Skip to content
This repository has been archived by the owner on Apr 19, 2021. It is now read-only.

kreuzwerker/arebot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
action
action
 
 
cloudwatch
cloudwatch
 
 
config
config
 
 
environment
environment
 
 
httpserver
httpserver
 
 
ldap
ldap
 
 
main
main
 
 
misc/sqs-dump
misc/sqs-dump
 
 
resource
resource
 
 
sqsworker
sqsworker
 
 
storeresults
storeresults
 
 
test
test
 
 
util
util
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE.md
LICENSE.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
arebot.cfg
arebot.cfg
 
 
core.go
core.go
 
 
event_handler.go
event_handler.go
 
 
event_handler_test.go
event_handler_test.go
 
 
glide.lock
glide.lock
 
 
glide.yaml
glide.yaml
 
 

Repository files navigation

AreBOT

Build Status

AreBOT is an automatic and highly configurable tool to monitor your Amazon Web Services (AWS) cloud environments for resource compliance violations. Any detected violation can be reported to the specified set of recipients (e.g., administrators), and, in some cases, automatically corrected. The goal of AreBOT is to simplify the design and enforcement of compliance policies in complex AWS cloud infrastructures - possibly multi-region/account.

AreBOT supports both real-time and scheduled resource compliance checking. The AWS resources currently supported are Elastic Compute Cloud (EC2) Instances, Security Groups, Elastic Block Store Volumes and Snapshots. Support for Simple Storage Service Buckets is also on the way.

Using AreBOT, you can define complex compliance policies using a simple and flexible configuration language. More in details, a compliance policy defines the set of rules imposed on a resource's configuration setting (e.g., tag policies, security policies such as access control and encryption requirements), the set of actions to take in case of compliance violation (e.g., email notification or modification of the resource state), and a set of trigger rules to schedule periodic checks. A future guide will cover the configuration file in depth but, for now, please rely on the commented configuration file arebot.cfg.

The AreBOT client is developed in Go, and uses the AWS SDK for Go to interact with the AWS services deployed on the AWS account to monitor.

Links

Quick Install

Prerequisites

To enable AreBOT to monitor an AWS cloud environment, you need to perform some setup steps on the environment first. You can use the Amazon CloudFormation templates in the environment/ folder as a reference for this process. In particular, you will need to configure the AWS auditing service CloudTrail to track resource activities, and to send this information to AreBOT as Amazon CloudWatch Events by using an Amazon SQS message queue.

Dependencies

GoLang dependencies are managed with glide. To install those run the following command:

$ glide install

This will create a vendor folder as part of the source repository.

Build

Simply run make clean build to compile the sources as an OSX binary. There are targets for Linux (build-linux) and Windows as well. Consult the Makefile for further information.

Run AreBOT

$ make run starts AreBOT using the config file that comes along with the code. Feel free to modify the run command and config to your needs. In particular, be sure to

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

1 star

Watchers

31 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages