AWS Toolbox ๐Ÿงฐ - ํด๋ผ์šฐ๋“œ ์—”์ง€๋‹ˆ์–ด๋ฅผ ์œ„ํ•œ ๋ฉ‹์ง„ ๋„๊ตฌ ๋ฐ ์Šคํฌ๋ฆฝํŠธ ๋ชจ์Œ

6513 ๋‹จ์–ด devopsbashpythonaws
์›น์—์„œ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š” ์˜คํ”ˆ ์†Œ์Šค ๋„๊ตฌ๊ฐ€ ๋„ˆ๋ฌด ๋งŽ์„ ๋•Œ ๋งˆ์Œ๋Œ€๋กœ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š” ์˜ฌ๋ฐ”๋ฅธ ๋„๊ตฌ๋ฅผ ๊ฐ–์ถ”๋Š” ๊ฒƒ์€ ๋‹ค์†Œ ์–ด๋ ค์šธ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ AWS Toolbox ๐Ÿงฐ์—์„œ ๋‚ด๊ฐ€ ๊ฐ€์žฅ ์ข‹์•„ํ•˜๋Š” ๋„๊ตฌ, ์Šคํฌ๋ฆฝํŠธ ๋ฐ ๋ธ”๋กœ๊ทธ๋ฅผ ์—ฌ๋Ÿฌ๋ถ„๊ณผ ๊ณต์œ ํ•˜๊ธฐ๋กœ ๊ฒฐ์ •ํ–ˆ์Šต๋‹ˆ๋‹ค.

https://github.com/dannysteenman/aws-toolbox

๋‹ค์Œ์€ AWS Toolbox์—์„œ ์ฐพ์„ ์ˆ˜ ์žˆ๋Š” ๋‚ด์šฉ์ž…๋‹ˆ๋‹ค.

  • What's in the AWS Toolbox?
  • Scripts
  • Tools
  • Blogroll

  • Contributions

  • AWS ๋„๊ตฌ ์ƒ์ž์—๋Š” ๋ฌด์—‡์ด ์žˆ์Šต๋‹ˆ๊นŒ?



    ๋จผ์ € AWS ๋„๊ตฌ ์ƒ์ž์—์„œ ์ œ๊ณต๋˜๋Š” Bash ๋ฐ Python ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋„๋ก AWS ๋ช…๋ น์ค„ ์ธํ„ฐํŽ˜์ด์Šค(CLI)๋ฅผ ๊ตฌ์„ฑํ•˜๋Š” ๋ฐ ๋„์›€์ด ๋˜๋Š” ์†Œ๊ฐœ๋ฅผ ์ฐพ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

    ์Šคํฌ๋ฆฝํŠธ



    ๋ฐ˜๋ณต ์ž‘์—…์„ ํ”ผํ•˜๊ธฐ ์œ„ํ•ด ์‹คํ–‰ํ•˜๋Š” ๋ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š” 20๊ฐœ ์ด์ƒ์˜ Bash ๋ฐ Python ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์ฐพ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด multi_account_execution script์€ aws_account_list์— ์ง€์ •๋œ ๋ชจ๋“  ๊ณ„์ •์—์„œ Boto3 ๋ช…๋ น์„ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ๋Š” ๊ธฐ๋Šฅ์„ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค. ์ž์„ธํ•œ ๋‚ด์šฉ์€ ์•„๋ž˜ ์ฝ”๋“œ๋ฅผ ์ฐธ์กฐํ•˜์„ธ์š”.

    # https://github.com/dannysteenman/aws-toolbox
    #
    # This script gives you the ability to run Boto3 commands on all accounts which are specified in the aws_account_list
    
    import boto3
    
    aws_account_list = ["111111111111", "222222222222", "333333333333"]
    
    def role_arn_to_session(**args):
        client = boto3.client("sts")
        response = client.assume_role(**args)
        return boto3.Session(
            aws_access_key_id=response["Credentials"]["AccessKeyId"],
            aws_secret_access_key=response["Credentials"]["SecretAccessKey"],
            aws_session_token=response["Credentials"]["SessionToken"],
        )
    
    # This decides what role to use, the name of the session you will start, and potentially an external id.
    # The external id can be used as a passcode to protect your role.
    def set_boto3_clients(account_id):
        return role_arn_to_session(
            RoleArn="arn:aws:iam::" + account_id + ":role/your-rolename-to-assume",
            RoleSessionName="your-rolename-to-assume",
        )
    
    # This is an example function which deletes evaluation results for a specific config rule.
    # You can create your own Boto3 function which you want to execute on mutliple accounts.
    def delete_awsconfig_rule_evaluations(awsconfig):
        return awsconfig.delete_evaluation_results(ConfigRuleName="SHIELD_002")
    
    def lambda_handler(event, context):
        for account_id in aws_account_list:
            run_boto3_in_account = set_boto3_clients(account_id)
            # You can use run_boto3_in_account as if you are using boto in another account
            # For example: s3 = run_boto3_in_account.client('s3')
            awsconfig = run_boto3_in_account.client("config")
            delete_awsconfig_rule_evaluations(awsconfig)
    
    if __name__ == " __main__":
        lambda_handler({"invokingEvent": '{"messageType":"ScheduledNotification"}'}, None)
    
    


    ๋„๊ตฌ



    ๋ฆฌํฌ์ง€ํ† ๋ฆฌ์˜ ์ด ์„น์…˜์—๋Š” ์ฝ˜์†”, CLI ๋˜๋Š” API์—์„œ AWS ์‚ฌ์šฉ์„ ์ž๋™ํ™”ํ•˜๊ฑฐ๋‚˜ ๋‹จ์ˆœํ™”ํ•˜๋Š” ์ธ๊ธฐ ์žˆ๋Š” ๋„๊ตฌ ๋ฐ ์ˆจ๊ฒจ์ง„ ๋ณด์„ ๐Ÿ’Ž์— ๋Œ€ํ•œ ๋งํฌ๊ฐ€ ํฌํ•จ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.

    ์ž๋™ํ™”๋œ ๋ฐฉ์‹์œผ๋กœ ๋น„๊ต์  ์‰ฝ๊ฒŒ AWS ECS ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์„ค์ •ํ•˜๊ณ  ๋ฐฐํฌํ•˜๋Š” ๋ฐ ๋„์›€์ด ๋˜๋Š” ๋„๋ฆฌ ์‚ฌ์šฉ๋˜๋Š” ๋„๊ตฌ์˜ ์˜ˆ๋Š” AWS Copilot CLI ์ž…๋‹ˆ๋‹ค. AWS Copilot CLI๋Š” ๊ฐœ๋ฐœ์ž๊ฐ€ Amazon ECS ๋ฐ AWS Fargate์—์„œ ์ƒ์‚ฐ ์ค€๋น„๊ฐ€ ๋œ ์ปจํ…Œ์ด๋„ˆํ™”๋œ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์„ ๊ตฌ์ถ•, ๋ฆด๋ฆฌ์Šค ๋ฐ ์šด์˜ํ•  ์ˆ˜ ์žˆ๋Š” ๋„๊ตฌ์ž…๋‹ˆ๋‹ค.



    ์ˆจ๊ฒจ์ง„ ๋ณด์„ ๐Ÿ’Ž์˜ ์˜ˆ๋Š” steampipe ์ž…๋‹ˆ๋‹ค. ์ด ๋„๊ตฌ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด SQL๊ณผ ์œ ์‚ฌํ•œ ๋ฐฉ์‹์œผ๋กœ ํด๋ผ์šฐ๋“œ ๋ฆฌ์†Œ์Šค๋ฅผ ์ฟผ๋ฆฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์—ฌ๋Ÿฌ AWS ๋ฆฌ์†Œ์Šค๋ฅผ ์ฟผ๋ฆฌํ•˜๋ ค๋Š” ๊ฒฝ์šฐ ์ด ๋„๊ตฌ๊ฐ€ ๊ธฐ๋ณธ AWS CLI๋ณด๋‹ค ํ›จ์”ฌ ๋น ๋ฅด๊ณ  ์‚ฌ์šฉํ•˜๊ธฐ ์‰ฝ์Šต๋‹ˆ๋‹ค!

    ๋‹ค์Œ๊ณผ ๊ฐ™์ด SQL์„ ์‚ฌ์šฉํ•˜์—ฌ ์ฟผ๋ฆฌ ํด๋ผ์šฐ๋“œ API๋ฅผ ์ฆ‰์‹œ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

    select
      title,
      create_date,
      mfa_enabled
    from
      aws_iam_user
    
    


    ์˜ˆ์ œ ์ฟผ๋ฆฌ๋Š” ์ƒ์„ฑ ๋‚ ์งœ์™€ MFA๊ฐ€ ํ™œ์„ฑํ™”๋œ ๊ฒฝ์šฐ๋ฅผ ํฌํ•จํ•˜์—ฌ ๋ชจ๋“  IAM ์‚ฌ์šฉ์ž๋ฅผ ๋ฐ˜ํ™˜ํ•ฉ๋‹ˆ๋‹ค.

    +-----------------+---------------------+-------------+
    | title | create_date | mfa_enabled |
    +-----------------+---------------------+-------------+
    | pam_beesly | 2005-03-24 21:30:00 | false |
    | creed_bratton | 2005-03-24 21:30:00 | true |
    | stanley_hudson | 2005-03-24 21:30:00 | false |
    | michael_scott | 2005-03-24 21:30:00 | false |
    | dwight_schrute | 2005-03-24 21:30:00 | true |
    +-----------------+---------------------+-------------+
    
    


    ๊ทธ๋Ÿฌ๋‚˜์ด ๋„๊ตฌ์˜ ์ง„์ •ํ•œ ํž˜์€ ๋ชจ๋“œ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค! Steampipe ๋ชจ๋“œ๋Š” ์ฟผ๋ฆฌ, ์ปจํŠธ๋กค, ๋ฒค์น˜๋งˆํฌ์™€ ๊ฐ™์€ ๊ด€๋ จ Steampipe ๋ฆฌ์†Œ์Šค ๋ชจ์Œ์ž…๋‹ˆ๋‹ค. Steampipe Hub์—์„œ ์—ฌ๋Ÿฌ ๋ชจ๋“œ ์ค‘ ํ•˜๋‚˜๋ฅผ ๋‹ค์šด๋กœ๋“œํ•˜๊ฑฐ๋‚˜ ์ง์ ‘ ๋งŒ๋“ค ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

    AWS์— ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š” ๋ชจ๋“œ์˜ ์ข‹์€ ์˜ˆ๋Š” AWS Compliance Mod ์ž…๋‹ˆ๋‹ค. ์ด ๋ชจ๋“œ๋Š” AWS ๊ธฐ๋ณธ ๋ณด์•ˆ ๋ชจ๋ฒ” ์‚ฌ๋ก€์— ๋Œ€ํ•œ ๊ฐœ๋ณ„ ๊ตฌ์„ฑ, ๊ทœ์ • ์ค€์ˆ˜ ๋ฐ ๋ณด์•ˆ ์ œ์–ด ๋˜๋Š” ์ „์ฒด ๊ทœ์ • ์ค€์ˆ˜ ๋ฒค์น˜๋งˆํฌ๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ธฐ๋ณธ์ ์œผ๋กœ ์ด๋Š” AWS ๊ณ„์ •์—์„œ ์ „์ฒด ๋ณด์•ˆ ์ƒํƒœ ํ™•์ธ์„ ์‹คํ–‰ํ•˜๊ณ  ๊ฒฐ๊ณผ๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ๋ณด๊ณ ์„œ๋ฅผ ์ƒ์„ฑํ•  ์ˆ˜ ์žˆ์Œ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. ๋”ฐ๋ผ์„œ ์ด ๋„๊ตฌ๋Š” AWS ๊ณ„์ •์„ ๋ณดํ˜ธํ•˜๋Š” ๋ฐ ๋งค์šฐ ์œ ์šฉํ•ฉ๋‹ˆ๋‹ค.

    ๋ธ”๋กœ๊ทธ๋กค



    ์ด ์„น์…˜์—๋Š” ์œ ์šฉํ•œ ํŒ๊ณผ ํŠธ๋ฆญ์ด ํฌํ•จ๋œ AWS ๋ธ”๋กœ๊ทธ ๋ชจ์Œ์ด ํฌํ•จ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.

    | ๋ธ”๋กœ๊ทธ ์ œ๋ชฉ | ์„ค๋ช… |
    | AWS Security | ์ตœ์‹  AWS ๋ณด์•ˆ, ์ž๊ฒฉ ์ฆ๋ช… ๋ฐ ๊ทœ์ • ์ค€์ˆ˜ ์ถœ์‹œ, ๋ฐœํ‘œ ๋ฐ ๋ฐฉ๋ฒ• ๊ฒŒ์‹œ๋ฌผ์ž…๋‹ˆ๋‹ค. |
    | AWS DevOps | ์ตœ์‹  AWS DevOps ๋ฐœํ‘œ ๋ฐ ๋ฐฉ๋ฒ• ๊ฒŒ์‹œ๋ฌผ์ž…๋‹ˆ๋‹ค. |
    | Netflix Techblog | Netflix์˜ ์„ธ๊ณ„์ ์ธ ์—”์ง€๋‹ˆ์–ด๋ง ๋…ธ๋ ฅ, ๊ธฐ์—… ๋ฌธํ™”, ์ œํ’ˆ ๊ฐœ๋ฐœ ๋“ฑ์— ๋Œ€ํ•ด ์•Œ์•„๋ณด์„ธ์š”. |
    | Last week in AWS | ์šฐ๋ฆฌ๋Š” ๋ฌธ์ž ๊ทธ๋Œ€๋กœ AWS์˜ ๋ชจ๋“  ๊ฒƒ์— ๋Œ€ํ•œ ์ธํ„ฐ๋„ท์˜ ์œ ์ผํ•˜๊ฒŒ ๋น„์—ดํ•˜๊ณ  ๋น„๊ผฌ๋Š” ๋ฆฌ์†Œ์Šค์ž…๋‹ˆ๋‹ค. ์šฐ๋ฆฌ๋Š” ๊ทธ๊ฒƒ์„ ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. |

    ๊ธฐ์—ฌ



    ๋ชจ๋“  ๊ธฐ์—ฌ๋ฅผ ํ™˜์˜ํ•ฉ๋‹ˆ๋‹ค! ๋”ฐ๋ผ์„œ Bash ๋˜๋Š” Python ์Šคํฌ๋ฆฝํŠธ๊ฐ€ ์žˆ๋Š” ๊ฒฝ์šฐ ํ’€ ๋ฆฌํ€˜์ŠคํŠธ๋ฅผ ์ž์œ ๋กญ๊ฒŒ ์ƒ์„ฑํ•˜์„ธ์š”! contribution guidelines์„ ์ฝ๊ณ  ๊ธฐ์—ฌํ•  ์ˆ˜ ์žˆ๋Š” ๋ฐฉ๋ฒ•์„ ์ฝ์–ด๋ณด์‹ญ์‹œ์˜ค.


    ๐Ÿ‘‹ ์ด ๊ธฐ์‚ฌ๊ฐ€ ๋งˆ์Œ์— ๋“œ์…จ๋‚˜์š”? ์•„๋ž˜ ์˜๊ฒฌ์— ์—ฐ๋ฝํ•˜๊ฑฐ๋‚˜ ์˜๊ฒฌ์„ ๋ณด๋‚ด์ฃผ์„ธ์š”.

    ์ข‹์€ ์›นํŽ˜์ด์ง€ ์ฆ๊ฒจ์ฐพ๊ธฐ