-
Notifications
You must be signed in to change notification settings - Fork 0
140 lines (116 loc) · 4.99 KB
/
aws-inventory.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: AWS Auto Inventory
on:
workflow_dispatch:
jobs:
aws-scan:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
CI_COMMIT_MESSAGE: Fetched AWS Assets
steps:
# Step 1: Checkout the repository
- name: Checkout Code
uses: actions/checkout@v3
- name: Set up Python 3.x
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install System Dependencies
run: |
sudo apt-get update
sudo apt-get install -y python3-dev libatlas-base-dev gfortran libopenblas-dev liblapack-dev build-essential
python -m pip install --upgrade pip
pip install --only-binary=:all: numpy==1.24.4 pandas==2.1.0 boto3==1.28.34 openpyxl==3.1.2
- name: Install AWS CLI
run: |
sudo apt-get update
sudo apt-get install -y python3 python3-pip
pip install awscli==1.36.40 botocore==1.35.99 --upgrade --user
- name: Add AWS CLI to PATH
run: |
echo "export PATH=\"$HOME/.local/bin:$PATH\"" >> $GITHUB_ENV
- name: Configure AWS CLI
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AUTOMATION_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AUTOMATION_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-1 # Hardcoded region for testing
run: |
echo "AWS_ACCESS_KEY_ID is set"
echo "AWS_SECRET_ACCESS_KEY is set"
echo "AWS_DEFAULT_REGION is $AWS_DEFAULT_REGION"
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ] || [ -z "$AWS_DEFAULT_REGION" ]; then
echo "AWS credentials or region are not set." >&2
exit 1
fi
aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID"
aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY"
aws configure set region "$AWS_DEFAULT_REGION"
# - name: Verify AWS CLI Configuration
# env:
# AWS_REGION: us-east-1 # Hardcoded region for testing
# run: |
# if ! aws sts get-caller-identity; then
# echo "Failed to verify AWS credentials." >&2
# exit 1
# fi
- name: Run AWS Auto Inventory
run: |
git clone https://github.com/aws-samples/aws-auto-inventory.git
cd aws-auto-inventory
pip install -r requirements.txt
TIMESTAMP=$(date +"%Y-%m-%dT%H-%M")
OUTPUT_DIR="../data/json/aws/${TIMESTAMP}/us-east-1"
python3 scan.py -s ../config/aws.json -r us-east-1 --output_dir $OUTPUT_DIR
echo "Scan complete."
# - name: Commit and Push Results
# run: |
# echo "aws-auto-inventory/" >> .gitignore
# git config --local user.name "GitHub Actions"
# git config --local user.email "actions@github.com"
# mkdir -p data/json/aws
# git add data/json/aws
# git commit -m "${{ env.CI_COMMIT_MESSAGE }}" || echo "No changes to commit"
# git push origin HEAD:${{ github.ref }}
process-inventory:
needs: aws-scan
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
CI_COMMIT_MESSAGE: Processed FedRAMP AWS Inventory
steps:
# Step 1: Checkout the repository
- name: Checkout Code
uses: actions/checkout@v3
# Step 2: Set up Python
- name: Set up Python 3.x
uses: actions/setup-python@v4
with:
python-version: '3.10'
# Step 3: Install System Dependencies
- name: Install System Dependencies
run: |
sudo apt-get update
sudo apt-get install -y python3-dev libatlas-base-dev gfortran libopenblas-dev liblapack-dev build-essential
# Step 4: Install Python Dependencies
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install --only-binary=:all: numpy==1.24.4 pandas==2.1.0 openpyxl==3.1.2
# Step 5: Run Inventory Processing
- name: Run Inventory Processing
run: |
python3 main.py
echo "${{ env.CI_COMMIT_MESSAGE }}"
# Step 6: Commit and Push Results
- name: Commit and Push Results
run: |
git config --local user.name "GitHub Actions"
git config --local user.email "actions@github.com"
mkdir -p output
git add output
git commit -m "${{ env.CI_COMMIT_MESSAGE }}"
git push origin HEAD:${{ github.ref }}