Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/43 | Added AutoScaling Same Az Elb plugin, spec file #292

Merged
merged 85 commits into from
Sep 21, 2020
Merged

Feature/43 | Added AutoScaling Same Az Elb plugin, spec file #292

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
85 commits
Select commit Hold shift + click to select a range
e1708af
SPLOIT-113: Added Plain Text Parameters plugin for CloudFormation
AkhtarAmir Aug 12, 2020
2122ade
Added vpcEndpointAcceptance plugin and spec file
AkhtarAmir Aug 13, 2020
306d721
SPLOIT-113: Added Plain Text Parameters plugin for CloudFormation
AkhtarAmir Aug 14, 2020
7c8616c
Added plugin and spec file for launch wizard security groups
AkhtarAmir Aug 14, 2020
de52e8a
Merge branch 'master' into feature/ec2-plugin-mark-launch-wizard-secu…
AkhtarAmir Aug 14, 2020
f3b72f6
Merge pull request #1 from AkhtarAmir/feature/ec2-plugin-mark-launch-…
AkhtarAmir Aug 14, 2020
d32cbac
Merge branch 'master' of https://github.com/AkhtarAmir/scans into fea…
AkhtarAmir Aug 14, 2020
3da6672
Refactored code in plaintextParameters plugin and spec file
AkhtarAmir Aug 14, 2020
928c712
Merge pull request #2 from AkhtarAmir/feature/SPLOIT-113
AkhtarAmir Aug 14, 2020
ce65325
SPLOIT-113: Updated custom settings
AkhtarAmir Aug 14, 2020
f3e3ab5
Merge pull request #3 from AkhtarAmir/feature/SPLOIT-113
AkhtarAmir Aug 14, 2020
e70b96a
Made PR requested changes
AkhtarAmir Aug 14, 2020
f62a1d5
SPLOIT-113: Added regex to check if NoEcho is enabled
AkhtarAmir Aug 14, 2020
865e0b6
Merge pull request #4 from AkhtarAmir/feature/SPLOIT-113
AkhtarAmir Aug 14, 2020
9745614
Merge remote-tracking branch 'upstream/master' into master
AkhtarAmir Aug 15, 2020
1b80ac4
Accommodated PR changes
AkhtarAmir Aug 17, 2020
c0dc834
Fixed eslint issues
AkhtarAmir Aug 18, 2020
7d457bd
Update exports.js
AkhtarAmir Aug 18, 2020
8c2466c
Fixed eslint issues
AkhtarAmir Aug 18, 2020
ccb92ee
Update index.js
AkhtarAmir Aug 18, 2020
93c553d
Update index.js
AkhtarAmir Aug 18, 2020
cf21d1d
Added cloudformation in china and gov regions
AkhtarAmir Aug 18, 2020
aac8ece
Accomodated PR changes
AkhtarAmir Aug 18, 2020
7707dbd
Updated status in result of failure
AkhtarAmir Aug 18, 2020
a50876d
Added Same Availability Zone in ASG and ELB plugin
AkhtarAmir Aug 20, 2020
a4ea92f
SPLOIT-113: Added Plain Text Parameters plugin for CloudFormation
AkhtarAmir Aug 14, 2020
8e5b6be
Added plugin and spec file for launch wizard security groups
AkhtarAmir Aug 14, 2020
a9afe44
Added vpcEndpointAcceptance plugin and spec file
AkhtarAmir Aug 13, 2020
0323a98
Refactored code in plaintextParameters plugin and spec file
AkhtarAmir Aug 14, 2020
aab9f79
SPLOIT-113: Updated custom settings
AkhtarAmir Aug 14, 2020
12d88c1
Made PR requested changes
AkhtarAmir Aug 14, 2020
7dd1a5b
SPLOIT-113: Added regex to check if NoEcho is enabled
AkhtarAmir Aug 14, 2020
c8a23c3
Accommodated PR changes
AkhtarAmir Aug 17, 2020
92821dd
Fixed eslint issues
AkhtarAmir Aug 18, 2020
e32accc
Update index.js
AkhtarAmir Aug 18, 2020
90094a2
Update index.js
AkhtarAmir Aug 18, 2020
c29ab07
Accomodated PR changes
AkhtarAmir Aug 18, 2020
49f1202
Updated status in result of failure
AkhtarAmir Aug 18, 2020
fa70d92
Updated master from upstream/master
AkhtarAmir Aug 21, 2020
9ceec61
Added Same Availability Zone in ASG and ELB plugin
AkhtarAmir Aug 20, 2020
0fdac09
Merge branch 'feature/43' of https://github.com/AkhtarAmir/scans into…
AkhtarAmir Aug 22, 2020
5ad291e
Feature/43: Updated describeLoadBalancers api call
AkhtarAmir Aug 22, 2020
357cd0b
SPLOIT-113: Added Plain Text Parameters plugin for CloudFormation
AkhtarAmir Aug 14, 2020
77ca002
Added plugin and spec file for launch wizard security groups
AkhtarAmir Aug 14, 2020
73172b8
Added vpcEndpointAcceptance plugin and spec file
AkhtarAmir Aug 13, 2020
7b448ff
Refactored code in plaintextParameters plugin and spec file
AkhtarAmir Aug 14, 2020
50d9d70
SPLOIT-113: Updated custom settings
AkhtarAmir Aug 14, 2020
46ff92c
Made PR requested changes
AkhtarAmir Aug 14, 2020
ec1e5ef
SPLOIT-113: Added regex to check if NoEcho is enabled
AkhtarAmir Aug 14, 2020
e89dd5e
Accommodated PR changes
AkhtarAmir Aug 17, 2020
4d7ee30
Fixed eslint issues
AkhtarAmir Aug 18, 2020
f5c9bf0
Update index.js
AkhtarAmir Aug 18, 2020
53e18b8
Update index.js
AkhtarAmir Aug 18, 2020
6ec73bc
Accomodated PR changes
AkhtarAmir Aug 18, 2020
2f55a11
Updated status in result of failure
AkhtarAmir Aug 18, 2020
0ba2fbf
SPLOIT-113: Added Plain Text Parameters plugin for CloudFormation
AkhtarAmir Aug 12, 2020
e9415b9
SPLOIT-113: Added Plain Text Parameters plugin for CloudFormation
AkhtarAmir Aug 14, 2020
8820775
Added plugin and spec file for launch wizard security groups
AkhtarAmir Aug 14, 2020
8e6b23b
Added vpcEndpointAcceptance plugin and spec file
AkhtarAmir Aug 13, 2020
82d8406
Refactored code in plaintextParameters plugin and spec file
AkhtarAmir Aug 14, 2020
b022a52
SPLOIT-113: Updated custom settings
AkhtarAmir Aug 14, 2020
d3ee380
Made PR requested changes
AkhtarAmir Aug 14, 2020
560d273
SPLOIT-113: Added regex to check if NoEcho is enabled
AkhtarAmir Aug 14, 2020
9195d32
Accommodated PR changes
AkhtarAmir Aug 17, 2020
0287cc5
Fixed eslint issues
AkhtarAmir Aug 18, 2020
1315ccd
Update exports.js
AkhtarAmir Aug 18, 2020
229461c
Update index.js
AkhtarAmir Aug 18, 2020
f5a3b8b
Update index.js
AkhtarAmir Aug 18, 2020
c574f76
Accomodated PR changes
AkhtarAmir Aug 18, 2020
1a4b495
Updated status in result of failure
AkhtarAmir Aug 18, 2020
a45a9f7
Merge branch 'master' of https://github.com/AkhtarAmir/scans into master
AkhtarAmir Aug 28, 2020
645abeb
Removed unnecesary rebase changes
AkhtarAmir Aug 28, 2020
9c56541
Feature/43: Updated describeLoadBalancers api call
AkhtarAmir Aug 22, 2020
1477e98
Merge branch 'feature/43' of https://github.com/AkhtarAmir/scans into…
AkhtarAmir Aug 29, 2020
89a3f78
Updated sameAzElb plugin
AkhtarAmir Aug 30, 2020
4bea421
Merge branch 'master' of https://github.com/AkhtarAmir/scans into fea…
AkhtarAmir Aug 30, 2020
3cf14f3
Added Same Availability Zone in ASG and ELB plugin
AkhtarAmir Aug 20, 2020
4d2cb6c
Feature/43: Updated describeLoadBalancers api call
AkhtarAmir Aug 22, 2020
e94a070
Feature/43: Updated describeLoadBalancers api call
AkhtarAmir Aug 22, 2020
7ad105c
Updated sameAzElb plugin
AkhtarAmir Aug 30, 2020
f4ca990
Merge branch 'feature/43' of https://github.com/AkhtarAmir/scans into…
AkhtarAmir Aug 30, 2020
02564d7
Resolved merge conflicts
AkhtarAmir Aug 30, 2020
fab662a
feature/43: accommodated PR changes
AkhtarAmir Sep 6, 2020
ccae677
feature/43: Updated plugin title
AkhtarAmir Sep 13, 2020
84c5152
Merge branch 'master' into feature/43
AkhtarAmir Sep 13, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions exports.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ module.exports = {
'asgMultiAz' : require(__dirname + '/plugins/aws/autoscaling/asgMultiAz.js'),
'asgActiveNotifications' : require(__dirname + '/plugins/aws/autoscaling/asgActiveNotifications.js'),
'emptyASG' : require(__dirname + '/plugins/aws/autoscaling/emptyASG.js'),
'sameAzElb' : require(__dirname + '/plugins/aws/autoscaling/sameAzElb.js'),
'asgMissingELB' : require(__dirname + '/plugins/aws/autoscaling/asgMissingELB.js'),
'workgroupEncrypted' : require(__dirname + '/plugins/aws/athena/workgroupEncrypted.js'),
'workgroupEnforceConfiguration' : require(__dirname + '/plugins/aws/athena/workgroupEnforceConfiguration.js'),
Expand Down
119 changes: 119 additions & 0 deletions plugins/aws/autoscaling/sameAzElb.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
var async = require('async');
var helpers = require('../../../helpers/aws');

module.exports = {
title: 'AutoScaling ELB Same Availability Zone',
category: 'AutoScaling',
description: 'Ensures all autoscaling groups with attached ELBs are operating in the same availability zone.',
more_info: 'To work properly and prevent orphaned instances, ELBs must be created in the same availability zones as the backend instances in the autoscaling group.',
link: 'https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-availability-zone.html',
recommended_action: 'Update the ELB to use the same availability zones as the autoscaling group.',
apis: ['AutoScaling:describeAutoScalingGroups', 'ELB:describeLoadBalancers', 'ELBv2:describeLoadBalancers'],

run: function(cache, settings, callback) {
var results = [];
var source = {};
var regions = helpers.regions(settings);
var loadBalancers = {};

async.each(regions.autoscaling, function(region, rcb){
var autoScalingGroups = helpers.addSource(cache, source,
['autoscaling', 'describeAutoScalingGroups', region]);

var elasticLoadBalancers = helpers.addSource(cache, source,
['elb', 'describeLoadBalancers', region]);

var elasticLoadBalancersV2 = helpers.addSource(cache, source,
['elbv2', 'describeLoadBalancers', region]);

if (!autoScalingGroups || !elasticLoadBalancers || !elasticLoadBalancersV2) return rcb();

if (autoScalingGroups.err || !autoScalingGroups.data) {
helpers.addResult(results, 3, 'Unable to query for AutoScaling groups: ' + helpers.addError(autoScalingGroups), region);
return rcb();
}

if (elasticLoadBalancers.err || !elasticLoadBalancers.data) {
helpers.addResult(results, 3, 'Unable to query for Classic load balancers: ' + helpers.addError(elasticLoadBalancers), region);
return rcb();
}

if (elasticLoadBalancersV2.err || !elasticLoadBalancersV2.data) {
helpers.addResult(results, 3, 'Unable to query for Application/Network load balancers: ' + helpers.addError(elasticLoadBalancersV2), region);
return rcb();
}

if (!autoScalingGroups.data.length) {
helpers.addResult(results, 0, 'No AutoScaling group found', region);
return rcb();
}

if (elasticLoadBalancers.data.length) {
elasticLoadBalancers.data.forEach(function(elb) {
if(elb.LoadBalancerName) {
loadBalancers[elb.LoadBalancerName] = elb;
}
});
}

if (elasticLoadBalancersV2.data.length) {
elasticLoadBalancersV2.data.forEach(function(elbv2) {
if(elbv2.LoadBalancerName) {
loadBalancers[elbv2.LoadBalancerName] = elbv2;
}
});
}

autoScalingGroups.data.forEach(function(asg) {
var asgAvailabilityZones = asg.AvailabilityZones;
var distinctAzs = [];
var resource = asg.AutoScalingGroupARN;

if(asg.HealthCheckType == 'ELB') {
if (asg.LoadBalancerNames && asg.LoadBalancerNames.length) {

asg.LoadBalancerNames.forEach(function(elbName) {
if(loadBalancers[elbName]) {
var loadBalancer = loadBalancers[elbName];
var elbAvailabilityZones = loadBalancer.AvailabilityZones;

if (elbAvailabilityZones && elbAvailabilityZones.length) {
elbAvailabilityZones.forEach(function(elbAz) {
if(asgAvailabilityZones && asgAvailabilityZones.length && !asgAvailabilityZones.includes(elbAz)) {
distinctAzs.push(elbAz);
}
});
}

if(distinctAzs.length) {
helpers.addResult(results, 2,
'Auto scaling group "' + asg.AutoScalingGroupName + '" has load balancers in these different availability zones: ' + distinctAzs.join(', '),
region, resource);
}
else {
helpers.addResult(results, 0,
'Auto scaling group "' + asg.AutoScalingGroupName + '" has all load balancers in same availability zones',
region, resource);
}
} else {
helpers.addResult(results, 2,
'AutoScaling group "' + asg.AutoScalingGroupName + '" utilizes inactive load balancers',
region, resource);
}
});
}
else {
helpers.addResult(results, 0, 'AutoScaling group does not have any Load Balancer associated', region, resource);
}
}
else {
helpers.addResult(results, 0, 'AutoScaling group does not utilize a load balancer', region, resource);
}
});

rcb();
}, function(){
callback(null, results, source);
});
}
};
Loading