Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: writes moved to cirrus #58

Merged
merged 1 commit into from
Nov 24, 2024
Merged

chore: writes moved to cirrus #58

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 20 additions & 17 deletions bin/p6lzctl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,8 +208,10 @@ p6_lz_cmd_destroy() {
p6_h3 "Cleaning CLI"
local audit_account_name=$(p6_lz_util_audit_account_name)
p6_aws_svc_organizations_sts_run_as $audit_account_name p6_lz_destroy_audit

local logarchive_account_name=$(p6_lz_util_logarchive_account_name)
p6_aws_svc_organizations_sts_run_as $logarchive_account_name p6_lz_destroy_logarchive

p6_lz_destroy_management

p6_h3 "Cleaning CDK"
Expand Down Expand Up @@ -251,19 +253,19 @@ p6_lz_destroy_management() {

# Piece of Shit -- do not use
# p6_h5 "Management: Inspector"
# p6_aws_svc_inspector_from_management_off $audit_account_id
# p6_cirrus_inspector_from_management_off $audit_account_id

p6_h5 "Management: Security Hub"
p6_aws_svc_securityhub_from_management_off $audit_account_id
p6_cirrus_securityhub_from_management_off $audit_account_id

p6_h5 "Management: Config"
p6_aws_svc_configservice_from_management_off $audit_account_id $AWS_REGION
p6_cirrus_configservice_from_management_off $audit_account_id $AWS_REGION

p6_h5 "Management: CloudTrail"
p6_aws_svc_cloudtrail_from_management_off $audit_account_id
p6_cirrus_cloudtrail_from_management_off $audit_account_id

p6_h5 "Management: CW Logs"
p6_aws_svc_logs_groups_prefix_delete "p6-lz-"
p6_cirrus_logs_groups_prefix_delete "p6-lz-"

p6_return_void
}
Expand All @@ -280,16 +282,17 @@ p6_lz_destroy_audit() {

# Piece of Shit -- do not use
# p6_h4 "Audit: Inspector"
# p6_aws_svc_inspector_from_delegated_off
# p6_cirrus_inspector_from_delegated_off

p6_h4 "Audit: Security Hub"
p6_aws_svc_securityhub_from_delegated_off
p6_cirrus_securityhub_from_delegated_off

p6_h4 "Audit: Config"
true # CDK actually works

p6_h4 "Audit: CloudTrail"
p6_cirrus_cloudtrail_trail_delete
p6_cirrus_cloudtrail_trail_delete "p6-lz-"

p6_h4 "Audit: CW Logs"
p6_lz_util_logs_delete

Expand Down Expand Up @@ -545,17 +548,17 @@ p6_lz_run_phase_3_management_account() {
local audit_account_id=$(p6_lz_util_audit_account_id_get)

p6_h3 "Phase 3: Management: Delegating CloudTrail"
p6_aws_svc_cloudtrail_from_management_on $audit_account_id
p6_cirrus_cloudtrail_from_management_on $audit_account_id

p6_h3 "Phase 3: Management: Delegating Config"
p6_aws_svc_configservice_from_management_on $audit_account_id $AWS_REGION
p6_cirrus_configservice_from_management_on $audit_account_id $AWS_REGION

p6_h3 "Phase 3: Management: Delegating SecurityHub"
p6_aws_svc_securityhub_from_management_on $audit_account_id
p6_cirrus_securityhub_from_management_on $audit_account_id

# Piece of Shit -- do not use
# p6_h3 "Phase 3: Management: Delegate Inspector"
# p6_aws_svc_inspector_from_management_on $audit_account_id
# p6_cirrus_inspector_from_management_on $audit_account_id

p6_return_void
}
Expand Down Expand Up @@ -605,14 +608,14 @@ p6_lz_run_phase_3_audit_account() {

p6_h3 "Phase 3: Audit: CloudTrail Start Logging"
local audit_account_name=$(p6_lz_util_audit_account_name)
p6_aws_svc_organizations_sts_run_as $audit_account_name p6_cirrus_cloudtrail_logging_start
p6_aws_svc_organizations_sts_run_as $audit_account_name p6_cirrus_cloudtrail_trail_logging_start p6-lz-

p6_h3 "Phase 3: Audit-2"
# p6_awscdk_cli_execute $action p6-lz-audit-2

# Piece of Shit -- do not use
# # Inspector
# p6_aws_svc_organizations_sts_run_as $audit_account_name p6_lz_util_inspector_setup
# p6_cirrus_organizations_sts_run_as $audit_account_name p6_lz_util_inspector_setup

p6_return_void
}
Expand Down Expand Up @@ -812,8 +815,8 @@ p6_lz_util_cdk_context_add_logarchive_bucket() {
# ######################################################################
# p6_lz_util_inspector_setup() {

# p6_aws_svc_inspector_role_service_linked_create
# p6_aws_svc_inspector_organization_members_enable
# p6_cirrus_inspector_role_service_linked_create
# p6_cirrus_inspector_organization_members_enable

# p6_return_void
# }
Expand Down Expand Up @@ -841,7 +844,7 @@ p6_lz_util_stacks_list() {
######################################################################
p6_lz_util_logs_delete() {

p6_aws_svc_logs_groups_prefix_delete "p6-lz-"
p6_cirrus_logs_groups_prefix_delete "p6-lz-"

p6_return_void
}
Expand Down
Loading