{ "info": { "author": "Asbjorn Kjaer", "author_email": "bunjiboys+probator@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Console", "Framework :: Flask", "Framework :: Sphinx", "Intended Audience :: Information Technology", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", "Natural Language :: English", "Operating System :: MacOS :: MacOS X", "Operating System :: POSIX :: Linux", "Operating System :: Unix", "Programming Language :: Python :: 3.7", "Topic :: Security", "Topic :: Utilities" ], "description": "# probator-auditor-required-tags\n\nPlease open issues in the [Probator](https://gitlab.com/probator/probator/issues/new?labels=auditor-required-tags) repository\n\n## Description\n\nThis auditor reviews, alerts and potentially takes action on AWS objects that are found not to be compliant with the tagging requirements.\n\n## Configuration Options\n\n| Option name | Default Value | Type | Description |\n|-----------------------|-------------------------------------------|--------|-----------------------------------------------------------------------------|\n| alert\\_settings | See notes below | JSON | Alert and enforcement settings for supported resources |\n| always\\_send\\_email | True | bool | Send emails even in collect mode |\n| audit\\_ignore\\_tag | probator:ignore | string | Probator will ignore alerting/enforcement if resources are tagged with this |\n| audit\\_scope | aws\\_ec2\\_instance | string | Select resources (aws\\_ec2\\_instance, aws\\_s3\\_bucket) |\n| collect\\_only | True | bool | Do not shutdown resources, only update caches |\n| confirm\\_shutdown | True | bool | Require manual confirmation before shutting down instances |\n| email\\_subject | Resources missing required tags | string | Subject of the new issues email notifications |\n| enabled | False | bool | Enable the Required Tags auditor |\n| interval | 30 | int | How often the auditor executes, in minutes |\n| partial\\_owner\\_match | False | bool | Allow partial matches of the Owner tag |\n| permanent\\_recipient | [] | array | List of email addresses to receive all alerts |\n| required\\_tags | ['owner', 'accounting', 'name'] | array | List of required tags |\n\n### Example `alert_settings`:\n\n```json\n{\n \"global\": {\n \"actions\": [\n {\n \"name\": \"alert:1\",\n \"age\": \"now\",\n \"action\": \"alert\",\n \"order\": 0\n },\n {\n \"name\": \"alert:2\",\n \"age\": \"3 weeks\",\n \"action\": \"alert\",\n \"order\": 1\n },\n {\n \"name\": \"alert:3\",\n \"age\": \"3 weeks, 6 days\",\n \"action\": \"alert\",\n \"order\": 2\n },\n {\n \"name\": \"stop\",\n \"age\": \"4 weeks\",\n \"action\": \"stop\",\n \"order\": 3\n },\n {\n \"name\": \"remove\",\n \"age\": \"12 weeks\",\n \"action\": \"remove\",\n \"order\": 4\n }\n ],\n \"requiredTags\": {\n \"Name\": null,\n \"owner\": \"([a-zA-Z0-9._%+-]+[^+]@[a-zA-Z0-9.-]+\\\\.[a-zA-Z]{2,})\"\n },\n \"extraConfig\": {}\n },\n \"aws_ec2_instance\": {\n \"requiredTags\": {\n \"ssmEnabled\": \"^(true|false)$\"\n }\n }\n}\n```\n\nThe `global` section is applied to all resources, with some restrictions that we will cover in the detail sections below. In addition to the\n`global` section, you can also define additional tags for some resource types or override the `actions` to use a different schedule for\nspecific resource types\n\n#### `actions`\n\nThe `actions` block defines the set of actions to be taken. Using the example above, we can see that there are a total of 5 actions that\nwill be taken for all resources.\n\n 1. Upon detection, send an alert immediately (`age` = `now`)\n 1. After 3 weeks, send another alert\n 1. After another 6 days, send a third alert\n 1. After 4 weeks, stop the instance (also sends a notification)\n 1. Finally after 12 weeks, remove the resource (also sends a notification)\n \nActions can be overridden for specific resources, however if you provide a new action schedule, the global schedule will be ignored for the\nresource type.\n\n##### Valid action types\n\nCurrently only three types of actions are supported: `alert`, `stop` and `remove`.\n\n**alert**\n\nSends a notification to each of the registered owners for the resource account\n\n**stop**\n\nStops the resource, if applicable. As an example, this will stop an EC2 Instance if it is running. The state of the resource will be\nevaluated on each execution of the auditor, so if the resource is started again the stop action will be applied again\n\n**remove**\n\nDeletes the resource completely, for example if the resource is an EC2 Instance, it will be terminated.\n\n#### `required_tags`\n\nThe `required_tags` is a dictionary like object, where the keys are the names of the tags and the value is a regular expression pattern that\nwill be used to validate the tag value of the resource. If a tag fails to match the provided regular expression, the resource will be marked\nas not compliant, with a note detailing that the tag failed matching the regular expression.\n\nIf any value is valid, you can provide an `null` value instead of a regular expression, to avoid any matching from happening, instead of\nusing a blank / global expression such as `.*`\n\n#### `extra_config`\n\nThis section can be used to provide extra information that may be needed to validate a tag. At this time, this is not actively used by the\nbase auditor functions, but can be helpful in cases where you implement custom action methods\n\n\n## Implementing action methods\n\nAction methods are simple methods which accept a single argument being the `Resource` object that the action needs to be performed on. See\n[probator_auditor_required_tags/actions.py](probator_auditor_required_tags/actions.py) for example implementations.\n\nAction methods are dynamically loaded using entry points defined in [setup.py](setup.py#L22), in the namespace\n`probator_auditor_required_tags.actions`. The name of the entry point must be `_`. For example the action to remove\nan S3 bucket would be `aws_s3_bucket_remove`.", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/bunjiboys/probator-auditor-required-tags/", "keywords": "cloud security", "license": "License :: OSI Approved :: Apache Software License", "maintainer": "", "maintainer_email": "", "name": "probator-auditor-required-tags", "package_url": "https://pypi.org/project/probator-auditor-required-tags/", "platform": "", "project_url": "https://pypi.org/project/probator-auditor-required-tags/", "project_urls": { "Homepage": "https://github.com/bunjiboys/probator-auditor-required-tags/" }, "release_url": "https://pypi.org/project/probator-auditor-required-tags/1.2.0/", "requires_dist": null, "requires_python": "~=3.7", "summary": "Required Tags auditor", "version": "1.2.0" }, "last_serial": 4995454, "releases": { "1.1.1": [ { "comment_text": "", "digests": { "md5": "601740584e5ac10d58124f0cef95dccb", "sha256": "df7716f592fc5c1181987a19737036383a5120acb53c330e387f234a4f76cf45" }, "downloads": -1, "filename": "probator-auditor-required-tags-1.1.1.tar.gz", "has_sig": false, "md5_digest": "601740584e5ac10d58124f0cef95dccb", "packagetype": "sdist", "python_version": "source", "requires_python": "~=3.7", "size": 10499, "upload_time": "2019-02-01T19:55:57", "url": "https://files.pythonhosted.org/packages/d2/6a/c4663f6c075bb903185206ec34ae4ecd91314a8ae3adb9020675c31b3ff8/probator-auditor-required-tags-1.1.1.tar.gz" } ], "1.2.0": [ { "comment_text": "", "digests": { "md5": "fea764ec62a1a2e6004c3608e2aa69ab", "sha256": "009ca035c05f09f06db813f953aea8ecb34ee8a654da13f7ee773aed8de35e51" }, "downloads": -1, "filename": "probator-auditor-required-tags-1.2.0.tar.gz", "has_sig": false, "md5_digest": "fea764ec62a1a2e6004c3608e2aa69ab", "packagetype": "sdist", "python_version": "source", "requires_python": "~=3.7", "size": 10497, "upload_time": "2019-03-28T00:37:33", "url": "https://files.pythonhosted.org/packages/cd/97/237d86a2eada28f253ac5fd58abcc28715b11b40683a7d739eb0333f1bf8/probator-auditor-required-tags-1.2.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "fea764ec62a1a2e6004c3608e2aa69ab", "sha256": "009ca035c05f09f06db813f953aea8ecb34ee8a654da13f7ee773aed8de35e51" }, "downloads": -1, "filename": "probator-auditor-required-tags-1.2.0.tar.gz", "has_sig": false, "md5_digest": "fea764ec62a1a2e6004c3608e2aa69ab", "packagetype": "sdist", "python_version": "source", "requires_python": "~=3.7", "size": 10497, "upload_time": "2019-03-28T00:37:33", "url": "https://files.pythonhosted.org/packages/cd/97/237d86a2eada28f253ac5fd58abcc28715b11b40683a7d739eb0333f1bf8/probator-auditor-required-tags-1.2.0.tar.gz" } ] }