A framework to detect misconfigurations (Outliers).
- Ruby 1.9.3 or greater
gem install outliers
Create ~/outliers.yml with a list of accounts in the following format:
account_name:
region: AWS_REGION
access_key_id: AWS_ACCESS_ID
secret_access_key: AWS_SECRET_KEY
For example:
aws_prod:
region: us-east-1
access_key_id: abcd1234abcd1234abcd
secret_access_key: abcd1234abcd1234abcdabcd1234abcd1234abcd
Create a directory to store your evaluations.
mkdir ~/outliers
To verify all instances in aws_prod are in a VPC, create ec2.rb in ~/outliers containing:
evaluate do
connect 'aws_prod', provider: 'aws_ec2'
resources 'instance'
verify 'vpc'
end
Run outliers against the directory:
outliers process -d ~/outliers
Sample Output:
I, [2013-09-24T09:42:39.925400 #4940] INFO -- : Processing '~/outliers/ec2.rb'.
I, [2013-09-24T09:42:39.925657 #4940] INFO -- : Connecting via 'aws_prod' to 'aws_ec2'.
I, [2013-09-24T09:42:39.925703 #4940] INFO -- : Including connection options 'provider=aws_ec2,region=us-east-1'.
I, [2013-09-24T09:42:39.928945 #4940] INFO -- : Loading 'instance' resource collection.
I, [2013-09-24T09:42:41.192295 #4940] INFO -- : Verifying 'vpc'.
I, [2013-09-24T09:42:44.804036 #4940] INFO -- : Verification 'vpc' passed.
I, [2013-09-24T09:42:44.804147 #4940] INFO -- : Evaluations completed.
I, [2013-09-24T09:42:44.804211 #4940] INFO -- : (0 evaluations failed, 1 evaluations passed.)
Based on sanity.