomateResponseMonitor" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06AutomateResponseMonitor" -} -variable "aws_waf_rel06EndToEnd" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06EndToEnd" -} -variable "aws_waf_rel06MonitorResources" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06MonitorResources" -} -variable "aws_waf_rel06NotificationAggregation" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06NotificationAggregation" -} -variable "aws_waf_rel06NotificationMonitor" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06NotificationMonitor" -} -variable "aws_waf_rel06ReviewMonitoring" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06ReviewMonitoring" -} -variable "aws_waf_rel06StorageAnalytics" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06StorageAnalytics" -} -variable "aws_waf_rel07" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07" -} -variable "aws_waf_rel07AutoscaleAdapt" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07AutoscaleAdapt" -} -variable "aws_waf_rel07LoadTestedAdapt" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07LoadTestedAdapt" -} -variable "aws_waf_rel07ProactiveAdaptAuto" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07ProactiveAdaptAuto" -} -variable "aws_waf_rel07ReactiveAdaptAuto" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07ReactiveAdaptAuto" -} -variable "aws_waf_rel08" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08" -} -variable "aws_waf_rel08AutomatedChangemgmt" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08AutomatedChangemgmt" -} -variable "aws_waf_rel08FunctionalTesting" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08FunctionalTesting" -} -variable "aws_waf_rel08ImmutableInfrastructure" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08ImmutableInfrastructure" -} -variable "aws_waf_rel08PlannedChangemgmt" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08PlannedChangemgmt" -} -variable "aws_waf_rel08ResiliencyTesting" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08ResiliencyTesting" -} -variable "aws_waf_rel09" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09" -} -variable "aws_waf_rel09AutomatedBackupsData" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09AutomatedBackupsData" -} -variable "aws_waf_rel09IdentifiedBackupsData" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09IdentifiedBackupsData" -} -variable "aws_waf_rel09PeriodicRecoveryTestingData" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09PeriodicRecoveryTestingData" -} -variable "aws_waf_rel09SecuredBackupsData" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09SecuredBackupsData" -} -variable "aws_waf_rel10" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10" -} -variable "aws_waf_rel10MultiazRegionSystem" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10MultiazRegionSystem" -} -variable "aws_waf_rel10SingleAzSystem" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10SingleAzSystem" -} -variable "aws_waf_rel10UseBulkhead" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10UseBulkhead" -} -variable "aws_waf_rel11" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11" -} -variable "aws_waf_rel11AutoHealingSystem" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11AutoHealingSystem" -} -variable "aws_waf_rel11Failover2good" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11Failover2good" -} -variable "aws_waf_rel11MonitoringHealth" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11MonitoringHealth" -} -variable "aws_waf_rel11NotificationsSentSystem" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11NotificationsSentSystem" -} -variable "aws_waf_rel11StaticStability" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11StaticStability" -} -variable "aws_waf_rel12" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12" -} -variable "aws_waf_rel12FailureInjectionResiliency" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12FailureInjectionResiliency" -} -variable "aws_waf_rel12GameDaysResiliency" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12GameDaysResiliency" -} -variable "aws_waf_rel12PlaybookResiliency" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12PlaybookResiliency" -} -variable "aws_waf_rel12RcaResiliency" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12RcaResiliency" -} -variable "aws_waf_rel12TestFunctional" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12TestFunctional" -} -variable "aws_waf_rel12TestNonFunctional" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12TestNonFunctional" -} -variable "aws_waf_rel13" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13" -} -variable "aws_waf_rel13AutoRecovery" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13AutoRecovery" -} -variable "aws_waf_rel13ConfigDrift" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13ConfigDrift" -} -variable "aws_waf_rel13DisasterRecovery" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13DisasterRecovery" -} -variable "aws_waf_rel13DrTested" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13DrTested" -} -variable "aws_waf_rel13ObjectiveDefinedRecovery" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13ObjectiveDefinedRecovery" -} -variable "aws_waf_sec01" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01" -} -variable "aws_waf_sec01AwsAccount" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01AwsAccount" -} -variable "aws_waf_sec01ControlObjectives" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01ControlObjectives" -} -variable "aws_waf_sec01ImplementServicesFeatures" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01ImplementServicesFeatures" -} -variable "aws_waf_sec01MultiAccounts" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01MultiAccounts" -} -variable "aws_waf_sec01TestValidatePipeline" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01TestValidatePipeline" -} -variable "aws_waf_sec01ThreatModel" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01ThreatModel" -} -variable "aws_waf_sec01UpdatedRecommendations" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01UpdatedRecommendations" -} -variable "aws_waf_sec01UpdatedThreats" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01UpdatedThreats" -} -variable "aws_waf_sec02" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02" -} -variable "aws_waf_sec02Audit" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02Audit" -} -variable "aws_waf_sec02EnforceMechanisms" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02EnforceMechanisms" -} -variable "aws_waf_sec02GroupsAttributes" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02GroupsAttributes" -} -variable "aws_waf_sec02IdentityProvider" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02IdentityProvider" -} -variable "aws_waf_sec02Secrets" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02Secrets" -} -variable "aws_waf_sec02Unique" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02Unique" -} -variable "aws_waf_sec03" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03" -} -variable "aws_waf_sec03AnalyzeCrossAccount" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03AnalyzeCrossAccount" -} -variable "aws_waf_sec03ContinuousReduction" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03ContinuousReduction" -} -variable "aws_waf_sec03Define" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03Define" -} -variable "aws_waf_sec03DefineGuardrails" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03DefineGuardrails" -} -variable "aws_waf_sec03EmergencyProcess" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03EmergencyProcess" -} -variable "aws_waf_sec03LeastPrivileges" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03LeastPrivileges" -} -variable "aws_waf_sec03Lifecycle" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03Lifecycle" -} -variable "aws_waf_sec03ShareSecurely" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03ShareSecurely" -} -variable "aws_waf_sec04" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04" -} -variable "aws_waf_sec04ActionableEvents" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04ActionableEvents" -} -variable "aws_waf_sec04AnalyzeAll" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04AnalyzeAll" -} -variable "aws_waf_sec04AppServiceLogging" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04AppServiceLogging" -} -variable "aws_waf_sec04AutoResponse" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04AutoResponse" -} -variable "aws_waf_sec05" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05" -} -variable "aws_waf_sec05AutoProtect" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05AutoProtect" -} -variable "aws_waf_sec05CreateLayers" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05CreateLayers" -} -variable "aws_waf_sec05Inspection" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05Inspection" -} -variable "aws_waf_sec05Layered" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05Layered" -} -variable "aws_waf_sec06" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06" -} -variable "aws_waf_sec06ActionsDistance" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ActionsDistance" -} -variable "aws_waf_sec06AutoProtection" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06AutoProtection" -} -variable "aws_waf_sec06ImplementManagedServices" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ImplementManagedServices" -} -variable "aws_waf_sec06ReduceSurface" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ReduceSurface" -} -variable "aws_waf_sec06ValidateSoftwareIntegrity" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ValidateSoftwareIntegrity" -} -variable "aws_waf_sec06VulnerabilityManagement" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06VulnerabilityManagement" -} -variable "aws_waf_sec07" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07" -} -variable "aws_waf_sec07AutoClassification" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07AutoClassification" -} -variable "aws_waf_sec07DefineProtection" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07DefineProtection" -} -variable "aws_waf_sec07IdentifyData" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07IdentifyData" -} -variable "aws_waf_sec07LifecycleManagement" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07LifecycleManagement" -} -variable "aws_waf_sec08" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08" -} -variable "aws_waf_sec08AccessControl" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08AccessControl" -} -variable "aws_waf_sec08AutomateProtection" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08AutomateProtection" -} -variable "aws_waf_sec08Encrypt" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08Encrypt" -} -variable "aws_waf_sec08KeyMgmt" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08KeyMgmt" -} -variable "aws_waf_sec08UsePeopleAway" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08UsePeopleAway" -} -variable "aws_waf_sec09" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09" -} -variable "aws_waf_sec09Authentication" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09Authentication" -} -variable "aws_waf_sec09AutoUnintendedAccess" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09AutoUnintendedAccess" -} -variable "aws_waf_sec09Encrypt" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09Encrypt" -} -variable "aws_waf_sec09KeyCertMgmt" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09KeyCertMgmt" -} -variable "aws_waf_sec10" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10" -} -variable "aws_waf_sec10AutoContain" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10AutoContain" -} -variable "aws_waf_sec10DevelopManagementPlans" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10DevelopManagementPlans" -} -variable "aws_waf_sec10IdentifyPersonnel" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10IdentifyPersonnel" -} -variable "aws_waf_sec10PreDeployTools" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10PreDeployTools" -} -variable "aws_waf_sec10PreProvisionAccess" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10PreProvisionAccess" -} -variable "aws_waf_sec10PrepareForensic" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10PrepareForensic" -} -variable "aws_waf_sec10RunGameDays" { - type = string - default = "Skip" - description = "tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10RunGameDays" -} diff --git a/baselines/getting_started/azure/azure_check_tagging/README.md b/baselines/getting_started/azure/azure_check_tagging/README.md index b51e72620..cfa8ab268 100644 --- a/baselines/getting_started/azure/azure_check_tagging/README.md +++ b/baselines/getting_started/azure/azure_check_tagging/README.md @@ -1,4 +1,4 @@ -# Baseline - GCP Check Tagging +# Baseline - Azure Check Tagging This baseline will allow you to check for adherence to the tagging templates, make sure that the Tag Templates are updated with the specific use case to validate. diff --git a/calculated_policies/README.md b/calculated_policies/README.md deleted file mode 100644 index 72b827ffa..000000000 --- a/calculated_policies/README.md +++ /dev/null @@ -1,181 +0,0 @@ -## Calculated policies - -Provides templates for implementing calculated policies. - -Calculated policies allow Turbot administrators to modify or extend the default behavior and logic that Turbot uses to evaluate controls. - -The calculated policy examples are implemented with [Terraform](https://www.terraform.io) allowing you to manage and -provision Turbot with a repeatable, idempotent, versioned infrastructure-as-code approach. - -### Current calculated policies - -| Path | Resource | Description | -| ---- | -------- | ----------- | -| [aws_ec2_instance_age](./aws_ec2_instance_age/README.md) | AWS EC2 | Set maximum age of specially tagged EC2 instances | -| [aws_ec2_instance_approved_usage_approved_account_ami](./aws_ec2_instance_approved_usage_approved_account_ami/README.md) | AWS EC2 | Restrict Instance images to trusted AWS accounts AMIs | -| [aws_ec2_instance_approved_usage_local_ami](./aws_ec2_instance_approved_usage_local_ami/README.md) | AWS EC2 | Restrict Instance Image to local AMI | -| [aws_ec2_instance_approved_usage_trusted_ami](./aws_ec2_instance_approved_usage_trusted_ami/README.md) | AWS EC2 | Restrict Instance Images to trusted AMI | -| [aws_ec2_public_subnet](./aws_ec2_public_subnet/README.md) | AWS EC2 | Instance Not Approved if Public Subnet | -| [aws_guardduty_detector_approved_usage](./aws_guardduty_detector_approved_usage/README.md) | AWS GuardDuty | Restrict detector membership to a given master account | -| [aws_lambda_in_vpc](./aws_lambda_in_vpc/README.md) | AWS Lambda | Approve a Lambda function only if it is within a particular VPC | -| [aws_lambda_not_approved_cross_account_access](./aws_lambda_not_approved_cross_account_access/README.md) | AWS Lambda | Alarm if function policy has cross-account access | -| [aws_rds_db_cluster_snapshot_cross_account_access](./aws_rds_db_cluster_snapshot_cross_account_access/README.md) | AWS RDS | Restrict RDS DB Clusters access to cross account Manual DB Clusters Snapshots | -| [aws_redshift_cluster_require_ssl](./aws_redshift_cluster_require_ssl/README.md) | AWS RedShift | Approve cluster if encryption in transit is required | -| [aws_redshift_restrict_cross_account_snapshot_access](./aws_redshift_restrict_cross_account_snapshot_access/README.md) | AWS RedShift | Restrict RedShift Manual Cluster access to cross account Manual Clusters Snapshots | -| [aws_s3_account_public_access_block_skip_setting](./aws_s3_account_public_access_block_skip_setting/README.md) | AWS S3 Account | Allows Public Access Block to skip a setting value | -| [aws_s3_approved_static_website_hosting_requires_cloud_front](./aws_s3_approved_static_website_hosting_requires_cloud_front/README.md) | AWS S3 Bucket | Enforce static website hosting is associated with CloudFront | -| [aws_s3_bucket_approved_usage_acl_cross_account_access](./aws_s3_bucket_approved_usage_acl_cross_account_access/README.md) | AWS S3 Bucket | Restrict ACL Cross Account Access by user defined Whitelist | -| [aws_s3_bucket_approved_usage_cross_account_replication](./aws_s3_bucket_approved_usage_cross_account_replication/README.md) | AWS S3 Bucket | Restrict Cross Account Replication by user defined Whitelist | -| [aws_s3_bucket_approved_usage_name_dns_compliant](./aws_s3_bucket_approved_usage_name_dns_compliant/README.md) | AWS S3 Bucket | Restrict name that are not DNS compliant | -| [aws_s3_bucket_match_tags_on_bucket_and_cmk](./aws_s3_bucket_match_tags_on_bucket_and_cmk/README.md) | AWS S3 | Match tags on Bucket and corresponding Key Management Service. | -| [aws_s3_bucket_public_access_block_skip_setting](./aws_s3_bucket_public_access_block_skip_setting/README.md) | AWS S3 Bucket | Allows Public Access Block to skip a setting value | -| [aws_s3_bucket_tagging_template](./aws_s3_bucket_tagging_template/README.md) | AWS S3 | Set default tags on buckets with dynamic metadata | -| [aws_sqs_approved](./aws_sqs_approved/README.md) | AWS SQS Queue | Alarm if SQS policy violates org restrictions | -| [azure_compute_disk_approved_usage_customer_key_encrypted](./azure_compute_disk_approved_usage_customer_key_encrypted/README.md) | Azure Compute | Disk approved if encrypted with customer key | -| [azure_load_balancer_prohibited_ports](./azure_load_balancer_prohibited_ports/README.md) | Azure Networking | Prevent unapproved network configuration for load balancers | -| [azure_storage_container_approved_usage_not_public](./azure_storage_container_approved_usage_not_public/README.md) | Azure Storage | Container approved if not public | -| [multi_cloud_storage_cost_savings](./multi_cloud_storage_cost_savings/README.md) | Multi-Cloud Storage | Set least expensive storage options for development environments | -| [multi_cloud_resource_owner_tags](./multi_cloud_resource_owner_tags/README.md) | Multi-Cloud Resource Owner Tags | Set default tags on who created a resource and when it was created | - -## Prerequisites - -To run Turbot calculated policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running a calculated policies - -To run a calculated policies: - -1. Install and configure the [pre-requisites](#pre-requisites) -1. Using the command line, navigate to the directory for the calculated policies -1. Run `terraform init` to initialize terraform in the directory -1. Edit any variables in the .tf file that you wish to change, or override with [environment variables](https://www.terraform.io/docs/commands/environment-variables.html) or [variable files](https://www.terraform.io/docs/configuration/variables.html#variable-definitions-tfvars-files) -1. Run `terraform plan -var-file=".tfvars"` and inspect the changes -1. Run `terraform apply -var-file=".tfvars"` to apply the configuration - -## Contributing - -### Structure - -Calculated Polices are implemented as independently deployable terraform configurations and are organised as -sub-directories within this repository. - -Commonly changed parameters are implemented using variables. -Most variables have default values, but these values assigned to these variables can be overwritten by the end user. - -Each Calculated Policy folder contains: - -- `variables.tf` containing the variable definitions - -- `main.tf` containing the terraform resources that creates the objects - -- `default.tfvars` containing the defaults for the variables - -- `README.md` detailing the Calculated Policy and usage information - -``` -Baseline -. -├── README.md -├── main.tf -├── variables.tf -└── default.tfvar -``` - -### Style guide - -Our Calculate Policies adopts styling conventions provided by [Terraform](https://www.terraform.io/docs/configuration/style.html) -like: - -- Align the equal to signs for arguments appearing on consecutive lines with values. -- Variables should use snake case: `this_is_an_example` -- Use empty lines to separate logical groups of arguments within a block. - -To maintain consistency between files and modules, we recommend adopting the below added styling conventions: - -- Include the variable definitions in the `variables.tf` file -- Resources in the `main.tf` file, -- Values to output in `outputs.tf` file. -- For `turbot_policy_setting` and `turbot_policy_value` resources, include the policy type hierarchy in a comment - before the resource. For example: - - ```terraform - # AWS > Account > Turbot IAM Role > External ID - resource "turbot_policy_setting" "turbotIamRoleExternalId" { - resource = turbot_resource.account_resource.id - type = "tmod:@turbot/aws#/policy/types/turbotIamRoleExternalId" - value = var.turbot_external_id - } - ``` - -- Use a single hash for comments that refer only to a single resource, immediately before the resource, for example: - - ```terraform - # 1.4 Ensure access keys are rotated every 90 days or less (Scored) - # AWS > IAM > Access Key > Active > Age - # Setting value to "Force inactive if age > 90" days to meet remediation - resource "turbot_policy_setting" "AWS_IAM_AccessKey_Active_Age" { - resource = var.target_resource - type = "tmod:@turbot/aws-iam#/policy/types/accessKeyActiveAge" - value = "Force inactive if age > 90 days" - } - ``` - -- Use 4 hashes for comments that describe a group of resources, or general behavior: - - ```terraform - #### Set the credentials (Role, external id) for the account via Turbot policies - ``` - -- All variables should have a description, and as a result should not require individual comments -- Most variables should have a reasonable default -- Calculated policies should be always children of a Smart Folder resource -- The resource to associate with the Smart Folder should use a variable for the target resource - - ```terraform - variable "target_resource" { - description = "Enter the resource ID or AKA for the resource to apply the calculated policy" - type = string - } - ``` - - - it should be called `target_resource` - - it should have no default value in `variables.tfvars` - - It should have a comment that states that it may be changes or overridden in the `default.tfvars` - - ```terraform - # Required - Target resource to attach to smart folder - target_resource = "" - # Examples for target_resource - # target_resource = "tmod:@turbot/turbot#/" - # target_resource = "191238958290468" - ``` - -- The parent resource for the Smart Folder should use a variable for the target resource - - ```terraform - variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" - } - ``` - - - it should be called `smart_folder_parent_resource` - - it should have the default value in `tmod:@turbot/turbot#/` - - It should have a comment that states that it may be changes or overridden in the `default.tfvars`. - - ```terraform - # Optional - Default value: tmod:@turbot/turbot#/ - # smart_folder_parent_resource = "" - ``` \ No newline at end of file diff --git a/calculated_policies/aws_ami_tag_on_control_alarm/README.md b/calculated_policies/aws_ami_tag_on_control_alarm/README.md deleted file mode 100644 index 6ee72d474..000000000 --- a/calculated_policies/aws_ami_tag_on_control_alarm/README.md +++ /dev/null @@ -1,113 +0,0 @@ -# AWS EC2 - Tag AMI if they are older than 14 days -## Use case - -Some organizations tag resources to authorize deletions. This set of policies tags an AMI with `termination: true` if the AMI is older than 14 days. - -## Implementation details - -This Terraform template creates a smart folder and creates the following policies: - -- `AWS > EC2 > AMI > Active` -- `AWS > EC2 > AMI > Active > Age` -- `AWS > EC2 > AMI > Tags` -- `AWS > EC2 > AMI > Tags > Template` - - -Four different policies will be set. `Active` tells Turbot to check the age of the AMI, while `Active > Age` defines that an AMI is no longer deemed active after 14 days. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -```graphql -- | - { - ami { - turbot { - id - } - } - } -- | - { - controls(filter: "controlType:tmod:@turbot/aws-ec2#/control/types/amiActive resourceId:{{$.ami.turbot.id}}") { - items { - state - } - } - } -``` - -### Template (Nunjucks) - -AWS > EC2 > AMI > Tags > Template - -```nunjucks -{%- if $.controls.items[0].state == "alarm" %} -- termination: "true" -{%- else -%} -[] -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12, minimum. -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_ami_tag_on_control_alarm/ami_policies.tf b/calculated_policies/aws_ami_tag_on_control_alarm/ami_policies.tf deleted file mode 100644 index d1effba94..000000000 --- a/calculated_policies/aws_ami_tag_on_control_alarm/ami_policies.tf +++ /dev/null @@ -1,56 +0,0 @@ -# AWS > EC2 > AMI > Tags > Template -# Note that if there are no existing tags on the AMI AND itm is within the 14 day window, -# this policy will not evaluate correctly. -# Note that AWS > EC2 > AMI > Age control state change will trigger a recalculation of the -# tagging policy. -resource "turbot_policy_setting" "ami_tagging" { - resource = turbot_smart_folder.aws_ami_tag.id - type = "tmod:@turbot/aws-ec2#/policy/types/amiTagsTemplate" - template_input = < EC2 > AMI > Tags -resource "turbot_policy_setting" "aws_ec2_ami_tags" { - resource = turbot_smart_folder.aws_ami_tag.id - type = "tmod:@turbot/aws-ec2#/policy/types/amiTags" - value = "Check: Tags are correct" -} - -# AWS > EC2 > AMI > Active > Age -resource "turbot_policy_setting" "aws_ec2_ami_active_age" { - resource = turbot_smart_folder.aws_ami_tag.id - type = "tmod:@turbot/aws-ec2#/policy/types/amiActiveAge" - value = "Force inactive if age > 14 days" -} - -# AWS > EC2 > AMI > Active -resource "turbot_policy_setting" "aws_ec2_ami_active" { - resource = turbot_smart_folder.aws_ami_tag.id - type = "tmod:@turbot/aws-ec2#/policy/types/amiActive" - value = "Check: Active" -} \ No newline at end of file diff --git a/calculated_policies/aws_ami_tag_on_control_alarm/default.tfvars b/calculated_policies/aws_ami_tag_on_control_alarm/default.tfvars deleted file mode 100644 index ff7e2153d..000000000 --- a/calculated_policies/aws_ami_tag_on_control_alarm/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -# Required - Target resource to attach to smart folder -# target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "AWS AMI Tag On Control Alarm" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "AMI must have tags added once the AMI is older than 14 days" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" \ No newline at end of file diff --git a/calculated_policies/aws_ami_tag_on_control_alarm/output.tf b/calculated_policies/aws_ami_tag_on_control_alarm/output.tf deleted file mode 100644 index 365421c2b..000000000 --- a/calculated_policies/aws_ami_tag_on_control_alarm/output.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "smart_folder_title" { - value = var.smart_folder_title -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} \ No newline at end of file diff --git a/calculated_policies/aws_ami_tag_on_control_alarm/providers.tf b/calculated_policies/aws_ami_tag_on_control_alarm/providers.tf deleted file mode 100644 index 034a3e5ca..000000000 --- a/calculated_policies/aws_ami_tag_on_control_alarm/providers.tf +++ /dev/null @@ -1,11 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/calculated_policies/aws_ami_tag_on_control_alarm/smart_folder.tf b/calculated_policies/aws_ami_tag_on_control_alarm/smart_folder.tf deleted file mode 100644 index 3c8e6c0d8..000000000 --- a/calculated_policies/aws_ami_tag_on_control_alarm/smart_folder.tf +++ /dev/null @@ -1,6 +0,0 @@ -#Smart folder -resource "turbot_smart_folder" "aws_ami_tag" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} \ No newline at end of file diff --git a/calculated_policies/aws_ami_tag_on_control_alarm/variables.tf b/calculated_policies/aws_ami_tag_on_control_alarm/variables.tf deleted file mode 100644 index 220406dea..000000000 --- a/calculated_policies/aws_ami_tag_on_control_alarm/variables.tf +++ /dev/null @@ -1,21 +0,0 @@ -variable "smart_folder_title" { - description = "Enter a title for the smart folder" - type = string - default = "AWS EC2 AMI Tags" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Tag an AMI if it is older than 14 days" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} \ No newline at end of file diff --git a/calculated_policies/aws_ec2_approved_image_tag/README.md b/calculated_policies/aws_ec2_approved_image_tag/README.md deleted file mode 100644 index d04ff5404..000000000 --- a/calculated_policies/aws_ec2_approved_image_tag/README.md +++ /dev/null @@ -1,117 +0,0 @@ -# AWS EC2 - EC2 Instances approved based on image tags -## Use case - -Use this policy if you would like to restrict the usage of EC2 instances based on image tags. - -## Implementation details - -This Terraform template creates a smart folder and applies calculated policies on the policies: - -- `AWS > EC2 > Instance > Approved` -- `AWS > EC2 > Instance > Approved > Usage` - - -The Usage policy checks the underlying image for the existence of the key: value pair `approved`:`yes`. Any other condition results in the EC2 instance being marked `Not approved`. This includes instances using public images. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -```graphql -- | - { - resource { - image: get (path:"Image.ImageId") - } - } - -- | - { - resources(filter: "resourceType:'tmod:@turbot/aws-ec2#/resource/types/Ami' $.ImageId:'{{$.resource.image}}'") { - items { - tags - public:get (path: "Public") - } - } - } -``` - -### Template (Nunjucks) - -Approval logic for EC2 Instances. - -```nunjucks -{%- set approved = "Approved" -%} - -{%- if not $.resources.items[0].tags -%} -{%- set approved = "Not approved" -%} -{%- elif not $.resources.items[0].tags['approved'] -%} -{%- set approved = "Not approved" -%} -{%- elif not $.resources.items[0].tags['approved'] == "yes" -%} -{%- set approved = "Not approved" -%} -{%- endif -%} - -{{ approved }} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_ec2_approved_image_tag/default.tfvars b/calculated_policies/aws_ec2_approved_image_tag/default.tfvars deleted file mode 100644 index e0d943cf0..000000000 --- a/calculated_policies/aws_ec2_approved_image_tag/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -# Required - Target resource to attach to smart folder -# target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "AWS EC2 Instance Approved Image Tags" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Instances must be created via an image with approved tags" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" \ No newline at end of file diff --git a/calculated_policies/aws_ec2_approved_image_tag/ec2_policies.tf b/calculated_policies/aws_ec2_approved_image_tag/ec2_policies.tf deleted file mode 100644 index 423d9b7e0..000000000 --- a/calculated_policies/aws_ec2_approved_image_tag/ec2_policies.tf +++ /dev/null @@ -1,45 +0,0 @@ -#AWS > EC2 > Instace > Approved > Usage -resource "turbot_policy_setting" "aws_ec2_approved_usage" { - resource = turbot_smart_folder.aws_ec2_folder.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApprovedUsage" - # GraphQL to pull function metadata - template_input = <<-QUERY -- | - { - resource { - image: get (path:"Image.ImageId") - } - } - -- | - { - resources(filter: "resourceType:'tmod:@turbot/aws-ec2#/resource/types/Ami' $.ImageId:'{{$.resource.image}}'") { - items { - tags - public:get (path: "Public") - } - } - } - QUERY - ## Nunjucks template evaluate metadata. - template = <<-TEMPLATE - {%- set approved = "Approved" -%} - - {%- if not $.resources.items[0].tags -%} - {%- set approved = "Not approved" -%} - {%- elif not $.resources.items[0].tags['approved'] -%} - {%- set approved = "Not approved" -%} - {%- elif not $.resources.items[0].tags['approved'] == "yes" -%} - {%- set approved = "Not approved" -%} - {%- endif -%} - - {{ approved }} - TEMPLATE -} - -#AWS > EC2 > Instance > Approved -resource "turbot_policy_setting" "ec2_approved" { - resource = turbot_smart_folder.aws_ec2_folder.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApproved" - value = "Check: Approved" -} diff --git a/calculated_policies/aws_ec2_approved_image_tag/output.tf b/calculated_policies/aws_ec2_approved_image_tag/output.tf deleted file mode 100644 index 365421c2b..000000000 --- a/calculated_policies/aws_ec2_approved_image_tag/output.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "smart_folder_title" { - value = var.smart_folder_title -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} \ No newline at end of file diff --git a/calculated_policies/aws_ec2_approved_image_tag/providers.tf b/calculated_policies/aws_ec2_approved_image_tag/providers.tf deleted file mode 100644 index 034a3e5ca..000000000 --- a/calculated_policies/aws_ec2_approved_image_tag/providers.tf +++ /dev/null @@ -1,11 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/calculated_policies/aws_ec2_approved_image_tag/smart_folder.tf b/calculated_policies/aws_ec2_approved_image_tag/smart_folder.tf deleted file mode 100644 index 598244459..000000000 --- a/calculated_policies/aws_ec2_approved_image_tag/smart_folder.tf +++ /dev/null @@ -1,6 +0,0 @@ -#Smart folder -resource "turbot_smart_folder" "aws_ec2_folder" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} \ No newline at end of file diff --git a/calculated_policies/aws_ec2_approved_image_tag/variables.tf b/calculated_policies/aws_ec2_approved_image_tag/variables.tf deleted file mode 100644 index 6c83ceeb2..000000000 --- a/calculated_policies/aws_ec2_approved_image_tag/variables.tf +++ /dev/null @@ -1,21 +0,0 @@ -variable "smart_folder_title" { - description = "Enter a title for the smart folder" - type = string - default = "AWS EC2 Approved Usage" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Instances must be created via an image with approved tags" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} \ No newline at end of file diff --git a/calculated_policies/aws_ec2_cross_account_ami_snapshot/README.md b/calculated_policies/aws_ec2_cross_account_ami_snapshot/README.md deleted file mode 100644 index 4a7d8a7dd..000000000 --- a/calculated_policies/aws_ec2_cross_account_ami_snapshot/README.md +++ /dev/null @@ -1,157 +0,0 @@ -# AWS EC2 AMI and Snapshots - -## Use case - -Snapshots and AMI can be granted share permissions to any AWS account. Organizations want to restrict that sharing to only a select number of approved AWS accounts. - -## Implementation details - -This Terraform template creates a smart folder, a Turbot File, and four policies: - -* Smart Folder with a title defaulting to `EC2 AMI and Snapshot Cross Account Access` -* Turbot File with the aka defaulting to `list_accounts` -* `AWS > EC2 > Snapshot > Approved` and `AWS > EC2 > AMI > Approved` policies both set to `Check: Approved` -* A calculated policy for both `AWS > EC2 > Snapshot > Approved > Usage` and `AWS > EC2 > AMI > Approved > Usage` - - -### Turbot File -The Terraform apply will create a Turbot File which the calculated policies use as a reference for allowed account IDs. For this example, the File contains the following information: - -```json -{ - "snapshot_trusted_accounts" : [ - "567890123456", - "012345678901" - ], - "ami_trusted_accounts" : [ - "234567890123", - "345678901234" - ] -} -``` - -### Template input (GraphQL) - -The template_input in a calculated policy is a GraphQL query against the Turbot CMDB. - -`AWS > EC2 > Snapshot > Approved > Usage` -```graphql -{ - resource { - permissions: get(path: "snapshotAttributes.CreateVolumePermissions") - } - list_trusted_accounts: resource(id:"list_accounts") { - data - } -} -``` - -`AWS > EC2 > AMI > Approved > Usage` -```graphql -{ - resource { - permissions: get(path: "LaunchPermissions") - } - list_trusted_accounts: resource(id:"list_accounts") { - data - } -} -``` - -### Template (Nunjucks) - -Logic to evaluate the metadata of an AMI or snapshot and subsequently set the approval policy to `Not approved` or `Approved`. - -`AWS > EC2 > Snapshot > Approved > Usage` -```nunjucks -{%- set approved = true -%} -{%- for permission in $.resource.permissions -%} - {%- if permission.UserId not in $.list_trusted_accounts.data.snapshot_trusted_accounts -%} - {%- set approved = false -%} - {%- endif -%} -{%- endfor -%} -{%- if approved -%} - "Approved" -{%- else -%} - "Not approved" -{%- endif -%} -``` - -`AWS > EC2 > AMI > Approved > Usage` -```nunjucks -{%- set approved = true -%} -{%- for permission in $.resource.permissions -%} - {%- if permission.UserId not in $.list_trusted_accounts.data.ami_trusted_accounts -%} - {%- set approved = false -%} - {%- endif -%} -{%- endfor -%} -{%- if approved -%} - "Approved" -{%- else -%} - "Not approved" -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) -- turbot_file_name (Optional) -- turbot_file_description (Optional) -- turbot_file_aka (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_ec2_cross_account_ami_snapshot/default.tfvars b/calculated_policies/aws_ec2_cross_account_ami_snapshot/default.tfvars deleted file mode 100644 index 1130af75a..000000000 --- a/calculated_policies/aws_ec2_cross_account_ami_snapshot/default.tfvars +++ /dev/null @@ -1,17 +0,0 @@ -# Optional - Default value: "EC2 AMI and Snapshot Cross Account Access" -# smart_folder_title = "" - -# Optional - Default value: "Checks AMI and Snapshots for cross account access. Approved if the account ID exists in the Turbot File." -# smart_folder_description = "" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" - -# Optional - Default value: Approved Accounts -# turbot_file_name = "" - -# Optional - Default value: "Turbot File containing a list of accounts approved for cross account AMI and Snapshot access" -# turbot_file_description = "" - -# Optional - Default value: list_accounts -# turbot_file_aka = "" \ No newline at end of file diff --git a/calculated_policies/aws_ec2_cross_account_ami_snapshot/main.tf b/calculated_policies/aws_ec2_cross_account_ami_snapshot/main.tf deleted file mode 100644 index e540f3d84..000000000 --- a/calculated_policies/aws_ec2_cross_account_ami_snapshot/main.tf +++ /dev/null @@ -1,109 +0,0 @@ -# Smart folder containing policies created below. -resource "turbot_smart_folder" "ec2_trusted_accounts" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_title - description = var.smart_folder_description -} - -# Turbot file used to store approved account numbers. -# MODIFY THESE LISTS BEFORE APPLYING THE TERRAFORM PLAN! -resource "turbot_file" "trusted_accounts_list" { - parent = "tmod:@turbot/turbot#/" - title = var.turbot_file_name - description = var.turbot_file_description - akas = var.file_aka - content = < EC2 > Snapshot > Approved to "Check: Approved" -resource "turbot_policy_setting" "ec2_snapshot_ami_approved" { - resource = turbot_smart_folder.ec2_trusted_accounts.id - type = "tmod:@turbot/aws-ec2#/policy/types/snapshotApproved" - value = "Check: Approved" -} - -# Sets a calculated policy AWS > EC2 > Snapshot > Approved > Usage -# Checks the snapshot shared account permissions and cross references them against the Turbot File. -# If there is any account that does not exist in the Turbot File, this policy is set to "Not Approved." -resource "turbot_policy_setting" "ec2_snapshot_approved_usage" { - resource = turbot_smart_folder.ec2_trusted_accounts.id - type = "tmod:@turbot/aws-ec2#/policy/types/snapshotApprovedUsage" - # GraphQL to pull policy Statements - template_input = <<-QUERY - { - resource { - permissions: get(path: "snapshotAttributes.CreateVolumePermissions") - } - list_trusted_accounts: resource(id:"list_accounts") { - data - } - } - QUERY - - # Nunjucks template to set usage approval based on if the resource is shared to approved accounts. - template = <<-TEMPLATE - {%- set approved = true -%} - {%- for permission in $.resource.permissions -%} - {%- if permission.UserId not in $.list_trusted_accounts.data.snapshot_trusted_accounts -%} - {%- set approved = false -%} - {%- endif -%} - {%- endfor -%} - {%- if approved -%} - "Approved" - {%- else -%} - "Not approved" - {%- endif -%} - TEMPLATE -} - -## Sets the policy AWS > EC2 > AMI > Approved to "Check: Approved" -resource "turbot_policy_setting" "ec2_ami_approved" { - resource = turbot_smart_folder.ec2_trusted_accounts.id - type = "tmod:@turbot/aws-ec2#/policy/types/amiApproved" - value = "Check: Approved" -} - -# Sets a calculated policy AWS > EC2 > AMI > Approved > Usage -# Checks the snapshot shared account permissions and cross references them against the Turbot File. -# If there is any account that does not exist in the Turbot File, this policy is set to "Not Approved." -resource "turbot_policy_setting" "ec2_ami_approved_usage" { - resource = turbot_smart_folder.ec2_trusted_accounts.id - type = "tmod:@turbot/aws-ec2#/policy/types/amiApprovedUsage" - # GraphQL to pull policy Statements - template_input = <<-QUERY - { - resource { - permissions: get(path: "LaunchPermissions") - } - list_trusted_accounts: resource(id:"list_accounts") { - data - } - } - QUERY - - # Nunjucks template to set usage approval based on if the resource is shared to approved accounts. - template = <<-TEMPLATE - {%- set approved = true -%} - {%- for permission in $.resource.permissions -%} - {%- if permission.UserId not in $.list_trusted_accounts.data.ami_trusted_accounts -%} - {%- set approved = false -%} - {%- endif -%} - {%- endfor -%} - {%- if approved -%} - "Approved" - {%- else -%} - "Not approved" - {%- endif -%} - TEMPLATE -} \ No newline at end of file diff --git a/calculated_policies/aws_ec2_cross_account_ami_snapshot/variables.tf b/calculated_policies/aws_ec2_cross_account_ami_snapshot/variables.tf deleted file mode 100644 index 5e0b04180..000000000 --- a/calculated_policies/aws_ec2_cross_account_ami_snapshot/variables.tf +++ /dev/null @@ -1,35 +0,0 @@ -variable "smart_folder_title" { - description = "Enter a title for the smart folder." - type = string - default = "EC2 AMI and Snapshot Cross Account Access" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Checks AMI and Snapshots for cross account access. Approved if the account ID exists in the Turbot File." -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder." - type = string - default = "tmod:@turbot/turbot#/" -} - -variable "turbot_file_name" { - description = "Enter a name for the generated Turbot File." - type = string - default = "Approved Accounts" -} - -variable "turbot_file_description" { - description = "Enter a description for the generated Turbot File." - type = string - default = "Turbot File containing a list of accounts approved for cross account AMI and Snapshot access" -} - -variable "turbot_file_aka" { - description = "Enter an aka for the Turbot File." - type = string - default = "list_accounts" -} \ No newline at end of file diff --git a/calculated_policies/aws_ec2_instance_age/README.md b/calculated_policies/aws_ec2_instance_age/README.md deleted file mode 100644 index 2f2193b66..000000000 --- a/calculated_policies/aws_ec2_instance_age/README.md +++ /dev/null @@ -1,107 +0,0 @@ -# AWS EC2 - Set maximum age of specially tagged EC2 instances - -## Use case - -The business owner of the AWS Lab environment wants to ensure that all EC2 Lab instances -(instances tagged Environment:=Lab) are not being used for extended periods of time. -The business rule designed states that lab instances must be less than 30 days old. - -## Implementation details - -This Terraform template creates a smart folder and applies calculated policies on the policies: - -- `AWS > EC2 > Instance > Active` -- `AWS > EC2 > Instance > Active > Age` - -The Calculated policy sets the active age threshold to 30 days when a tag is present on the instance matching -{Environment:=Lab} and to skip if it is not present or set to an alternate value. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -In this case the query selects all tags from the instance. - -```graphql -{ - instance { - turbot { - tags - } - } -} -``` - -### Template (Nunjucks) - -Approval logic for EC2 Instance trusted AWS accounts AMIs. -If Instance Image ownerId is not in `approvedAccounts` list, then it will return `Not approved`. - -```nunjucks -{% if $.instance.turbot.tags.Environment == "Lab" %} - "Force inactive if age > 30 days" -{% else %} - "Skip" -{% endif %} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_ec2_instance_age/default.tfvars b/calculated_policies/aws_ec2_instance_age/default.tfvars deleted file mode 100644 index 9f85f27f5..000000000 --- a/calculated_policies/aws_ec2_instance_age/default.tfvars +++ /dev/null @@ -1,8 +0,0 @@ -# Optional - Default value: "EC2 Instance Age" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Enables bucket versioning for all buckets tagged with {Environment:=Prod}" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_ec2_instance_age/main.tf b/calculated_policies/aws_ec2_instance_age/main.tf deleted file mode 100644 index 59d4439f3..000000000 --- a/calculated_policies/aws_ec2_instance_age/main.tf +++ /dev/null @@ -1,38 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "ec2_instance_age" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > EC2 > Instance > Active -resource "turbot_policy_setting" "instance_active" { - resource = turbot_smart_folder.ec2_instance_age.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceActive" - value = "Enforce: Delete inactive with 7 days warning" -} - -# AWS > EC2 > Instance > Active > Age -resource "turbot_policy_setting" "instance_age" { - resource = turbot_smart_folder.ec2_instance_age.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceActiveAge" - # GraphQL to pull instance tags - template_input = < 30 days" -{% else %} - "Skip" -{% endif %} - EOT -} diff --git a/calculated_policies/aws_ec2_instance_age/variables.tf b/calculated_policies/aws_ec2_instance_age/variables.tf deleted file mode 100644 index 53c564bfe..000000000 --- a/calculated_policies/aws_ec2_instance_age/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -variable "smart_folder_title" { - description = "Enter a title for the smart folder" - type = string - default = "EC2 Instance Age" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Enables bucket versioning for all buckets tagged with {Environment:=Prod}" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/calculated_policies/aws_ec2_instance_approved_usage_approved_account_ami/README.md b/calculated_policies/aws_ec2_instance_approved_usage_approved_account_ami/README.md deleted file mode 100644 index 6166e9959..000000000 --- a/calculated_policies/aws_ec2_instance_approved_usage_approved_account_ami/README.md +++ /dev/null @@ -1,121 +0,0 @@ -# AWS EC2 - Restrict Instance images to trusted AWS accounts AMIs - -## Use case - -Use this policy if you would like to restrict the usage of EC2 Instance images to AMIs owned by AWS accounts that are trusted. - -## Implementation details - -This Terraform template creates a smart folder and applies calculated policies on the policies: - -- `AWS > EC2 > Instance > Approved` -- `AWS > EC2 > Instance > Approved > Usage` - -If a EC2 Instance Image is not owned by an account in the approved accounts list, then the approved usage -policy will be set to `Not approved` otherwise it will be set to `Approved`. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -GraphQL query that will get the Instance Image. - -```graphql -- | - { - item: resource { - imageId: get(path: "ImageId") - turbot { - custom - } - } - } -- | - { - resources (filter: "resourceType:'tmod:@turbot/aws-ec2#/resource/types/Ami' $.ImageId:'{{$.item.imageId}}'") { - items { - ownerId: get(path:"OwnerId") - } - } - } -``` - -### Template (Nunjucks) - -Approval logic for EC2 Instance trusted AWS accounts AMIs. -If Instance Image ownerId is not in `approvedAccounts` list, then it will return `Not approved`. - -```nunjucks -{% set approvedAccounts = [ - "${join("\",\n \"", var.approved_account_ami_list)}" - ] -%} -{% if $.resources.items and $.resources.items[0].ownerId in approvedAccounts %} - "Approved" -{% else %} - "Not approved" -{% endif %} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- approved_account_ami_list -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_ec2_instance_approved_usage_approved_account_ami/default.tfvars b/calculated_policies/aws_ec2_instance_approved_usage_approved_account_ami/default.tfvars deleted file mode 100644 index e5353e559..000000000 --- a/calculated_policies/aws_ec2_instance_approved_usage_approved_account_ami/default.tfvars +++ /dev/null @@ -1,19 +0,0 @@ -# Required - List of approved AWS account to own trusted AMIs -approved_account_ami_list = [] -# Examples for approved_account_ami_list -# ["235268162285", "235268162286"] - -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "AWS EC2 Instance Approved Account AMIs" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Restrict AWS EC2 Instance image to approved account AMIs" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_ec2_instance_approved_usage_approved_account_ami/main.tf b/calculated_policies/aws_ec2_instance_approved_usage_approved_account_ami/main.tf deleted file mode 100644 index 2b6e17549..000000000 --- a/calculated_policies/aws_ec2_instance_approved_usage_approved_account_ami/main.tf +++ /dev/null @@ -1,57 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "aws_ec2_instance_approved_usage_approved_account_ami" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > EC2 > Instance > Approved -resource "turbot_policy_setting" "aws_ec2_instance_approved_approved_account_ami" { - resource = turbot_smart_folder.aws_ec2_instance_approved_usage_approved_account_ami.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApproved" - value = "Check: Approved" -} - -# AWS > EC2 > Instance > Approved > Usage -resource "turbot_policy_setting" "aws_ec2_instance_approved_usage_approved_account_ami" { - resource = turbot_smart_folder.aws_ec2_instance_approved_usage_approved_account_ami.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApprovedUsage" - # GraphQL to pull function metadata - template_input = < EC2 > Instance > Approved` -- `AWS > EC2 > Instance > Approved > Usage` - -Approval policy that will limit running EC2 Instances to only use local EC2 Instance Images. -If an EC2 Instance Image is not owned by the account that the Instance is running on, then the approved usage -policy will be set to `Not approved` otherwise it will be set to `Approved`. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -GraphQL query that will check if a Instance has accounts with restore access. -If the query returns an array of zero items, then the Instance Image is not a local AMI. - -```graphql -- | - { - item: resource { - imageId: get(path: "ImageId") - turbot { - custom - } - } - } -- | - { - resources (filter: "resourceType:'tmod:@turbot/aws-ec2#/resource/types/Ami' $.ImageId:'{{$.item.imageId}}' $.OwnerId:'{{$.item.turbot.custom.aws.accountId}}'") { - metadata { - stats { - total - } - } - } - } -``` - -### Template (Nunjucks) - -Approval logic for EC2 Instance Image local AMI. - -```nunjucks -{% if $.resources.metadata.stats.total %} - "Approved" -{% else %} - "Not approved" -{% endif %} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_ec2_instance_approved_usage_local_ami/default.tfvars b/calculated_policies/aws_ec2_instance_approved_usage_local_ami/default.tfvars deleted file mode 100644 index 1fa9090a5..000000000 --- a/calculated_policies/aws_ec2_instance_approved_usage_local_ami/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "AWS EC2 Instance Local AMIs" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Restrict AWS EC2 Instance to local images" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_ec2_instance_approved_usage_local_ami/main.tf b/calculated_policies/aws_ec2_instance_approved_usage_local_ami/main.tf deleted file mode 100644 index ab3bca8d8..000000000 --- a/calculated_policies/aws_ec2_instance_approved_usage_local_ami/main.tf +++ /dev/null @@ -1,55 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "aws_ec2_instance_approved_usage_local_ami" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > EC2 > Instance > Approved -resource "turbot_policy_setting" "aws_ec2_instance_approved_local_ami" { - resource = turbot_smart_folder.aws_ec2_instance_approved_usage_local_ami.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApproved" - value = "Check: Approved" -} - -# AWS > EC2 > Instance > Approved > Usage -resource "turbot_policy_setting" "aws_ec2_instance_approved_usage_local_ami" { - resource = turbot_smart_folder.aws_ec2_instance_approved_usage_local_ami.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApprovedUsage" - # GraphQL to pull function metadata - template_input = < EC2 > Instance > Approved` -- `AWS > EC2 > Instance > Approved > Usage` - -If a EC2 Instance Image is not in the trusted AMI list, then the approved usage -policy will be set to `Not approved` otherwise it will be set to `Approved`. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -GraphQL query that will get the Instance Image. - -```graphql -{ - resource { - imageId: get(path: "ImageId") - } -} -``` - -### Template (Nunjucks) - -Approval logic for EC2 Instance trusted AMI. -If Instance Image is not in `approvedImageIds` list, then it will return `Not approved`. - -```nunjucks -{% set approvedImageIds = [ - "${join("\",\n \"", var.trusted_ami_list)}" - ] -%} -{% if $.resource.imageId in approvedImageIds %} - "Approved" -{% else %} - "Not approved" -{% endif %} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- trusted_ami_list -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_ec2_instance_approved_usage_trusted_ami/default.tfvars b/calculated_policies/aws_ec2_instance_approved_usage_trusted_ami/default.tfvars deleted file mode 100644 index 11f491dd3..000000000 --- a/calculated_policies/aws_ec2_instance_approved_usage_trusted_ami/default.tfvars +++ /dev/null @@ -1,18 +0,0 @@ -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -trusted_ami_list = [""] -# Examples for trusted_ami_list: -# ["ami-085925f297f89fce1", "ami-085925f297f89fce2"] - -# Optional - Default value: "AWS EC2 Instance Trusted AMIs" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Restrict AWS EC2 Instance image to trusted AMIs" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_ec2_instance_approved_usage_trusted_ami/main.tf b/calculated_policies/aws_ec2_instance_approved_usage_trusted_ami/main.tf deleted file mode 100644 index 3f48358be..000000000 --- a/calculated_policies/aws_ec2_instance_approved_usage_trusted_ami/main.tf +++ /dev/null @@ -1,45 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "aws_ec2_instance_approved_usage_trusted_ami" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > EC2 > Instance > Approved -resource "turbot_policy_setting" "aws_ec2_instance_approved_trusted_ami" { - resource = turbot_smart_folder.aws_ec2_instance_approved_usage_trusted_ami.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApproved" - value = "Check: Approved" -} - -# AWS > EC2 > Instance > Approved > Usage -resource "turbot_policy_setting" "aws_ec2_instance_approved_usage_trusted_ami" { - resource = turbot_smart_folder.aws_ec2_instance_approved_usage_trusted_ami.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApprovedUsage" - # GraphQL to pull function metadata - template_input = < EC2 > Instance > Approved` -- `AWS > EC2 > Instance > Approved > Usage` - -Approval policy that restrict usage of EC Instances if the Subnet associated with the Instance has a Route to an IGW. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -This query is two-fold. First, it finds the subnet ID contained within the EC2 instance metadata. -Second, all route tables in the account are found, and the associated subnet ID as well as the collection of routes. - -```graphql -{ - resource { - subnetId: get(path: "SubnetId") - } - resources(filter:"resourceType:'tmod:@turbot/aws-vpc-core#/resource/types/routeTable'") { - items { - associations: get(path: "Associations.[0].SubnetId") - routes: get(path: "Routes") - } - } -} -``` - -### Template (Nunjucks) - -Checks each returned Route Table entry and compares it against the Subnet Id of the EC2 Instance. -When the Route Table entry is found then check each Route to find the Route with the id of `igw`. -If a Route with this id is found then the usage will be set as `Not approved`. - -```nunjucks -{%- set hasIGW = false -%} -{%- for item in $.resources.items -%} - {%- if item.associations == $.resource.subnetId -%} - {%- for gateway in item.routes -%} - {%- if 'igw' in gateway.GatewayId -%} - {%- if hasIGW == false -%} - "Not approved" - {%- set hasIGW = true -%} - {%- endif -%} - {%- endif -%} - {%- endfor -%} - {%- endif -%} -{%- endfor -%} -{%- if hasIGW == false -%} - "Approved if AWS > EC2 > Enabled" -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_ec2_public_subnet/default.tfvars b/calculated_policies/aws_ec2_public_subnet/default.tfvars deleted file mode 100644 index e8fe7950b..000000000 --- a/calculated_policies/aws_ec2_public_subnet/default.tfvars +++ /dev/null @@ -1,8 +0,0 @@ -# Optional - Default value: "EC2 in Public Subnet" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Set any instance to 'Not Approved' if the instance is in a public subnet" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_ec2_public_subnet/main.tf b/calculated_policies/aws_ec2_public_subnet/main.tf deleted file mode 100644 index 471cdf098..000000000 --- a/calculated_policies/aws_ec2_public_subnet/main.tf +++ /dev/null @@ -1,53 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "ec2_public_subnet" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > EC2 > Instance > Approved -resource "turbot_policy_setting" "instance_approved" { - resource = turbot_smart_folder.ec2_public_subnet.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApproved" - value = "Check: Approved" -} - -# AWS > EC2 > Instance > Approved > Usage -resource "turbot_policy_setting" "instance_subnet_" { - resource = turbot_smart_folder.ec2_public_subnet.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApprovedUsage" - # GraphQL to pull instance tags - template_input = < EC2 > Enabled" - {%- endif -%} - EOT -} diff --git a/calculated_policies/aws_ec2_public_subnet/variables.tf b/calculated_policies/aws_ec2_public_subnet/variables.tf deleted file mode 100644 index 5000c6cea..000000000 --- a/calculated_policies/aws_ec2_public_subnet/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -variable "smart_folder_title" { - description = "Enter a title for the smart folder" - type = string - default = "EC2 in Public Subnet" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Set any instance to 'Not Approved' if the instance is in a public subnet" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/calculated_policies/aws_ec2_volume_unattached/README.md b/calculated_policies/aws_ec2_volume_unattached/README.md deleted file mode 100644 index c7ccf8d7b..000000000 --- a/calculated_policies/aws_ec2_volume_unattached/README.md +++ /dev/null @@ -1,102 +0,0 @@ -# AWS EC2 - Set maximum age of specially tagged EC2 instances - -## Use case - -The business owner of the AWS Lab environment wants to ensure that all EC2 Volumes are attached to an instance. - -## Implementation details - -This Terraform template creates a smart folder and applies calculated policies on the policies: - -- `AWS > EC2 > Volume > Approved` -- `AWS > EC2 > Volume > Approved > Usage` - -The Calculated policy checks to see if a volume is attached. If unattached then it raises an alarm. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -In this case the query selects all tags from the instance. - -```graphql -{ - resource { - attachments: get(path: "Attachments") - } -} -``` - -### Template (Nunjucks) - -Approval logic for EC2 Instance trusted AWS accounts AMIs. -If Instance Image ownerId is not in `approvedAccounts` list, then it will return `Not approved`. - -```nunjucks -{% if $.resource.attachements | length > 0 %} -Approved -{% else %} -Not Approved -{% endif %} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_ec2_volume_unattached/default.tfvars b/calculated_policies/aws_ec2_volume_unattached/default.tfvars deleted file mode 100644 index 7b510eca5..000000000 --- a/calculated_policies/aws_ec2_volume_unattached/default.tfvars +++ /dev/null @@ -1,8 +0,0 @@ -# Optional - Default value: "EC2 Instance Age" -smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Enables bucket versioning for all buckets tagged with {Environment:=Prod}" -smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_ec2_volume_unattached/main.tf b/calculated_policies/aws_ec2_volume_unattached/main.tf deleted file mode 100644 index 528af1fb9..000000000 --- a/calculated_policies/aws_ec2_volume_unattached/main.tf +++ /dev/null @@ -1,38 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "ec2_volume_unattached" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - - -# AWS > EC2 > Volume > Approved -resource "turbot_policy_setting" "aws_ec2_volume_approved" { - resource = turbot_smart_folder.ec2_volume_unattached.id - type = "tmod:@turbot/aws-ec2#/policy/types/volumeApproved" - value = < EC2 > Volume > Active > Age -# We observe that an unattached volume has an empty list for attachments -# An attached volume has > 0 attachments. The logic below is based on this observation. -resource "turbot_policy_setting" "aws_ec2_volume_approved_usage" { - resource = turbot_smart_folder.ec2_volume_unattached.id - type = "tmod:@turbot/aws-ec2#/policy/types/volumeApprovedUsage" - template_input = < 0 -%} - Approved - {%- else -%} - Not Approved - {%- endif -%} - EOT -} diff --git a/calculated_policies/aws_ec2_volume_unattached/variables.tf b/calculated_policies/aws_ec2_volume_unattached/variables.tf deleted file mode 100644 index 53c564bfe..000000000 --- a/calculated_policies/aws_ec2_volume_unattached/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -variable "smart_folder_title" { - description = "Enter a title for the smart folder" - type = string - default = "EC2 Instance Age" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Enables bucket versioning for all buckets tagged with {Environment:=Prod}" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/calculated_policies/aws_guardduty_detector_approved_usage/README.md b/calculated_policies/aws_guardduty_detector_approved_usage/README.md deleted file mode 100644 index 5db2f15aa..000000000 --- a/calculated_policies/aws_guardduty_detector_approved_usage/README.md +++ /dev/null @@ -1,108 +0,0 @@ -# AWS GuardDuty - Restrict detector membership to a given master account - -## Use case - -Use this policy if you would like to restrict GuardDuty Detector membership to a given master account. - -## Implementation details - -This Terraform template creates a smart folder and applies calculated policies on the policies: - -- `AWS > GuardDuty > Detector > Approved` -- `AWS > GuardDuty > Detector > Approved > Usage` - -If a Detector is the master or member of a given master account then the approved usage policy will be set -to `Approved` otherwise it will be set to `Not approved`. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -GraphQL query that will check if the Detector membership. - -```graphql -{ - resource { - masterAccount: get(path: "Master.AccountId") - } -} -``` - -### Template (Nunjucks) - -Approval logic for GuardDuty Detector membership restriction. - -```nunjucks -{% if $.resource.masterAccount %} -{% if $.resource.masterAccount == "${var.detector_master_account}" %} - "Approved" -{% else %} - "Not approved" -{% endif %} -{% else %} - "Approved" -{% endif %} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- detector_master_account -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_guardduty_detector_approved_usage/default.tfvars b/calculated_policies/aws_guardduty_detector_approved_usage/default.tfvars deleted file mode 100644 index cc4c35d4f..000000000 --- a/calculated_policies/aws_guardduty_detector_approved_usage/default.tfvars +++ /dev/null @@ -1,17 +0,0 @@ -# Examples for detector_master_account: "688720832404" -detector_master_account = "" - -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "AWS GuardDuty Detector Master Account Approved" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Restrict AWS GuardDuty Detector Master Account" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_guardduty_detector_approved_usage/main.tf b/calculated_policies/aws_guardduty_detector_approved_usage/main.tf deleted file mode 100644 index 12ded0507..000000000 --- a/calculated_policies/aws_guardduty_detector_approved_usage/main.tf +++ /dev/null @@ -1,45 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "aws_guardduty_detector_approved_usage" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > GuardDuty > Detector > Approved -resource "turbot_policy_setting" "aws_guardduty_detector_approved" { - resource = turbot_smart_folder.aws_guardduty_detector_approved_usage.id - type = "tmod:@turbot/aws-guardduty#/policy/types/detectorApproved" - value = "Check: Approved" -} - -# AWS > GuardDuty > Detector > Approved > Usage -resource "turbot_policy_setting" "aws_guardduty_detector_approved_usage" { - resource = turbot_smart_folder.aws_guardduty_detector_approved_usage.id - type = "tmod:@turbot/aws-guardduty#/policy/types/detectorApprovedUsage" - # GraphQL to pull detector metadata - template_input = < KMS > Key > Policy > Statements > Approved` -- `AWS > KMS > Key > Policy > Statements > Approved > Rules` - - -The `AWS > KMS > Key > Policy > Statements > Approved > Rules` policy defines the permissions that are allowed to exist on the KMS Key policy, and the `AWS > KMS > Key > Policy > Statements > Approved` tells Turbot to check said policy (but not modify). - -Note the use of the pipe (`|`) in the REJECT statements. These act as AND operators. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -```graphql -{ - resource { - policy: get (path:"Policy.Statement") - metadata - } -} -``` - -### Template (Nunjucks) - -Approval logic for KMS Key policies - -```nunjucks - -# REJECT CustomKeyStore policies, List*, Get*, Describe*, and * - -REJECT $.Action:/^kms:(DescribeCustomKeyStores|ConnectCustomKeyStore|DeleteCustomKeyStore|DisconnectCustomKeyStore|UpdateCustomKeyStore|CreateCustomKeyStore|DisableKeyRotation|List\*|Get\*|Describe\*|\*)$/ - -# If the KMS Key is not symmetric, REJECT GetPublicKey, Verify, and Sign - -{% if $.CustomerMasterKeySpec != "SYMMETRIC_DEFAULT" -%} -REJECT $.Action:/^kms:(GetPublicKey|Verify|Sign)$/ -{%- endif %} - -# Build REJECT statement with the added condition that these policies can only be called via lambda and secrets manager services. - -REJECT $.Action:/^kms:(Encrypt|Decrypt)$/ !$.Condition.StringEquals."kms:ViaService":"lambda.{{$.resource.metadata.aws.regionName}}.amazonaws.com","secretsmanager.{{$.resource.metadata.aws.regionName}}.amazonaws.com" - -# Build REJECT statement with the added condition that these policies can only be called via the lambda, secrets manager, and ssm services. - -REJECT $.Action:kms:ReEncryptTo !$.Principal.Service:"lambda.{{$.resource.metadata.aws.regionName}}.amazonaws.com","secretsmanager.{{$.resource.metadata.aws.regionName}}.amazonaws.com","ssm.{{$.resource.metadata.aws.regionName}}.amazonaws.com" - -# Apply logic to build REJECT statements dynamically. In each if statement, regex is used to pick out the principal and apply the associated statements. - -{%- for item in $.resource.policy -%} - {%- if (item.Principal.AWS[0] | length) == 1 -%} - {%- set principals = [item.Principal.AWS] -%} - {%- else -%} - {%- set principals = item.Principal.AWS -%} - {%- endif -%} - {%- for arn in principals %} - {% if r/pipeline/.test(arn | lower) %} - REJECT $.Principal.AWS:{{arn}} !$.Action:/^kms:(PutKeyPolicy|EnableKeyRotation|TagResource|CreateAlias|GetKeyPolicy|DeleteAlias|ListResourceTags|DisableKey|DeleteImportedKeyMaterial|ScheduleKeyDeletion|CancelKeyDeletion|DescribeKey|ListAliases|ListGrants|ListKeyPolicies|ListKeys|ListRetirableGrants|GetKeyRotationStatus)$/ - {% elif r/organizationaccountaccessrole/.test(arn | lower) %} - REJECT $.Principal.AWS:{{arn}} !$.Action:kms:PutKeyPolicy - {% elif r/admin/.test(arn | lower) %} - REJECT $.Principal.AWS:{{arn}} !$.Action:kms:PutKeyPolicy - {% elif r/securityaudit/.test(arn | lower) %} - REJECT $.Principal.AWS:{{arn}} !$.Action:/^kms:(DescribeKey|ListKeyPolicies|GetKeyPolicy)$/ - {% elif r/example-read-write-role/.test(arn | lower) %} - REJECT $.Principal.AWS:{{arn}} !$.Action:/^kms:(DescribeKey|ListAliases|ListGrants|ListKeyPolicies|ListKeys|ListResourceTags|ListRetirableGrants|GetKeyPolicy|GetKeyRotationStatus)$/ - {% elif r/another-read-only-role/.test(arn | lower) %} - REJECT $.Principal.AWS:{{arn}} !$.Action:/^kms:(DescribeKey|ListAliases|ListGrants|ListKeyPolicies|ListKeys|ListResourceTags|ListRetirableGrants|GetKeyPolicy|GetKeyRotationStatus|Decrypt)$/ - {% elif r/test-turbot-role/.test(arn | lower) %} - REJECT $.Principal.AWS:{{arn}} !$.Action:/^kms:(DescribeKey|ListAliases|ListGrants|ListKeyPolicies|ListKeys|ListResourceTags|ListRetirableGrants|GetKeyPolicy|GetKeyRotationStatus)$/ - {% endif %} - {%- endfor %} -{%- endfor %} - -APPROVE * -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` \ No newline at end of file diff --git a/calculated_policies/aws_kms_key_policy_rules/kms_rules_policies.tf b/calculated_policies/aws_kms_key_policy_rules/kms_rules_policies.tf deleted file mode 100644 index 137df46a1..000000000 --- a/calculated_policies/aws_kms_key_policy_rules/kms_rules_policies.tf +++ /dev/null @@ -1,56 +0,0 @@ -resource "turbot_policy_setting" "kms_policy_approved" { - resource = turbot_smart_folder.kms_rules_approved_folder.id - type = "tmod:@turbot/aws-kms#/policy/types/keyPolicyStatementsApproved" - value = "Check: Approved" -} - -resource "turbot_policy_setting" "kms_policy_rules" { - resource = - type = "tmod:@turbot/aws-kms#/policy/types/keyPolicyStatementsApprovedRules" - template_input = < Lambda > Function > Approved` -- `AWS > Lambda > Function > Approved > Usage` - -The Calculated policy checks the Lambda metadata for existence of ApplicationID tag and if the tag doesn't exist and it is older than five minutes it will return "Not approve" other wise it will approve. This gives users five minutes to tag their resources or have them deleted. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -In this case the query finds the Lambda function's attribute in the Lambda metadata. - -```graphql -{ - resource { - data - metadata - trunk { - title - } - turbot { - akas - id - tags - } - } -} -``` - -### Template (Nunjucks) - -```nunjucks -{%- set result = "Approved" -%} -{%- set current_time = now | date("constructor") | date("getTime") -%} -{%- set lastmodified_time = $.resource.data.Configuration.LastModified | date("getTime") -%} -{%- if "ApplicationID" not in $.resource.turbot.tags and duration > 300000 -%} - {%- set result = "Not approved" -%} -{%- endif -%} -{{ result }} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 13 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_lambda_function_approved_usage/default.tfvars b/calculated_policies/aws_lambda_function_approved_usage/default.tfvars deleted file mode 100644 index b592e804a..000000000 --- a/calculated_policies/aws_lambda_function_approved_usage/default.tfvars +++ /dev/null @@ -1,2 +0,0 @@ -# Example to pass the Smart folder tiltle below, Uncomment the below line to use it. -# smart_folder_title = "Lambda Approved Usage" \ No newline at end of file diff --git a/calculated_policies/aws_lambda_function_approved_usage/main.tf b/calculated_policies/aws_lambda_function_approved_usage/main.tf deleted file mode 100644 index 9a53b1688..000000000 --- a/calculated_policies/aws_lambda_function_approved_usage/main.tf +++ /dev/null @@ -1,55 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -# Smart Folder Definition -resource "turbot_smart_folder" "lambda_approved" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > Lambda > Function > Approved -resource "turbot_policy_setting" "aws_lambda_function_approved" { - resource = turbot_smart_folder.lambda_approved.id - type = "tmod:@turbot/aws-lambda#/policy/types/functionApproved" - value = "Check: Approved" -} - -# AWS > Lambda > Function > Approved > Usage -resource "turbot_policy_setting" "aws_lambda_function_approved_usage" { - resource = turbot_smart_folder.lambda_approved.id - type = "tmod:@turbot/aws-lambda#/policy/types/functionApprovedUsage" - # GraphQL to get Lambda config info - template_input = < 300000 -%} - {%- set result = "Not approved" -%} - {%- endif -%} - {{ result }} - EOT -} diff --git a/calculated_policies/aws_lambda_function_approved_usage/variables.tf b/calculated_policies/aws_lambda_function_approved_usage/variables.tf deleted file mode 100644 index e6c0351b9..000000000 --- a/calculated_policies/aws_lambda_function_approved_usage/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -variable "smart_folder_title" { - description = "Enter a title for the smart folder" - type = string - default = "Lambda Approved Usage" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Lambda Approved Usage" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/calculated_policies/aws_lambda_in_vpc/README.md b/calculated_policies/aws_lambda_in_vpc/README.md deleted file mode 100644 index 977003a73..000000000 --- a/calculated_policies/aws_lambda_in_vpc/README.md +++ /dev/null @@ -1,101 +0,0 @@ -# AWS Lambda - Approve a Lambda function only if it is within a particular VPC - -## Use case - -The business owner of the AWS environment wants to ensure that a Lambda is only ran from within a VPC, not within the -AWS network. - -## Implementation details - -This Terraform template creates a smart folder and applies calculated policies on the policies: - -- `AWS > Lambda > Function > Approved` -- `AWS > Lambda > Function > Approved > Usage` - -The Calculated policy checks the Lambda metadata for existence of the attribute VpcConfig and can be expanded to check -for a specific VPC Id or Subnet Ids. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -In this case the query finds the VpcConfig attribute in the Lambda metadata. - -```graphql -{ - resource { - vpc: get(path: "Configuration.VpcConfig") - } -} -``` - -### Template (Nunjucks) - -```nunjucks -{% if $.resource.vpc.VpcId %} - "Approved" -{% else %} - "Not Approved" -{% endif %} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_lambda_in_vpc/default.tfvars b/calculated_policies/aws_lambda_in_vpc/default.tfvars deleted file mode 100644 index 198a9b0cf..000000000 --- a/calculated_policies/aws_lambda_in_vpc/default.tfvars +++ /dev/null @@ -1,8 +0,0 @@ -# Optional - Default value: "Lambda VPC Check" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Lambda VPC check" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_lambda_in_vpc/main.tf b/calculated_policies/aws_lambda_in_vpc/main.tf deleted file mode 100644 index d359ce3e5..000000000 --- a/calculated_policies/aws_lambda_in_vpc/main.tf +++ /dev/null @@ -1,35 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "lambda_vpc_check" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > Lambda > Function > Approved -resource "turbot_policy_setting" "aws_lambda_function_approved" { - resource = turbot_smart_folder.lambda_vpc_check.id - type = "tmod:@turbot/aws-lambda#/policy/types/functionApproved" - value = "Check: Approved" -} - -# AWS > Lambda > Function > Approved > Usage -resource "turbot_policy_setting" "lambda_in_vpc" { - resource = turbot_smart_folder.lambda_vpc_check.id - type = "tmod:@turbot/aws-lambda#/policy/types/functionApprovedUsage" - # GraphQL to get VPC config info - template_input = < Lambda > Function > Approved` -- `AWS > Lambda > Function > Approved > Usage` - -If a function policy has cross-account access then the approved usage policy will be set to `Not approved` otherwise -it will be set to `Approved`. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -GraphQL query that will check if a function policy has cross-account access. -If the query returns an array of zero items, then there are no function with cross-account access. - -```graphql -{ - resource { - iamPolicies: get(path: "IamPolicy.Policy.Statement") - turbot { - custom - } - } -} -``` - -### Template (Nunjucks) - -Approval logic for Lambda Function cross-account access. -If no external account is found in Principal.AWS, Condition.'AWS:SourceAccount' or Condition.'AWS:SourceArn' -then there are no cross-account access - -```nunjucks -{% set has_cross_account = false -%} -{% for iamPolicy in $.resource.iamPolicies -%} -{% if iamPolicy.Principal.AWS and iamPolicy.Principal.AWS.split(':')[4] != $.resource.turbot.custom.aws.accountId -%} -{% set has_cross_account = true -%} -{% endif -%} -{% if iamPolicy.Condition.StringEquals['AWS:SourceAccount'] and iamPolicy.Condition.StringEquals['AWS:SourceAccount'] != $.resource.turbot.custom.aws.accountId -%} -{% set has_cross_account = true -%} -{% endif -%} -{% if iamPolicy.Condition.ArnLike['AWS:SourceArn'] and iamPolicy.Condition.ArnLike['AWS:SourceArn'].split(':')[4] != $.resource.turbot.custom.aws.accountId -%} -{% set has_cross_account = true -%} -{% endif -%} -{% endfor -%} -{% if has_cross_account -%} - "Not approved" -{%- else -%} - "Approved" -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_lambda_not_approved_cross_account_access/default.tfvars b/calculated_policies/aws_lambda_not_approved_cross_account_access/default.tfvars deleted file mode 100644 index 82463f6b8..000000000 --- a/calculated_policies/aws_lambda_not_approved_cross_account_access/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "AWS Lambda Cross Account Access" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Restrict AWS Lambda Cross Account Access" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_lambda_not_approved_cross_account_access/main.tf b/calculated_policies/aws_lambda_not_approved_cross_account_access/main.tf deleted file mode 100644 index 6588d1ad7..000000000 --- a/calculated_policies/aws_lambda_not_approved_cross_account_access/main.tf +++ /dev/null @@ -1,56 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "aws_lambda_not_approved_cross_account_access" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > Lambda > Function > Approved -resource "turbot_policy_setting" "aws_lambda_function_approved" { - resource = turbot_smart_folder.aws_lambda_not_approved_cross_account_access.id - type = "tmod:@turbot/aws-lambda#/policy/types/functionApproved" - value = "Check: Approved" -} - -# AWS > Lambda > Function > Approved > Usage -resource "turbot_policy_setting" "aws_lambda_not_approved_cross_account_access" { - resource = turbot_smart_folder.aws_lambda_not_approved_cross_account_access.id - type = "tmod:@turbot/aws-lambda#/policy/types/functionApprovedUsage" - # GraphQL to pull function metadata - template_input = < RDS > DB Cluster Snapshot [Manual] > Approved` -- `AWS > RDS > DB Cluster Snapshot [Manual] > Approved > Usage` - -If the account that the snapshot is shared with, given by the property `DBClusterSnapshotAttributes.AttributeValues` - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -GraphQL query that will return all the shared account details to compare against a whitelist to ensure that the -snapshot is valid. - -```graphql -{ - dbClusterSnapshotManual { - sharedAccounts: get(path:"DBClusterSnapshotAttributes.AttributeValues") - } -} -``` - -### Template (Nunjucks) - -Add items to the currently empty `whitelist` collection as detailed in inline example comments. -The Nunjucks script will then check if all the accounts that are shared with the snapshot are valid by comparing -entries from a whitelist of accounts. - -To add entries to the whitelist can be done in two different ways: - -- Using `defaults.tf` -- Amending the list in Turbot UI - -#### Using `defaults.tf` - -**Recommended** -Add the entries into the file as a list of accounts. -When running the script it will add these entries into the Calculated Policy automatically and allow the end -user to control the accounts centrally. - -#### Amending the list in Turbot UI - -If the company workflow is to modify the Calculated Policy directly in Turbot. -Navigate to the policy and amend the template value by adding entries into the `whitelist` Nunjucks array. -For example, suppose two accounts should be added, "012345678901", "109876543210", this can be added by setting -the variable by: - -```nunjucks -{#- set whitelist = ["012345678901", "109876543210"] -#} -``` - -**Note:** All the accounts that are being shared by the snapshot need to have an entry in the whitelist in order -for the snapshot to be valid, otherwise it will be invalid and set to `Not approved`. - -```nunjucks -{#- Whitelist of account that are approved for snapshot usage -#} -{%- set whitelist = ["${join("\" ,\"", var.approved_accounts)}"] -%} -{%- set approvalCount = 0 -%} - -{%- for sharedAccount in $.dbClusterSnapshotManual.sharedAccounts | sort -%} - {%- for validAccount in whitelist | sort -%} - {%- if validAccount == sharedAccount -%} - {%- set approvalCount = approvalCount + 1 -%} - {%- endif -%} - {%- endfor -%} -{%- endfor -%} - -{%- if approvalCount == $.dbClusterSnapshotManual.sharedAccounts | length -%} - "Approved" -{%- else -%} - "Not approved" -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- approved_accounts -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_rds_db_cluster_snapshot_cross_account_access/default.tfvars b/calculated_policies/aws_rds_db_cluster_snapshot_cross_account_access/default.tfvars deleted file mode 100644 index bb58b139c..000000000 --- a/calculated_policies/aws_rds_db_cluster_snapshot_cross_account_access/default.tfvars +++ /dev/null @@ -1,19 +0,0 @@ -# Required - Target the accounts numbers that are approved to use cross-account snapshots -approved_accounts = [] -# Examples for approved_accounts -# ["012345678901", "109876543210"] - -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191238958290468" - -# Optional - Default value: "RDS Snapshot Cross Account Access" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Restrict cross-account access to RDS snapshots" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_rds_db_cluster_snapshot_cross_account_access/main.tf b/calculated_policies/aws_rds_db_cluster_snapshot_cross_account_access/main.tf deleted file mode 100644 index fbee2aec1..000000000 --- a/calculated_policies/aws_rds_db_cluster_snapshot_cross_account_access/main.tf +++ /dev/null @@ -1,52 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "rds_smart_folder" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > RDS > DB Cluster Snapshot [Manual] > Approved -resource "turbot_policy_setting" "rds_approved_policy_setting" { - resource = turbot_smart_folder.rds_smart_folder.id - type = "tmod:@turbot/aws-rds#/policy/types/dbClusterSnapshotManualApproved" - value = "Check: Approved" -} - -# AWS > RDS > DB Cluster Snapshot [Manual] > Approved > Usage -resource "turbot_policy_setting" "rds_approved_usage_policy_setting" { - resource = turbot_smart_folder.rds_smart_folder.id - type = "tmod:@turbot/aws-rds#/policy/types/dbClusterSnapshotManualApprovedUsage" - template_input = < Redshift > Cluster > Approved` -- `AWS > Redshift > Cluster > Approved > Usage` - -Cluster comes with a default parameter group assigned to it which doesn't requires SSL by default. -In order to require encryption in transit, cluster must use a custom parameter group with the -parameter `'require_ssl': 'true'` - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -Queries cluster and parameter group assigned to it, if any - -```graphql -- | - { - item: resource { - parameterGroupName: get(path: "ClusterParameterGroups[0].ParameterGroupName") - turbot { - custom - } - } - } -- | - { - cluster: resource { - parameterGroup: get(path: "ClusterParameterGroups[0]") - } - parameterGroup: resource (id: "arn:aws:redshift:{{ $.item.turbot.custom.aws.regionName }}:{{ $.item.turbot.custom.aws.accountId }}:parametergroup:{{ $.item.parameterGroupName }}") { - parameters: get(path:"Parameters") - } - } -``` - -### Template (Nunjucks) - -If cluster has a parameter group assigned which has the parameter `'require_ssl': 'true'` -and the parameter is in-sync with the cluster, then Usage policy is set to `Approved`, otherwise `Not approved` - -```nunjucks -{%- set requireSslParameter = {} -%} -{%- for parameter in $.parameterGroup.parameters -%} - {%- if parameter.ParameterName == 'require_ssl' -%} - {%- set requireSslParameter = parameter -%} - {%- endif -%} -{%- endfor -%} - -{%- set requireSslParameterStatus = {} -%} -{%- for parameterGroup in $.cluster.parameterGroup.ClusterParameterStatusList -%} - {%- if parameterGroup.ParameterName == 'require_ssl' -%} - {%- set requireSslParameterStatus = parameterGroup -%} - {%- endif -%} -{%- endfor -%} - -{%- if requireSslParameter - and requireSslParameter.ParameterValue == 'true' - and requireSslParameterStatus - and requireSslParameterStatus.ParameterApplyStatus == 'in-sync' -%} - Approved -{%- else -%} - Not approved -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_redshift_cluster_require_ssl/default.tfvars b/calculated_policies/aws_redshift_cluster_require_ssl/default.tfvars deleted file mode 100644 index bd85fed6c..000000000 --- a/calculated_policies/aws_redshift_cluster_require_ssl/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "AWS Redshift Cluster - Approved Usage - Cluster requires SSL" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Approve cluster if encryption in transit is required" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_redshift_cluster_require_ssl/main.tf b/calculated_policies/aws_redshift_cluster_require_ssl/main.tf deleted file mode 100644 index 230c6afc3..000000000 --- a/calculated_policies/aws_redshift_cluster_require_ssl/main.tf +++ /dev/null @@ -1,69 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "aws_redshift_cluster_require_ssl" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > Redshift > Cluster > Approved -resource "turbot_policy_setting" "aws_redshift_cluster_approved_usage_require_ssl_approved" { - resource = turbot_smart_folder.aws_redshift_cluster_require_ssl.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterApproved" - value = "Check: Approved" -} - -# AWS > Redshift > Cluster > Approved > Usage -resource "turbot_policy_setting" "aws_redshift_cluster_require_ssl_approved_usage" { - resource = turbot_smart_folder.aws_redshift_cluster_require_ssl.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterApprovedUsage" - template_input = < Redshift > Manual Cluster Snapshot > Approved` -- `AWS > Redshift > Manual Cluster Snapshot > Approved > Usage` - -If a manual snapshot is configured to allow access from external accounts restore access then the approved usage -policy will be set to `Not approved` otherwise it will be set to `Approved`. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -GraphQL query that will check if a manual cluster snapshot has accounts with restore access. -If the query returns an array of zero items, then there are no accounts with cross-account access. - -```graphql -{ - clusterSnapshotManual { - AccountsWithRestoreAccess - } -} -``` - -### Template (Nunjucks) - -Approval logic for Redshift cross-account access. - -```nunjucks -{% if $.clusterSnapshotManual.AccountsWithRestoreAccess | length -%} - "Not approved" -{% else -%} - "Approved" -{% endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_redshift_restrict_cross_account_snapshot_access/default.tfvars b/calculated_policies/aws_redshift_restrict_cross_account_snapshot_access/default.tfvars deleted file mode 100644 index 414dd7071..000000000 --- a/calculated_policies/aws_redshift_restrict_cross_account_snapshot_access/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191238958290468" - -# Optional - Default value: "Redshift Snapshot Cross Account Access" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Restrict cross-account access to Redshift snapshots" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_redshift_restrict_cross_account_snapshot_access/main.tf b/calculated_policies/aws_redshift_restrict_cross_account_snapshot_access/main.tf deleted file mode 100644 index afbadc5e0..000000000 --- a/calculated_policies/aws_redshift_restrict_cross_account_snapshot_access/main.tf +++ /dev/null @@ -1,40 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "redshift_smart_folder" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > Redshift > Manual Cluster Snapshot > Approved -resource "turbot_policy_setting" "redshift_approved_policy_setting" { - resource = turbot_smart_folder.redshift_smart_folder.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterSnapshotManualApproved" - value = "Check: Approved" -} - -# AWS > Redshift > Manual Cluster Snapshot > Approved > Usage -resource "turbot_policy_setting" "redshift_approved_usage_policy_setting" { - resource = turbot_smart_folder.redshift_smart_folder.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterSnapshotManualApprovedUsage" - template_input = < S3 > Account > Public Access Block` -- `AWS > S3 > Account > Public Access Block > Settings` - - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -Query to return the current settings of the Public Access Block. - -```graphql -{ - resource: s3Account { - publicAccessBlock: get(path: "PublicAccessBlockConfiguration") - } -} -``` - -### Template (Nunjucks) - -Add the desired settings into the variable `public_access_block_settings_skip_list` which is a list of strings. -If a setting is not provided then the value of the resource will be used as the value is expected. -The settings can be configured using the variable definition file `default.tfvars` and is by default an empty set. - -#### Using `defaults.tf` - -**Recommended** -Add the settings into the file as a list of strings. -When running the script it will add these entries into the Calculated Policy automatically and allow the end -user to control the accounts centrally. - -#### Amending the list in Turbot UI - -If the company workflow is to modify the Calculated Policy directly in Turbot. -Navigate to the policy and amend the template value by adding settings into the Nunjucks array. -For example, suppose two settings should be added, "check_block_public_acls", "uncheck_block_public_bucket_policies", -this can be added by setting the variable to: - -```nunjucks -{%- set settings = ["check_block_public_acls", "uncheck_block_public_bucket_policies"] -#} -``` - -The template body will look at the current settings and will use the previous values if no setting was found. - -```nunjucks -{%- set result = "" -%} -{%- set settings = ["${join("\", \"", var.public_access_block_settings_skip_list)}"] -%} -{%- set completedBlockPublicAcl = false -%} -{%- set completedBlockPublicBucketPolicies = false -%} -{%- set completedIgnorePublicACLs = false -%} -{%- set completedRestrictPublicBucketPolicies = false -%} - -{%- for setting in settings -%} - {%- if setting == "check_block_public_acls" -%} - {%- set result = result + "- Block Public ACLs\n" -%} - {%- set completedBlockPublicAcl = true -%} - {%- elif setting == "uncheck_block_public_acls" -%} - {%- set completedBlockPublicAcl = true -%} - {%- endif -%} - - {%- if setting == "check_block_public_bucket_policies" -%} - {%- set result = result + "- Block Public Bucket Policies\n" -%} - {%- set completedBlockPublicBucketPolicies = true -%} - {%- elif setting == "uncheck_block_public_bucket_policies" -%} - {%- set completedBlockPublicBucketPolicies = true -%} - {%- endif -%} - - {%- if setting == "check_ignore_public_acls" -%} - {%- set result = result + "- Ignore Public ACLs\n" -%} - {%- set completedIgnorePublicACLs = true -%} - {%- elif setting == "uncheck_ignore_public_acls" -%} - {%- set completedIgnorePublicACLs = true -%} - {%- endif -%} - - {%- if setting == "check_restrict_public_bucket_policies" -%} - {%- set result = result + "- Restrict Public Bucket Policies\n" -%} - {%- set completedRestrictPublicBucketPolicies = true -%} - {%- elif setting == "uncheck_restrict_public_bucket_policies" -%} - {%- set completedRestrictPublicBucketPolicies = true -%} - {%- endif -%} -{%- endfor -%} -{%- if completedBlockPublicAcl == false and $.resource.publicAccessBlock.BlockPublicAcls == true -%} - {%- set result = result + "- Block Public ACLs\n" -%} -{%- endif -%} - -{%- if completedBlockPublicBucketPolicies == false and $.resource.publicAccessBlock.BlockPublicPolicy == true -%} - {%- set result = result + "- Block Public Bucket Policies\n" -%} -{%- endif -%} - -{%- if completedIgnorePublicACLs == false and $.resource.publicAccessBlock.IgnorePublicAcls == true -%} - {%- set result = result + "- Ignore Public ACLs\n" -%} -{%- endif -%} - -{%- if completedRestrictPublicBucketPolicies == false and $.resource.publicAccessBlock.RestrictPublicBuckets == true -%} - {%- set result = result + "- Restrict Public Bucket Policies\n" -%} -{%- endif -%} - -{%- if result == "" -%} -[] -{%- else -%} -{{ result }} -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- turbot_profile -- target_resource -- public_access_block_settings_skip_list (Optional) -- public_access_block_settings (Optional) -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_s3_account_public_access_block_skip_setting/default.tfvars b/calculated_policies/aws_s3_account_public_access_block_skip_setting/default.tfvars deleted file mode 100644 index 397f24b60..000000000 --- a/calculated_policies/aws_s3_account_public_access_block_skip_setting/default.tfvars +++ /dev/null @@ -1,7 +0,0 @@ -# Required - Turbot profile configured to connect to the desired Turbot workspace -turbot_profile = "" - -# Required - Target resource to attach to smart folder -target_resource = "" - -# Check variables.tf file for further optional variables diff --git a/calculated_policies/aws_s3_account_public_access_block_skip_setting/main.tf b/calculated_policies/aws_s3_account_public_access_block_skip_setting/main.tf deleted file mode 100644 index cdf3bf65f..000000000 --- a/calculated_policies/aws_s3_account_public_access_block_skip_setting/main.tf +++ /dev/null @@ -1,104 +0,0 @@ -# Provider -provider "turbot" { - profile = var.turbot_profile -} - -# Smart Folder Definition -resource "turbot_smart_folder" "sf_aws_s3_calc_policy" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > S3 > Account > Public Access Block -resource "turbot_policy_setting" "aws_s3_account_public_access_block" { - resource = turbot_smart_folder.sf_aws_s3_calc_policy.id - type = "tmod:@turbot/aws-s3#/policy/types/s3AccountPublicAccessBlock" - value = local.public_access_block_settings_map[var.public_access_block_settings] -} - -# AWS > S3 > Account > Public Access Block > Settings -resource "turbot_policy_setting" "aws_s3_account_public_access_block_settings" { - resource = turbot_smart_folder.sf_aws_s3_calc_policy.id - type = "tmod:@turbot/aws-s3#/policy/types/s3AccountPublicAccessBlockSettings" - template_input = < Settings`" - enforce : "Enforce: Per `Public Access Block > Settings`" - } -} diff --git a/calculated_policies/aws_s3_account_public_access_block_skip_setting/variables.tf b/calculated_policies/aws_s3_account_public_access_block_skip_setting/variables.tf deleted file mode 100644 index a4136bc07..000000000 --- a/calculated_policies/aws_s3_account_public_access_block_skip_setting/variables.tf +++ /dev/null @@ -1,80 +0,0 @@ -variable "turbot_profile" { - type = string - description = "Enter the profile to connect to the correct Turbot workspace" -} - -variable "target_resource" { - type = string - description = "Enter the resource ID or AKA for the resource to apply the calculated policy" -} - -variable "public_access_block_settings_skip_list" { - type = list(string) - description = < Settings` - enforce: Enforce: Per `Public Access Block > Settings` - DESC - default = "skip" -} - - -variable "smart_folder_title" { - type = string - description = "Enter a title for the smart folder" - default = "S3 Account Public Access Skip Settings" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = < S3 > Account > Public Access Block > Settings will currently either set each setting to enabled or - disabled. - - This calculated policy is for the case where we want to leave a specific setting unchanged in the Public Access Block. - - This is to allow for backward compatibility to V3 where each setting could be customised to be either enabled, - disabled or skipped. - DESC -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/calculated_policies/aws_s3_approved_static_website_hosting_requires_cloud_front/README.md b/calculated_policies/aws_s3_approved_static_website_hosting_requires_cloud_front/README.md deleted file mode 100644 index 53c65ae4a..000000000 --- a/calculated_policies/aws_s3_approved_static_website_hosting_requires_cloud_front/README.md +++ /dev/null @@ -1,163 +0,0 @@ -# AWS S3 Bucket - Enforce static website hosting is associated with CloudFront - -## Use case - -This control is specifically for the Static Website Buckets. -End-users should not be able to directly access the S3 bucket endpoint. -A static hosted S3 bucket must be associated with a CloudFront distribution. -In addition, that CloudFront distribution needs to enforce that access to the website uses the protocol HTTPS -only. - -## Implementation details - -This Terraform template creates a smart folder and applies calculated policies on the policies: - -- `AWS > Region > Bucket > Approved` -- `AWS > Region > Bucket > Approved > Usage` - -Provides a Terraform configuration for creating a smart folder and applying a calculated policy on the -`AWS> S3> Bucket> Tags> Template`. -The Calculated policy creates a tag template. -The template shows creating static and dynamic values. -It also shows how to control the values of tags on a bucket. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -The query below is a two fold query, which functions as a JOIN in SQL. -Initially, get the name of the current S3 bucket. -Using this bucket name, do a subsequent query to get the associated CloudFront distribution using the -bucket name as a part of the lookup key. - -```graphql -- | - { - item: bucket { - Name - } - } -- | - { - resources(filter: "$.DistributionConfig.Origins.Items.*.DomainName:'{{ $.item.Name }}.s3.amazonaws.com' resourceTypeId:tmod:@turbot/aws-cloudfront#/resource/types/cloudFront") - { - items { - ViewerProtocolPolicy: get(path:"DistributionConfig.ViewerProtocolPolicy.ViewerProtocolPolicy") - CacheBehaviorsItems: get(path:"DistributionConfig.CacheBehaviors.Items") - } - } - item: bucket { - Website: get(path:"Website") - } - } -``` - -### Template (Nunjucks) - -Initially set the policy value to `Approved` to allow for normal S3 bucket usage. -If the S3 bucket is configured as a static website then we need to do some additional checks. - -The code checks to see that the default cache behaviour has a viewer protocol policy that is set to HTTPS usage and -will not allow HTTP usage. -If not, then we set the policy to `Not approved`. - -Then next section will check to see that the addition cache behaviour has a viewer protocol policy that is set to -HTTPS usage and will not allow HTTP usage. -If not, then we set the policy to `Not approved`. - -Otherwise the S3 bucket will be `Approved`. - -```nunjucks -{#- Always approved if static website hosting is disabled -#} -{%- set policyValue = "Approved" -%} - -{#- Is static website hosting is enabled -#} -{%- if $.item.Website -%} - - {%- for item in $.resources.items -%} - - {#- Check if the the default cache behaviour is not secure, if not then `Not approved`-#} - {%- if item.ViewerProtocolPolicy not in ["redirect-to-https", "https-only"] -%} - {#- Unapproved if an associated CloudFront distribution is set to http -#} - {%- set policyValue = "Not approved" -%} - {%- else -%} - - {#- Check if the the other cache behaviour is not secure, if not then `Not approved`-#} - {%- for behaviorsItem in item.CacheBehaviorsItems -%} - {%- if behaviorsItem.ViewerProtocolPolicy not in ["redirect-to-https", "https-only"] -%} - {%- set policyValue = "Not approved" -%} - {%- endif -%} - {%- endfor -%} - - {%- endif -%} - {%- else -%} - {#- Unapproved if there is no associated CloudFront distribution -#} - {%- set policyValue = "Not approved" -%} - {%- endfor -%} - -{%- endif -%} - -{{ policyValue }} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_s3_approved_static_website_hosting_requires_cloud_front/default.tfvars b/calculated_policies/aws_s3_approved_static_website_hosting_requires_cloud_front/default.tfvars deleted file mode 100644 index e9f88bae3..000000000 --- a/calculated_policies/aws_s3_approved_static_website_hosting_requires_cloud_front/default.tfvars +++ /dev/null @@ -1,16 +0,0 @@ -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191238958290468" - -# Optional - Default value: "AWS S3 - Approved Usage - Associate CloudFront" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: -# "Buckets configured as a static hosting website must have an associated CloudFront distribution configured to -# encrypt data during transit." -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_s3_approved_static_website_hosting_requires_cloud_front/main.tf b/calculated_policies/aws_s3_approved_static_website_hosting_requires_cloud_front/main.tf deleted file mode 100644 index 8d2e01451..000000000 --- a/calculated_policies/aws_s3_approved_static_website_hosting_requires_cloud_front/main.tf +++ /dev/null @@ -1,79 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "s3_approved_usage_smart_folder" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > Region > Bucket > Approved -resource "turbot_policy_setting" "s3_approved_policy_setting" { - resource = turbot_smart_folder.s3_approved_usage_smart_folder.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApproved" - value = "Check: Approved" -} - -# AWS > Region > Bucket > Approved > Usage -resource "turbot_policy_setting" "s3_approved_usage_policy_setting" { - resource = turbot_smart_folder.s3_approved_usage_smart_folder.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApprovedUsage" - template_input = < Region > Bucket > Approved` -- `AWS > Region > Bucket > Approved > Usage` - -If the account that the access is shared with through ACL, given by the property `Acl.Grants[].Grantee.ID` -is not whitelisted, then the policy will be set to `Not approved` otherwise it will be set to `Approved`. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -GraphQL query that will return all the ACL cross-account access rules to compare against an account whitelist -to ensure that the entry is valid. - -```graphql -{ - resource { - onwerId: get(path:"Acl.Owner.ID") - aclGrants: get(path:"Acl.Grants") - } -} -``` - -### Template (Nunjucks) - -Add items to the currently empty `whitelist` collection as detailed in inline example comments. -The Nunjucks script will then check if all the accounts in the Bucket ACL are valid by comparing -entries from a whitelist of accounts. -To add entries to the whitelist can be done in two different ways: - -- Using `defaults.tf` -- Amending the list in Turbot UI - -#### Using `defaults.tf` - -**Recommended** -Add the entries into the file as a list of accounts. -When running the script it will add these entries into the Calculated Policy automatically and allow the end -user to control the accounts centrally. - -#### Amending the list in Turbot UI - -If the company workflow is to modify the Calculated Policy directly in Turbot. -Navigate to the policy and amend the template value by adding entries into the `approvedAccounts` Nunjucks array. -For example, suppose two accounts should be added, -"14dc98d5f2185f3d62afcc95361dd156098a788f09fdd581d68710b503cfad09", and -"49b5a5892783e49a3bd87044a68205269838794f589eaa65a5376d281f839527", this can be added by setting the variable by: - -```nunjucks -{#- set approvedAccounts = ["14dc98d5f2185f3d62afcc95361dd156098a788f09fdd581d68710b503cfad09", - "49b5a5892783e49a3bd87044a68205269838794f589eaa65a5376d281f839527"] -#} -``` - -**Notes:** -1. All the accounts in Bucket ACL need to have an entry in the whitelist variable named `approvedAccounts` -in order for the Bucket to be valid, otherwise it will be invalid and set to `Not approved`. -2. AWS Account should be in `Canonical user ID` form. Read more about it here: - https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html - -```nunjucks -{#- Whitelist of accounts that are approved for access through ACL in Canonical user ID form -#} -{#- Read more about Canonical user IDs: https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html -#} -{%- set approvedAccounts = ["${join("\",\n \"", var.approved_accounts)}"] -%} -{%- set hasUnapprovedAccount = false -%} - -{%- for aclGrant in $.resource.aclGrants -%} - {%- if aclGrant.Grantee.Type == "CanonicalUser" and aclGrant.Grantee.ID != $.resource.onwerId and aclGrant.Grantee.ID not in approvedAccounts -%} - {%- set hasUnapprovedAccount = true -%} - {%- endif -%} -{%- endfor -%} - -{%- if not hasUnapprovedAccount -%} - "Approved" -{%- else -%} - "Not approved" -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- approved_accounts -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_s3_bucket_approved_usage_acl_cross_account_access/default.tfvars b/calculated_policies/aws_s3_bucket_approved_usage_acl_cross_account_access/default.tfvars deleted file mode 100644 index f4f2ff7a8..000000000 --- a/calculated_policies/aws_s3_bucket_approved_usage_acl_cross_account_access/default.tfvars +++ /dev/null @@ -1,21 +0,0 @@ -# Required - Target the accounts that are approved to use AWS S3 Bucket ACL cross-account access -# This variable expects a list of Canonical IDs -# Read more about Canonical user IDs: https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html -approved_accounts = [] -# Examples for approved_accounts -# approved_accounts = ["14dc98d5f2185f3d62afcc95361dd156098a788f09fdd581d68710b503cfad09"] - -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "S3 Bucket ACL Cross-Account Access" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Restrict AWS S3 Bucket ACL cross-account access to approved accounts" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_s3_bucket_approved_usage_acl_cross_account_access/main.tf b/calculated_policies/aws_s3_bucket_approved_usage_acl_cross_account_access/main.tf deleted file mode 100644 index 6097b6e6b..000000000 --- a/calculated_policies/aws_s3_bucket_approved_usage_acl_cross_account_access/main.tf +++ /dev/null @@ -1,51 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "aws_b3_bucket_approved_usage_approved_acl_cross_account_access" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > S3 > Bucket > Approved -resource "turbot_policy_setting" "aws_b3_bucket_approved_approved_acl_cross_account_access" { - resource = turbot_smart_folder.aws_b3_bucket_approved_usage_approved_acl_cross_account_access.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApproved" - value = "Check: Approved" -} - -# AWS > S3 > Bucket > Approved > Usage -resource "turbot_policy_setting" "aws_b3_bucket_approved_usage_approved_acl_cross_account_access" { - resource = turbot_smart_folder.aws_b3_bucket_approved_usage_approved_acl_cross_account_access.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApprovedUsage" - template_input = < Region > Bucket > Approved` -- `AWS > Region > Bucket > Approved > Usage` - -If the account that the replication is shared with, given by the property `Replication.Rules[].Destination.Account` -is not whitelisted, then the policy will be set to `Not approved` otherwise it will be set to `Approved`. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -GraphQL query that will return all the cross-account replication rules to compare against an account whitelist -to ensure that the replication is valid. - -```graphql -{ - resource { - replicationRules: get(path:"Replication.Rules") - } -} -``` - -### Template (Nunjucks) - -Add items to the currently empty `whitelist` collection as detailed in inline example comments. -The Nunjucks script will then check if all the accounts in the Bucket replication are valid by comparing -entries from a whitelist of accounts. -To add entries to the whitelist can be done in two different ways: - -- Using `defaults.tf` -- Amending the list in Turbot UI - -#### Using `defaults.tf` - -**Recommended** -Add the entries into the file as a list of accounts. -When running the script it will add these entries into the Calculated Policy automatically and allow the end -user to control the accounts centrally. - -#### Amending the list in Turbot UI - -If the company workflow is to modify the Calculated Policy directly in Turbot. -Navigate to the policy and amend the template value by adding entries into the `whitelist` Nunjucks array. -For example, suppose two accounts should be added, "012345678901", "109876543210", this can be added by setting -the variable by: - -```nunjucks -{#- set whitelist = ["012345678901", "109876543210"] -#} -``` - -**Note:** All the accounts in Bucket replication need to have an entry in the whitelist in order -for the Bucket to be valid, otherwise it will be invalid and set to `Not approved`. - -```nunjucks -{#- Whitelist of accounts that are approved for replication -#} -{%- set approvedAccounts = ["${join("\",\n \"", var.approved_accounts)}"] -%} -{%- set hasUnapprovedAccount = false -%} - -{%- for rule in $.resource.replicationRules -%} - {%- if rule.Status == "Enabled" and rule.Destination.Account not in approvedAccounts -%} - {%- set hasUnapprovedAccount = true -%} - {%- endif -%} -{%- endfor -%} - -{%- if not hasUnapprovedAccount -%} - "Approved" -{%- else -%} - "Not approved" -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- approved_accounts -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_s3_bucket_approved_usage_cross_account_replication/default.tfvars b/calculated_policies/aws_s3_bucket_approved_usage_cross_account_replication/default.tfvars deleted file mode 100644 index 82c450640..000000000 --- a/calculated_policies/aws_s3_bucket_approved_usage_cross_account_replication/default.tfvars +++ /dev/null @@ -1,19 +0,0 @@ -# Required - Target the accounts that are approved to use cross-account replication -approved_accounts = [] -# Examples for approved_accounts -# ["235268162285", "109876543210"] - -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "S3 Bucket Cross Account Replication" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Restrict AWS S3 Bucket cross-account replication to approved accounts" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_s3_bucket_approved_usage_cross_account_replication/main.tf b/calculated_policies/aws_s3_bucket_approved_usage_cross_account_replication/main.tf deleted file mode 100644 index 9b6ee1b34..000000000 --- a/calculated_policies/aws_s3_bucket_approved_usage_cross_account_replication/main.tf +++ /dev/null @@ -1,49 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "aws_b3_bucket_approved_usage_approved_cross_account_replication" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > S3 > Bucket > Approved -resource "turbot_policy_setting" "aws_b3_bucket_approved_approved_cross_account_replication" { - resource = turbot_smart_folder.aws_b3_bucket_approved_usage_approved_cross_account_replication.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApproved" - value = "Check: Approved" -} - -# AWS > S3 > Bucket > Approved > Usage -resource "turbot_policy_setting" "aws_b3_bucket_approved_usage_approved_cross_account_replication" { - resource = turbot_smart_folder.aws_b3_bucket_approved_usage_approved_cross_account_replication.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApprovedUsage" - template_input = < Region > Bucket > Approved` -- `AWS > Region > Bucket > Approved > Usage` - -If a S3 Bucket name is not DNS compliant, then the approved usage policy will be set to `Not approved` otherwise -it will be set to `Approved`. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -GraphQL query that will get the instance image. - -```graphql -{ - resource { - name: get(path: "Name") - } -} -``` - -### Template (Nunjucks) - -Approval logic for S3 Bucket trusted AWS accounts AMIs. -If S3 Bucket name does not match DNS compliant regular expression, then it will return `Not approved`. - -```nunjucks -{#- Defined at http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html -#} -{#- Implemented based on http://stackoverflow.com/a/106223 -#} -{%- set dnsNameRegExp = r/^(([a-z0-9]|[a-z0-9][a-z0-9-]*[a-z0-9])\\.)*([a-z0-9]|[a-z0-9][a-z0-9-]*[a-z0-9])$/g -%} -{%- if $.resource.name | length >= 3 and $.resource.name | length <= 63 and dnsNameRegExp.test($.resource.name) -%} - "Approved" -{%- else -%} - "Not approved" -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_s3_bucket_approved_usage_name_dns_compliant/default.tfvars b/calculated_policies/aws_s3_bucket_approved_usage_name_dns_compliant/default.tfvars deleted file mode 100644 index adb2576bb..000000000 --- a/calculated_policies/aws_s3_bucket_approved_usage_name_dns_compliant/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191238958290468" - -# Optional - Default value: "AWS S3 - Approved Usage - Name DNS Compliant" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Restrict AWS S3 Bucket names to DNS Compliant names" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_s3_bucket_approved_usage_name_dns_compliant/main.tf b/calculated_policies/aws_s3_bucket_approved_usage_name_dns_compliant/main.tf deleted file mode 100644 index e230fecc7..000000000 --- a/calculated_policies/aws_s3_bucket_approved_usage_name_dns_compliant/main.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "aws_s3_bucket_approved_usage_name_dns_compliant" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > S3 > Bucket > Approved -resource "turbot_policy_setting" "aws_s3_bucket_approved_name_dns_compliant" { - resource = turbot_smart_folder.aws_s3_bucket_approved_usage_name_dns_compliant.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApproved" - value = "Check: Approved" -} - -# AWS > S3 > Bucket > Approved > Usage -resource "turbot_policy_setting" "aws_s3_bucket_approved_usage_name_dns_compliant" { - resource = turbot_smart_folder.aws_s3_bucket_approved_usage_name_dns_compliant.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApprovedUsage" - # GraphQL to pull function metadata - template_input = <= 3 and $.resource.name | length <= 63 and dnsNameRegExp.test($.resource.name) -%} - "Approved" - {%- else -%} - "Not approved" - {%- endif -%} - EOT -} - -# Attach Smart Folder -resource "turbot_smart_folder_attachment" "aws_s3_bucket_approved_usage_name_dns_compliant" { - resource = var.target_resource - smart_folder = turbot_smart_folder.aws_s3_bucket_approved_usage_name_dns_compliant.id -} diff --git a/calculated_policies/aws_s3_bucket_approved_usage_name_dns_compliant/variables.tf b/calculated_policies/aws_s3_bucket_approved_usage_name_dns_compliant/variables.tf deleted file mode 100644 index a6cd11cbb..000000000 --- a/calculated_policies/aws_s3_bucket_approved_usage_name_dns_compliant/variables.tf +++ /dev/null @@ -1,22 +0,0 @@ -variable "target_resource" { - description = "Enter the resource ID or AKA for the resource to apply the calculated policy" - type = string -} - -variable "smart_folder_title" { - description = "Enter a title for the smart folder" - type = string - default = "AWS S3 - Approved Usage - Name DNS Compliant" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Restrict AWS S3 Bucket names to DNS Compliant names" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/calculated_policies/aws_s3_bucket_match_tags_on_bucket_and_cmk/README.md b/calculated_policies/aws_s3_bucket_match_tags_on_bucket_and_cmk/README.md deleted file mode 100644 index 2cbe6fa67..000000000 --- a/calculated_policies/aws_s3_bucket_match_tags_on_bucket_and_cmk/README.md +++ /dev/null @@ -1,139 +0,0 @@ -# AWS S3 - Match tags on Bucket and corresponding Key Management Service. - -## Use case - -The business owner may have different classifications of data (PII, Health, Proprietary, etc) where, S3 Buckets are -designated to hold specific classes of data. -For each classification, a corresponding Customer Managed Key should exist. -A comparison needs to be made between the tags on the S3 Bucket and on that on the Key Management Service to ensure -that the right Key Management Service is attached to the right S3 Bucket. - -## Implementation details - -This Terraform template creates a smart folder and applies calculated policies on the policies: - -- `AWS > S3 > Bucket > Encryption at Rest` -- `AWS > S3 > Bucket > Encryption at Rest > Customer Managed Key` - -The policy execute queries to get the S3 Bucket's tags and the corresponding Key Management Service's tags. -A comparison is then made between the tags. -If they match, the S3 Bucket is `Approved` otherwise `Not approved`. -Depending on the value set in `AWS > S3 > Bucket > Encryption at Rest`, a customer may choose to raise an alarm or -remediate the Key Management Service attached to the S3 Bucket. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -In the fist query gets the encryption rules for the S3 Bucket. -In the second query, policy uses Nunjucks to iterate over encryption rules searching for the Key Management Service -ARN. -If a match is found, the script will then then query will get the tags for the Key Management Service's tags which -will later be used to compare against the S3 Bucket tags. - -```graphql -- | - { - item: resource { - encryptionRules: get(path: "Encryption.ServerSideEncryptionConfiguration.Rules") - } - } -- | - {%- set encryptionRule = {} -%} - {%- for rule in $.item.encryptionRules -%} - {%- if rule.ApplyServerSideEncryptionByDefault -%} - {%- set encryptionRule = rule -%} - {%- endif -%} - {%- endfor -%} - { - S3 Bucket: resource { - tags - } - {%- if encryptionRule.ApplyServerSideEncryptionByDefault.KMSMasterKeyID -%} - kmsKey: resource (id: "{{ encryptionRule.ApplyServerSideEncryptionByDefault.KMSMasterKeyID }}") { - tags - } - {%- endif -%} - } -``` - -### Template (Nunjucks) - -Checks if Key Management Service key exists and contains the desired tag (set using [default.tfvars](default.tfvars) -variable `cross_resource_tag_key`. -Checks if S3 Bucket contains the desired tag (set using [default.tfvars](default.tfvars) `cross_resource_tag_key`. -Finally the script will check if the tags match. -If it does match, then policy is set to `Approved` otherwise the policy value will be set to `Not approved` - -```nunjucks -{%- if $.kmsKey.tags['${var.cross_resource_tag_key}'] - and $.S3 Bucket.tags['${var.cross_resource_tag_key}'] - and $.kmsKey.tags['${var.cross_resource_tag_key}'] == $.S3 Bucket.tags['${var.cross_resource_tag_key}'] -%} - Approved -{%- else -%} - Not approved -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- cross_resource_tag_key -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_s3_bucket_match_tags_on_bucket_and_cmk/default.tfvars b/calculated_policies/aws_s3_bucket_match_tags_on_bucket_and_cmk/default.tfvars deleted file mode 100644 index 0b7c4643e..000000000 --- a/calculated_policies/aws_s3_bucket_match_tags_on_bucket_and_cmk/default.tfvars +++ /dev/null @@ -1,19 +0,0 @@ -# Required - Tag key which should match between S3 Bucket and CMK -cross_resource_tag_key = "" -# Examples for cross_resource_tag_key -# cross_resource_tag_key = "data_classification" - -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "AWS S3 - Encryption at Rest Customer Managed Key - Match tags on Bucket and CMK" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "RMatch tags on S3 Bucket and CMK" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_s3_bucket_match_tags_on_bucket_and_cmk/main.tf b/calculated_policies/aws_s3_bucket_match_tags_on_bucket_and_cmk/main.tf deleted file mode 100644 index 819b55e84..000000000 --- a/calculated_policies/aws_s3_bucket_match_tags_on_bucket_and_cmk/main.tf +++ /dev/null @@ -1,61 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "aws_s3_bucket_encryption_at_rest_customer_managed_key_tags_match" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > S3 > Bucket > Encryption at Rest -resource "turbot_policy_setting" "aws_s3_bucket_encryption_at_rest_tags_match" { - resource = turbot_smart_folder.aws_s3_bucket_encryption_at_rest_customer_managed_key_tags_match.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketEncryptionAtRest" - value = "Check: Encryption at Rest > Customer Managed Key" -} - -# AWS > S3 > Bucket > Encryption at Rest > Customer Managed Key -resource "turbot_policy_setting" "aws_s3_bucket_encryption_at_rest_customer_managed_key_tags_match" { - resource = turbot_smart_folder.aws_s3_bucket_encryption_at_rest_customer_managed_key_tags_match.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketEncryptionAtRestCustomerManagedKey" - # GraphQL to pull function metadata - template_input = < S3 > Bucket > Public Access Block` -- `AWS > S3 > Bucket > Public Access Block > Settings` - - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -Query to return the current settings of the Public Access Block. - -```graphql -{ - resource: bucket { - publicAccessBlock: get(path: "PublicAccessBlockConfiguration") - } -} -``` - -### Template (Nunjucks) - -Add the desired settings into the variable `public_access_block_settings_skip_list` which is a list of strings. -If a setting is not provided then the value of the resource will be used as the value is expected. -The settings can be configured using the variable definition file `default.tfvars` and is by default an empty set. - -#### Using `defaults.tf` - -**Recommended** -Add the settings into the file as a list of strings. -When running the script it will add these entries into the Calculated Policy automatically and allow the end -user to control the accounts centrally. - -#### Amending the list in Turbot UI - -If the company workflow is to modify the Calculated Policy directly in Turbot. -Navigate to the policy and amend the template value by adding settings into the Nunjucks array. -For example, suppose two settings should be added, "check_block_public_acls", "uncheck_block_public_bucket_policies", -this can be added by setting the variable to: - -```nunjucks -{%- set settings = ["check_block_public_acls", "uncheck_block_public_bucket_policies"] -#} -``` - -The template body will look at the current settings and will use the previous values if no setting was found. - -```nunjucks -{%- set result = "" -%} -{%- set settings = ["${join("\", \"", var.public_access_block_settings_skip_list)}"] -%} -{%- set completedBlockPublicAcl = false -%} -{%- set completedBlockPublicBucketPolicies = false -%} -{%- set completedIgnorePublicACLs = false -%} -{%- set completedRestrictPublicBucketPolicies = false -%} - -{%- for setting in settings -%} - {%- if setting == "check_block_public_acls" -%} - {%- set result = result + "- Block Public ACLs\n" -%} - {%- set completedBlockPublicAcl = true -%} - {%- elif setting == "uncheck_block_public_acls" -%} - {%- set completedBlockPublicAcl = true -%} - {%- endif -%} - - {%- if setting == "check_block_public_bucket_policies" -%} - {%- set result = result + "- Block Public Bucket Policies\n" -%} - {%- set completedBlockPublicBucketPolicies = true -%} - {%- elif setting == "uncheck_block_public_bucket_policies" -%} - {%- set completedBlockPublicBucketPolicies = true -%} - {%- endif -%} - - {%- if setting == "check_ignore_public_acls" -%} - {%- set result = result + "- Ignore Public ACLs\n" -%} - {%- set completedIgnorePublicACLs = true -%} - {%- elif setting == "uncheck_ignore_public_acls" -%} - {%- set completedIgnorePublicACLs = true -%} - {%- endif -%} - - {%- if setting == "check_restrict_public_bucket_policies" -%} - {%- set result = result + "- Restrict Public Bucket Policies\n" -%} - {%- set completedRestrictPublicBucketPolicies = true -%} - {%- elif setting == "uncheck_restrict_public_bucket_policies" -%} - {%- set completedRestrictPublicBucketPolicies = true -%} - {%- endif -%} -{%- endfor -%} -{%- if completedBlockPublicAcl == false and $.resource.publicAccessBlock.BlockPublicAcls == true -%} - {%- set result = result + "- Block Public ACLs\n" -%} -{%- endif -%} - -{%- if completedBlockPublicBucketPolicies == false and $.resource.publicAccessBlock.BlockPublicPolicy == true -%} - {%- set result = result + "- Block Public Bucket Policies\n" -%} -{%- endif -%} - -{%- if completedIgnorePublicACLs == false and $.resource.publicAccessBlock.IgnorePublicAcls == true -%} - {%- set result = result + "- Ignore Public ACLs\n" -%} -{%- endif -%} - -{%- if completedRestrictPublicBucketPolicies == false and $.resource.publicAccessBlock.RestrictPublicBuckets == true -%} - {%- set result = result + "- Restrict Public Bucket Policies\n" -%} -{%- endif -%} - -{%- if result == "" -%} -[] -{%- else -%} -{{ result }} -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- turbot_profile -- target_resource -- public_access_block_settings_skip_list (Optional) -- public_access_block_settings (Optional) -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_s3_bucket_public_access_block_skip_setting/default.tfvars b/calculated_policies/aws_s3_bucket_public_access_block_skip_setting/default.tfvars deleted file mode 100644 index 397f24b60..000000000 --- a/calculated_policies/aws_s3_bucket_public_access_block_skip_setting/default.tfvars +++ /dev/null @@ -1,7 +0,0 @@ -# Required - Turbot profile configured to connect to the desired Turbot workspace -turbot_profile = "" - -# Required - Target resource to attach to smart folder -target_resource = "" - -# Check variables.tf file for further optional variables diff --git a/calculated_policies/aws_s3_bucket_public_access_block_skip_setting/main.tf b/calculated_policies/aws_s3_bucket_public_access_block_skip_setting/main.tf deleted file mode 100644 index 308391178..000000000 --- a/calculated_policies/aws_s3_bucket_public_access_block_skip_setting/main.tf +++ /dev/null @@ -1,104 +0,0 @@ -# Provider -provider "turbot" { - profile = var.turbot_profile -} - -# Smart Folder Definition -resource "turbot_smart_folder" "sf_aws_s3_calc_policy" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > S3 > Bucket > Public Access Block -resource "turbot_policy_setting" "aws_s3_bucket_public_access_block" { - resource = turbot_smart_folder.sf_aws_s3_calc_policy.id - type = "tmod:@turbot/aws-s3#/policy/types/s3BucketPublicAccessBlock" - value = local.public_access_block_settings_map[var.public_access_block_settings] -} - -# AWS > S3 > Bucket > Public Access Block > Settings -resource "turbot_policy_setting" "aws_s3_bucket_public_access_block_settings" { - resource = turbot_smart_folder.sf_aws_s3_calc_policy.id - type = "tmod:@turbot/aws-s3#/policy/types/s3BucketPublicAccessBlockSettings" - template_input = < Settings`" - enforce : "Enforce: Per `Public Access Block > Settings`" - } -} diff --git a/calculated_policies/aws_s3_bucket_public_access_block_skip_setting/variables.tf b/calculated_policies/aws_s3_bucket_public_access_block_skip_setting/variables.tf deleted file mode 100644 index 2e8549548..000000000 --- a/calculated_policies/aws_s3_bucket_public_access_block_skip_setting/variables.tf +++ /dev/null @@ -1,80 +0,0 @@ -variable "turbot_profile" { - type = string - description = "Enter the profile to connect to the correct Turbot workspace" -} - -variable "target_resource" { - type = string - description = "Enter the resource ID or AKA for the resource to apply the calculated policy" -} - -variable "public_access_block_settings_skip_list" { - type = list(string) - description = < Settings` - enforce: Enforce: Per `Public Access Block > Settings` - DESC - default = "skip" -} - - -variable "smart_folder_title" { - type = string - description = "Enter a title for the smart folder" - default = "S3 Bucket Public Access Skip Settings" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = < S3 > Bucket > Public Access Block > Settings will currently either set each setting to enabled or - disabled. - - This calculated policy is for the case where we want to leave a specific setting unchanged in the Public Access Block. - - This is to allow for backward compatibility to V3 where each setting could be customised to be either enabled, - disabled or skipped. - DESC -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/calculated_policies/aws_s3_bucket_tagging_ignore_casing/README.md b/calculated_policies/aws_s3_bucket_tagging_ignore_casing/README.md deleted file mode 100644 index 6f46c3e32..000000000 --- a/calculated_policies/aws_s3_bucket_tagging_ignore_casing/README.md +++ /dev/null @@ -1,113 +0,0 @@ -# AWS S3 - Check tags on a bucket, ignoring casing - -## Use case - -The business owner of the AWS platform wants to consistently tag all resources with business metadata to meet company -standards and ensure supportability and cost transparency. However, the admin wants to not get false positives, which can happen if casing in the key or value is not identical. - -## Implementation details - -This Terraform template creates a smart folder and applies the calculated policy on the policy: - -- `AWS > S3 > Bucket > Tags > Template` - -The Calculated policy creates a tag template, while accounting for the possibility that keys and values might have alternate casing. Without RegEx, alternate casing will create false positives. - -Additionally, we create the policy `AWS > S3 > Bucket > Tags` and set it to `Check: Tags are correct`. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -In this case the query selects various metadata about the bucket. - -```graphql -{ - resource { - turbot { - tags - } - } -} -``` - -### Template (Nunjucks) - -```nunjucks -{%- set approved = 'no' -%} - -{%- for key,value in $.resource.turbot.tags -%} - {%- if r/owners/.test(key | lower) -%} - {%- if r/john doe/.test(value | lower) %} - {%- set approved = 'yes' -%} - {%- endif %} - {%- endif -%} -{%- endfor -%} - -{%- if approved == 'no' -%} -- owner: 'Missing_tag' -{%- else -%} -[] -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 at minimum -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_s3_bucket_tagging_ignore_casing/default.tfvars b/calculated_policies/aws_s3_bucket_tagging_ignore_casing/default.tfvars deleted file mode 100644 index ff7e2153d..000000000 --- a/calculated_policies/aws_s3_bucket_tagging_ignore_casing/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -# Required - Target resource to attach to smart folder -# target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191926035367605" - -# Optional - Default value: "AWS AMI Tag On Control Alarm" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "AMI must have tags added once the AMI is older than 14 days" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" \ No newline at end of file diff --git a/calculated_policies/aws_s3_bucket_tagging_ignore_casing/output.tf b/calculated_policies/aws_s3_bucket_tagging_ignore_casing/output.tf deleted file mode 100644 index 365421c2b..000000000 --- a/calculated_policies/aws_s3_bucket_tagging_ignore_casing/output.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "smart_folder_title" { - value = var.smart_folder_title -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} \ No newline at end of file diff --git a/calculated_policies/aws_s3_bucket_tagging_ignore_casing/policies.tf b/calculated_policies/aws_s3_bucket_tagging_ignore_casing/policies.tf deleted file mode 100644 index f281e45dc..000000000 --- a/calculated_policies/aws_s3_bucket_tagging_ignore_casing/policies.tf +++ /dev/null @@ -1,38 +0,0 @@ -resource "turbot_policy_setting" "s3_tags" { - resource = turbot_smart_folder.s3_tagging_template.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketTags" - value = "Check: Tags are correct" -} - -# AWS > Region > Bucket > Tags > Template -resource "turbot_policy_setting" "s3_tag_template" { - resource = turbot_smart_folder.s3_tagging_template.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketTagsTemplate" - # GraphQL to pull bucket metadata - template_input = < Region > Bucket > Tags > Template` - -The Calculated policy creates a tag template. -The template shows creating static and dynamic values. -It also shows how to control the values of tags on a bucket. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -In this case the query selects various metadata about the bucket. - -```graphql -{ - account { - Id - } - folder { - turbot { - tags - } - } - bucket { - Name - turbot { - tags - } - creator: history(filter: "sort:version_id limit:1") { - items { - actor { - identity { - turbot { - title - } - } - } - turbot { - createTimestamp - } - } - } - } -} -``` - -### Template (Nunjucks) - -```nunjucks -{# Use tags from folder level #} -"Cost Center": "{{ $.folder.turbot.tags.Cost_Center }}" - -{# Static Name Example #} -"Company": "Acme Inc." - -{# Use AWS environment metadata / attributes #} -"Billing Account Detail": "AF-{{ $.account.Id }}" -"Bucket Name": "{{ $.bucket.Name }}" - -{# Allow any value except null, set to "Non-Compliant" if out of bounds #} -"Description": "{% if $.bucket.turbot.tags['Description'] %}{{ $.bucket.turbot.tags['Description'] }}{% else %}Non-Compliant Tag{% endif %}" - -{# Enforce selection of values, set to "Non-Compliant" if out of bounds #} -"Environment": "{% if $.bucket.turbot.tags['Environment'] in ['Dev', 'QA', 'Prod', 'Temp'] %}{{ $.bucket.turbot.tags['Environment'] }}{% else %}Non-Compliant Tag{% endif %}" - -{# Actor who created the bucket #} -"CreatedByActor": "{{ $.bucket.creator.items[0].actor.identity.turbot.title }}" - -{# Creation Timestamp #} -"CreatedByTime": "{{ $.bucket.creator.items[0].turbot.createTimestamp }}" -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_s3_bucket_tagging_template/default.tfvars b/calculated_policies/aws_s3_bucket_tagging_template/default.tfvars deleted file mode 100644 index 601d1e1d7..000000000 --- a/calculated_policies/aws_s3_bucket_tagging_template/default.tfvars +++ /dev/null @@ -1,8 +0,0 @@ -# Optional - Default value: "S3 Bucket Tagging Template" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Enables bucket versioning for all buckets tagged with {Environment:=Prod}" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_s3_bucket_tagging_template/main.tf b/calculated_policies/aws_s3_bucket_tagging_template/main.tf deleted file mode 100644 index 015296fc6..000000000 --- a/calculated_policies/aws_s3_bucket_tagging_template/main.tf +++ /dev/null @@ -1,69 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "s3_tagging_template" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > Region > Bucket > Tags > Template -resource "turbot_policy_setting" "s3_tag_template" { - resource = "turbot_smart_folder.s3_tagging_template.id" - type = "tmod:@turbot/aws-s3#/policy/types/bucketTagsTemplate" - # GraphQL to pull bucket metadata - template_input = < Region > Bucket > Approved` -- `AWS > Region > Bucket > Approved > Usage` - -The Calculated policy creates a template that will alarm if a queue policy contains "Action: SQS:*". - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -The GraphQL query selects policy metadata on an SQS queue. - -```graphql -{ - resource { - pol: get(path: "Policy") - } -} -``` - -### Template (Nunjucks) - -```nunjucks -{%- set regExp = r/"SQS:*/g -%} -{%- if regExp.test($.resource.pol) -%} - Not approved -{%- else -%} - Approved -{%- endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/calculated_policies/aws_sqs_approved/default.tfvars b/calculated_policies/aws_sqs_approved/default.tfvars deleted file mode 100644 index 8c8afbaff..000000000 --- a/calculated_policies/aws_sqs_approved/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191238958290468" - -# Optional - Default value: "SQS Approve Usage" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Alarms if an SQS queue policy allows SQS:*" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/calculated_policies/aws_sqs_approved/main.tf b/calculated_policies/aws_sqs_approved/main.tf deleted file mode 100644 index ece101582..000000000 --- a/calculated_policies/aws_sqs_approved/main.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Smart Folder Definition -resource "turbot_smart_folder" "sqs_usage_approved" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# AWS > Region > Bucket > Approved -resource "turbot_policy_setting" "sqs_approved" { - resource = turbot_smart_folder.sqs_usage_approved.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApproved" - value = "Check: Approved" -} - -# AWS > Region > Bucket > Approved > Usage -resource "turbot_policy_setting" "sqs_usage_approved" { - resource = turbot_smart_folder.sqs_usage_approved.id - type = "tmod:@turbot/aws-sqs#/policy/types/queueApprovedUsage" - # GraphQL to pull bucket metadata - template_input = < Account > Tags Template [Default]`, in addition to creating the policy `AWS > {Service} > {Resource} > Tags > Template` for each service. The services that will have the policy applied can be customized in the `default.tfvars` file. - -### Template input (GraphQL) - -The template input to a calculated policy is a GraphQL query. - -In this case the query selects all tags from the instance. - -```graphql -{ - resource { - tags - } - folder { - turbot { - tags - } - } -} -``` - -### Template (Nunjucks) - -Logic for determining if existing tags are acceptable. The template will overwrite tags that are not correct, as well as create tags that must exist but do not. Note that the tag `owner` must be an email. Regex is used to verify the tag value. - -```nunjucks -{#- Set default value for non-existant and incorrect tags -#} -{#- #################################################### -#} -{%- set missingTag = "__MissingTag__" -%} -{#- Set regex for valid email -#} -{#- ######################### -#} -{%- set regExp = r/(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)/ %} -{#- Check for required tags -#} -{#- ####################### -#} -{#- Check that owner tag exists and is valid -#} -{#- ######################################## -#} -{%- if $.resource.tags['owner'] -%} - {%- if regExp.test($.resource.tags['owner']) -%} - - owner: {{$.resource.tags['owner']}} - {%- else -%} - - owner: InvalidTagValue __{{$.resource.tags['owner']}}__ - {%- endif %} -{% else -%} - {%- if $.folder.turbot.tags['owner'] -%} - - owner: {{$.folder.turbot.tags['owner']}} - {% else -%} - - owner: {{missingTag}} - {%- endif %} -{% endif -%} -{#- Check that environment tag exists and is valid -#} -{#- ######################################## -#} -{%- set acceptableValues = ['dev', 'test', 'prod'] -%} -{%- if $.resource.tags['environment'] -%} - {%- if $.resource.tags['environment'] in acceptableValues -%} - - environment: {{$.resource.tags['environment']}} - {%- else -%} - - environment: InvalidTagValue __{{$.resource.tags['environment']}}__ - {%- endif %} -{% else -%} - {%- if $.folder.turbot.tags['environment'] -%} - - environment: {{$.folder.turbot.tags['environment']}} - {% else -%} - - environment: {{missingTag}} - {%- endif %} -{% endif -%} -{#- Check that costcenter tag exists -#} -{#- ######################################## -#} -{%- if $.resource.tags['costcenter'] -%} - - costcenter: {{$.resource.tags['costcenter']}} -{% else -%} - {%- if $.folder.turbot.tags['costcenter'] -%} - - costcenter: {{$.folder.turbot.tags['costcenter']}} - {% else -%} - - costcenter: {{missingTag}} - {%- endif %} -{% endif -%} -``` - -The template itself is a [Nunjucks formatted template](https://mozilla.github.io/nunjucks/templating.html). - -## Prerequisites - -To run Turbot Calculated Policies, you must install: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://turbot.com/v5/docs/reference/terraform/provider) -- Configured credentials to connect to your Turbot workspace - -### Configuring credentials - -You must set your `config.tf` or environment variables to connect to your Turbot workspace. -Further information can be found in the Turbot Terraform Provider [Installation Instructions](https://turbot.com/v5/docs/reference/terraform/provider). - -## Running the example - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update [default.tfvars](default.tfvars) or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- smart_folder_title (Optional) -- smart_folder_description (Optional) -- smart_folder_parent_resource (Optional) - -Open the file [variables.tf](variables.tf) for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file [defaults.tfvars](defaults.tfvars). - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` \ No newline at end of file diff --git a/calculated_policies/aws_tagging/default.tfvars b/calculated_policies/aws_tagging/default.tfvars deleted file mode 100644 index 81c70bdc5..000000000 --- a/calculated_policies/aws_tagging/default.tfvars +++ /dev/null @@ -1,236 +0,0 @@ -## Set which AWS resources need to be tagged -## Acceptable Values: -## 'Skip' -## 'Check: Tags are correct' -## 'Enforce: Set tags' -## -## !!!!!ONLY ENABLE RESOURCES FROM MODS YOU HAVE INSTALLED!!!!!! - -resource_tags = { - # aws-acm-certificate = "Enforce: Set tags" - # aws-amplify-app = "Enforce: Set tags" - # aws-apigateway-stage = "Enforce: Set tags" - # aws-apigateway-api = "Enforce: Set tags" - # aws-appstream-stack = "Enforce: Set tags" - # aws-athena-namedQuery = "Enforce: Set tags" - # aws-athena-workgroup = "Enforce: Set tags" - # aws-backup-backupPlan = "Enforce: Set tags" - # aws-backup-backupVault = "Enforce: Set tags" - # aws-cloudformation-stack = "Enforce: Set tags" - # aws-cloudfront-streamingDistribution = "Enforce: Set tags" - # aws-cloudfront-distribution = "Enforce: Set tags" - # aws-cloudtrail-trail = "Enforce: Set tags" - # aws-cloudwatch-alarm = "Enforce: Set tags" - # aws-codebuild-project = "Enforce: Set tags" - # aws-codecommit-repository = "Enforce: Set tags" - # aws-codepipeline-pipeline = "Enforce: Set tags" - # aws-config-rule = "Enforce: Set tags" - # aws-dax-cluster = "Enforce: Set tags" - # aws-directoryservice-directory = "Enforce: Set tags" - # aws-docdb-dbCluster = "Enforce: Set tags" - # aws-docdb-dbInstance = "Enforce: Set tags" - # aws-dynamodb-table = "Enforce: Set tags" - aws-ec2-networkInterface = "Enforce: Set tags" - aws-ec2-volume = "Enforce: Set tags" - aws-ec2-targetGroup = "Enforce: Set tags" - aws-ec2-snapshot = "Enforce: Set tags" - aws-ec2-networkLoadBalancer = "Enforce: Set tags" - aws-ec2-launchTemplate = "Enforce: Set tags" - aws-ec2-instance = "Enforce: Set tags" - aws-ec2-classicLoadBalancer = "Enforce: Set tags" - aws-ec2-autoScalingGroup = "Enforce: Set tags" - aws-ec2-applicationLoadBalancer = "Enforce: Set tags" - aws-ec2-ami = "Enforce: Set tags" - # aws-ecr-repository = "Enforce: Set tags" - # aws-ecs-cluster = "Enforce: Set tags" - # aws-efs-fileSystem = "Enforce: Set tags" - # aws-eks-cluster = "Enforce: Set tags" - # aws-elasticache-snapshot = "Enforce: Set tags" - # aws-elasticache-cacheCluster = "Enforce: Set tags" - # aws-elasticbeanstalk-environment = "Enforce: Set tags" - # aws-elasticbeanstalk-application = "Enforce: Set tags" - # aws-elasticsearch-domain = "Enforce: Set tags" - # aws-emr-cluster = "Enforce: Set tags" - # aws-fsx-backup = "Enforce: Set tags" - # aws-fsx-fileSystem = "Enforce: Set tags" - # aws-glacier-vault = "Enforce: Set tags" - # aws-greengrass-group = "Enforce: Set tags" - # aws-guardduty-threatIntelSet = "Enforce: Set tags" - # aws-guardduty-ipSet = "Enforce: Set tags" - # aws-guardduty-detector = "Enforce: Set tags" - aws-iam-user = "Enforce: Set tags" - aws-iam-role = "Enforce: Set tags" - # aws-inspector-assessmentTemplate = "Enforce: Set tags" - # aws-kinesis-stream = "Enforce: Set tags" - aws-kms-key = "Enforce: Set tags" - # aws-lambda-function = "Enforce: Set tags" - # aws-logs-logGroup = "Enforce: Set tags" - # aws-mq-configuration = "Enforce: Set tags" - # aws-mq-broker = "Enforce: Set tags" - # aws-msk-cluster = "Enforce: Set tags" - # aws-neptune-dbCluster = "Enforce: Set tags" - # aws-neptune-dbInstance = "Enforce: Set tags" - # aws-qldb-ledger = "Enforce: Set tags" - # aws-ram-resourceShare = "Enforce: Set tags" - aws-rds-dbSnapshotManual = "Enforce: Set tags" - aws-rds-dbClusterSnapshotManual = "Enforce: Set tags" - aws-rds-subnetGroup = "Enforce: Set tags" - aws-rds-optionGroup = "Enforce: Set tags" - aws-rds-dbParameterGroup = "Enforce: Set tags" - aws-rds-dbInstance = "Enforce: Set tags" - aws-rds-dbClusterParameterGroup = "Enforce: Set tags" - aws-rds-dbCluster = "Enforce: Set tags" - # aws-redshift-clusterSnapshotManual = "Enforce: Set tags" - # aws-redshift-clusterSubnetGroup = "Enforce: Set tags" - # aws-redshift-cluster = "Enforce: Set tags" - # aws-redshift-clusterParameterGroup = "Enforce: Set tags" - # aws-route53-hostedZone = "Enforce: Set tags" - aws-s3-bucket = "Enforce: Set tags" - # aws-sagemaker-endpointConfig = "Enforce: Set tags" - # aws-sagemaker-notebookInstance = "Enforce: Set tags" - # aws-secretsmanager-secret = "Enforce: Set tags" - # aws-securityhub-hub = "Enforce: Set tags" - # aws-servicecatalog-portfolio = "Enforce: Set tags" - # aws-sns-topic = "Enforce: Set tags" - # aws-sqs-queue = "Enforce: Set tags" - # aws-ssm-document = "Enforce: Set tags" - # aws-ssm-maintenanceWindow = "Enforce: Set tags" - # aws-stepfunctions-stateMachine = "Enforce: Set tags" - # aws-transfer-user = "Enforce: Set tags" - # aws-transfer-server = "Enforce: Set tags" - aws-vpc-connect-customerGateway = "Enforce: Set tags" - aws-vpc-connect-transitGatewayRouteTable = "Enforce: Set tags" - aws-vpc-connect-transitGateway = "Enforce: Set tags" - aws-vpc-connect-vpcPeeringConnection = "Enforce: Set tags" - aws-vpc-connect-vpnConnection = "Enforce: Set tags" - aws-vpc-connect-vpnGateway = "Enforce: Set tags" - aws-vpc-core-dhcpOptions = "Enforce: Set tags" - aws-vpc-core-routeTable = "Enforce: Set tags" - aws-vpc-core-subnet = "Enforce: Set tags" - aws-vpc-core-vpc = "Enforce: Set tags" - aws-vpc-internet-vpcEndpointService = "Enforce: Set tags" - aws-vpc-internet-natGateway = "Enforce: Set tags" - aws-vpc-internet-egressOnlyInternetGateway = "Enforce: Set tags" - aws-vpc-internet-internetGateway = "Enforce: Set tags" - aws-vpc-internet-vpcEndpoint = "Enforce: Set tags" - aws-vpc-internet-elasticIp = "Enforce: Set tags" - aws-vpc-security-securityGroup = "Enforce: Set tags" - aws-vpc-security-networkAcl = "Enforce: Set tags" - # aws-waf-webacl = "Enforce: Set tags" - # aws-workspaces-workspace = "Enforce: Set tags" -} - -## Mapping of resource name to resource tag policy -policy_map = { - aws-acm-certificate = "tmod:@turbot/aws-acm#/policy/types/certificateTags" - aws-amplify-app = "tmod:@turbot/aws-amplify#/policy/types/appTags" - aws-apigateway-stage = "tmod:@turbot/aws-apigateway#/policy/types/stageTags" - aws-apigateway-api = "tmod:@turbot/aws-apigateway#/policy/types/apiTags" - aws-appstream-stack = "tmod:@turbot/aws-appstream#/policy/types/stackTags" - aws-athena-namedQuery = "tmod:@turbot/aws-athena#/policy/types/namedQueryTags" - aws-athena-workgroup = "tmod:@turbot/aws-athena#/policy/types/workgroupTags" - aws-backup-backupPlan = "tmod:@turbot/aws-backup#/policy/types/backupPlanTags" - aws-backup-backupVault = "tmod:@turbot/aws-backup#/policy/types/backupVaultTags" - aws-cloudformation-stack = "tmod:@turbot/aws-cloudformation#/policy/types/stackTags" - aws-cloudfront-streamingDistribution = "tmod:@turbot/aws-cloudfront#/policy/types/streamingDistributionTags" - aws-cloudfront-distribution = "tmod:@turbot/aws-cloudfront#/policy/types/distributionTags" - aws-cloudtrail-trail = "tmod:@turbot/aws-cloudtrail#/policy/types/trailTags" - aws-cloudwatch-alarm = "tmod:@turbot/aws-cloudwatch#/policy/types/alarmTags" - aws-codebuild-project = "tmod:@turbot/aws-codebuild#/policy/types/projectTags" - aws-codecommit-repository = "tmod:@turbot/aws-codecommit#/policy/types/repositoryTags" - aws-codepipeline-pipeline = "tmod:@turbot/aws-codepipeline#/policy/types/pipelineTags" - aws-config-rule = "tmod:@turbot/aws-config#/policy/types/ruleTags" - aws-dax-cluster = "tmod:@turbot/aws-dax#/policy/types/clusterTags" - aws-directoryservice-directory = "tmod:@turbot/aws-directoryservice#/policy/types/directoryTags" - aws-docdb-dbCluster = "tmod:@turbot/aws-docdb#/policy/types/dbClusterTags" - aws-docdb-dbInstance = "tmod:@turbot/aws-docdb#/policy/types/dbInstanceTags" - aws-dynamodb-table = "tmod:@turbot/aws-dynamodb#/policy/types/tableTags" - aws-ec2-networkInterface = "tmod:@turbot/aws-ec2#/policy/types/networkInterfaceTags" - aws-ec2-volume = "tmod:@turbot/aws-ec2#/policy/types/volumeTags" - aws-ec2-targetGroup = "tmod:@turbot/aws-ec2#/policy/types/targetGroupTags" - aws-ec2-snapshot = "tmod:@turbot/aws-ec2#/policy/types/snapshotTags" - aws-ec2-networkLoadBalancer = "tmod:@turbot/aws-ec2#/policy/types/networkLoadBalancerTags" - aws-ec2-launchTemplate = "tmod:@turbot/aws-ec2#/policy/types/launchTemplateTags" - aws-ec2-instance = "tmod:@turbot/aws-ec2#/policy/types/instanceTags" - aws-ec2-classicLoadBalancer = "tmod:@turbot/aws-ec2#/policy/types/classicLoadBalancerTags" - aws-ec2-autoScalingGroup = "tmod:@turbot/aws-ec2#/policy/types/autoScalingGroupTags" - aws-ec2-applicationLoadBalancer = "tmod:@turbot/aws-ec2#/policy/types/applicationLoadBalancerTags" - aws-ec2-ami = "tmod:@turbot/aws-ec2#/policy/types/amiTags" - aws-ecr-repository = "tmod:@turbot/aws-ecr#/policy/types/repositoryTags" - aws-ecs-cluster = "tmod:@turbot/aws-ecs#/policy/types/clusterTags" - aws-efs-fileSystem = "tmod:@turbot/aws-efs#/policy/types/fileSystemTags" - aws-eks-cluster = "tmod:@turbot/aws-eks#/policy/types/clusterTags" - aws-elasticache-snapshot = "tmod:@turbot/aws-elasticache#/policy/types/snapshotTags" - aws-elasticache-cacheCluster = "tmod:@turbot/aws-elasticache#/policy/types/cacheClusterTags" - aws-elasticbeanstalk-environment = "tmod:@turbot/aws-elasticbeanstalk#/policy/types/environmentTags" - aws-elasticbeanstalk-application = "tmod:@turbot/aws-elasticbeanstalk#/policy/types/applicationTags" - aws-elasticsearch-domain = "tmod:@turbot/aws-elasticsearch#/policy/types/domainTags" - aws-emr-cluster = "tmod:@turbot/aws-emr#/policy/types/clusterTags" - aws-fsx-backup = "tmod:@turbot/aws-fsx#/policy/types/backupTags" - aws-fsx-fileSystem = "tmod:@turbot/aws-fsx#/policy/types/fileSystemTags" - aws-glacier-vault = "tmod:@turbot/aws-glacier#/policy/types/vaultTags" - aws-greengrass-group = "tmod:@turbot/aws-greengrass#/policy/types/groupTags" - aws-guardduty-threatIntelSet = "tmod:@turbot/aws-guardduty#/policy/types/threatIntelSetTags" - aws-guardduty-ipSet = "tmod:@turbot/aws-guardduty#/policy/types/ipSetTags" - aws-guardduty-detector = "tmod:@turbot/aws-guardduty#/policy/types/detectorTags" - aws-iam-user = "tmod:@turbot/aws-iam#/policy/types/userTags" - aws-iam-role = "tmod:@turbot/aws-iam#/policy/types/roleTags" - aws-inspector-assessmentTemplate = "tmod:@turbot/aws-inspector#/policy/types/assessmentTemplateTags" - aws-kinesis-stream = "tmod:@turbot/aws-kinesis#/policy/types/streamTags" - aws-kms-key = "tmod:@turbot/aws-kms#/policy/types/keyTags" - aws-lambda-function = "tmod:@turbot/aws-lambda#/policy/types/functionTags" - aws-logs-logGroup = "tmod:@turbot/aws-logs#/policy/types/logGroupTags" - aws-mq-configuration = "tmod:@turbot/aws-mq#/policy/types/configurationTags" - aws-mq-broker = "tmod:@turbot/aws-mq#/policy/types/brokerTags" - aws-msk-cluster = "tmod:@turbot/aws-msk#/policy/types/clusterTags" - aws-neptune-dbCluster = "tmod:@turbot/aws-neptune#/policy/types/dbClusterTags" - aws-neptune-dbInstance = "tmod:@turbot/aws-neptune#/policy/types/dbInstanceTags" - aws-qldb-ledger = "tmod:@turbot/aws-qldb#/policy/types/ledgerTags" - aws-ram-resourceShare = "tmod:@turbot/aws-ram#/policy/types/resourceShareTags" - aws-rds-dbSnapshotManual = "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualTags" - aws-rds-dbClusterSnapshotManual = "tmod:@turbot/aws-rds#/policy/types/dbClusterSnapshotManualTags" - aws-rds-subnetGroup = "tmod:@turbot/aws-rds#/policy/types/subnetGroupTags" - aws-rds-optionGroup = "tmod:@turbot/aws-rds#/policy/types/optionGroupTags" - aws-rds-dbParameterGroup = "tmod:@turbot/aws-rds#/policy/types/dbParameterGroupTags" - aws-rds-dbInstance = "tmod:@turbot/aws-rds#/policy/types/dbInstanceTags" - aws-rds-dbClusterParameterGroup = "tmod:@turbot/aws-rds#/policy/types/dbClusterParameterGroupTags" - aws-rds-dbCluster = "tmod:@turbot/aws-rds#/policy/types/dbClusterTags" - aws-redshift-clusterSnapshotManual = "tmod:@turbot/aws-redshift#/policy/types/clusterSnapshotManualTags" - aws-redshift-clusterSubnetGroup = "tmod:@turbot/aws-redshift#/policy/types/clusterSubnetGroupTags" - aws-redshift-cluster = "tmod:@turbot/aws-redshift#/policy/types/clusterTags" - aws-redshift-clusterParameterGroup = "tmod:@turbot/aws-redshift#/policy/types/clusterParameterGroupTags" - aws-route53-hostedZone = "tmod:@turbot/aws-route53#/policy/types/hostedZoneTags" - aws-s3-bucket = "tmod:@turbot/aws-s3#/policy/types/bucketTags" - aws-sagemaker-endpointConfig = "tmod:@turbot/aws-sagemaker#/policy/types/endpointConfigTags" - aws-sagemaker-notebookInstance = "tmod:@turbot/aws-sagemaker#/policy/types/notebookInstanceTags" - aws-secretsmanager-secret = "tmod:@turbot/aws-secretsmanager#/policy/types/secretTags" - aws-securityhub-hub = "tmod:@turbot/aws-securityhub#/policy/types/hubTags" - aws-servicecatalog-portfolio = "tmod:@turbot/aws-servicecatalog#/policy/types/portfolioTags" - aws-sns-topic = "tmod:@turbot/aws-sns#/policy/types/topicTags" - aws-sqs-queue = "tmod:@turbot/aws-sqs#/policy/types/queueTags" - aws-ssm-document = "tmod:@turbot/aws-ssm#/policy/types/documentTags" - aws-ssm-maintenanceWindow = "tmod:@turbot/aws-ssm#/policy/types/maintenanceWindowTags" - aws-stepfunctions-stateMachine = "tmod:@turbot/aws-stepfunctions#/policy/types/stateMachineTags" - aws-transfer-user = "tmod:@turbot/aws-transfer#/policy/types/userTags" - aws-transfer-server = "tmod:@turbot/aws-transfer#/policy/types/serverTags" - aws-vpc-connect-customerGateway = "tmod:@turbot/aws-vpc-connect#/policy/types/customerGatewayTags" - aws-vpc-connect-transitGatewayRouteTable = "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayRouteTableTags" - aws-vpc-connect-transitGateway = "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayTags" - aws-vpc-connect-vpcPeeringConnection = "tmod:@turbot/aws-vpc-connect#/policy/types/vpcPeeringConnectionTags" - aws-vpc-connect-vpnConnection = "tmod:@turbot/aws-vpc-connect#/policy/types/vpnConnectionTags" - aws-vpc-connect-vpnGateway = "tmod:@turbot/aws-vpc-connect#/policy/types/vpnGatewayTags" - aws-vpc-core-dhcpOptions = "tmod:@turbot/aws-vpc-core#/policy/types/dhcpOptionsTags" - aws-vpc-core-routeTable = "tmod:@turbot/aws-vpc-core#/policy/types/routeTableTags" - aws-vpc-core-subnet = "tmod:@turbot/aws-vpc-core#/policy/types/subnetTags" - aws-vpc-core-vpc = "tmod:@turbot/aws-vpc-core#/policy/types/vpcTags" - aws-vpc-internet-vpcEndpointService = "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointServiceTags" - aws-vpc-internet-natGateway = "tmod:@turbot/aws-vpc-internet#/policy/types/natGatewayTags" - aws-vpc-internet-egressOnlyInternetGateway = "tmod:@turbot/aws-vpc-internet#/policy/types/egressOnlyInternetGatewayTags" - aws-vpc-internet-internetGateway = "tmod:@turbot/aws-vpc-internet#/policy/types/internetGatewayTags" - aws-vpc-internet-vpcEndpoint = "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointTags" - aws-vpc-internet-elasticIp = "tmod:@turbot/aws-vpc-internet#/policy/types/elasticIpTags" - aws-vpc-security-securityGroup = "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupTags" - aws-vpc-security-networkAcl = "tmod:@turbot/aws-vpc-security#/policy/types/networkAclTags" - aws-waf-webacl = "tmod:@turbot/aws-waf#/policy/types/webaclTags" - aws-workspaces-workspace = "tmod:@turbot/aws-workspaces#/policy/types/workspaceTags" -} \ No newline at end of file diff --git a/calculated_policies/aws_tagging/outputs.tf b/calculated_policies/aws_tagging/outputs.tf deleted file mode 100644 index 365421c2b..000000000 --- a/calculated_policies/aws_tagging/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "smart_folder_title" { - value = var.smart_folder_title -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} \ No newline at end of file diff --git a/calculated_policies/aws_tagging/providers.tf b/calculated_policies/aws_tagging/providers.tf deleted file mode 100644 index 034a3e5ca..000000000 --- a/calculated_policies/aws_tagging/providers.tf +++ /dev/null @@ -1,11 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/calculated_policies/aws_tagging/smart_folder.tf b/calculated_policies/aws_tagging/smart_folder.tf deleted file mode 100644 index 080959446..000000000 --- a/calculated_policies/aws_tagging/smart_folder.tf +++ /dev/null @@ -1,15 +0,0 @@ -## Create Smart Folder at the Turbot level - -resource "turbot_smart_folder" "aws_tagging" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_title - description = var.smart_folder_description -} - -## Smart Folder Attachments -## Add your smart folder attachments here or attach manually - -# resource "turbot_smart_folder_attachment" "auto_attach" { -# resource = "123456789012345" ## Enter Folder ID here -# smart_folder = turbot_smart_folder.aws_tagging.id -# } \ No newline at end of file diff --git a/calculated_policies/aws_tagging/tagging_policies.tf b/calculated_policies/aws_tagging/tagging_policies.tf deleted file mode 100644 index 45ee849d6..000000000 --- a/calculated_policies/aws_tagging/tagging_policies.tf +++ /dev/null @@ -1,84 +0,0 @@ -## Description: Enforce default tag template and tag controls for all resource types -## NOTE: This Terraform plan WILL ENFORCE TAGGING TEMPLATES! Ensure that either the value is set to "Check" -## or that each service has been vetted to ensure that no unintentional resource tagging occurs. - -## Sets tagging policy for each resource type in the resource_tags map. -resource "turbot_policy_setting" "set_resource_tag_policies" { - count = length(var.resource_tags) - resource = turbot_smart_folder.aws_tagging.id - type = var.policy_map[element(keys(var.resource_tags), count.index)] - value = element(values(var.resource_tags), count.index) -} - -## Sets the default tag template for all resources. -resource "turbot_policy_setting" "default_tag_template" { - resource = turbot_smart_folder.aws_tagging.id - type = "tmod:@turbot/aws#/policy/types/defaultTagsTemplate" - # GraphQL to pull policy Statements - template_input = <<-QUERY - { - resource { - tags - } - folder { - turbot { - tags - } - } - } - QUERY - - # Nunjucks template to set tags and check for tag validity. - template = <