Skip to content

feature(rules): activate intelligent tiering in S3 buckets #697

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
PChol22 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feature(rules): activate intelligent tiering in S3 buckets #697

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4301573
create rule : activate intelligent tiering in S3 buckets (TODO - Refa…
May 13, 2022
747fabc
fix rule name
May 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion src/guardian/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,12 @@ import NoMaximumTimeout from "./rules/best_practices/no-max-timeout";
import NoMaximumMemory from "./rules/best_practices/no-max-memory";
import NoIdenticalCode from "./rules/best_practices/no-identical-code";
import NoSharedRoles from "./rules/best_practices/no-shared-roles";
import S3ActivateIntelligentTiering from "./rules/best_practices/s3-activate-intelligent-tiering";
import {
getAWSCredentials,
getStackResources,
getLambdaFunctions,
getAllS3Buckets,
} from "../services";
import ServerlessConfigParser from "../services/severlessConfigParser/serverlessConfigParser";

Expand Down Expand Up @@ -43,12 +45,14 @@ class GuardianCI {
NoMaximumMemory,
NoIdenticalCode,
NoSharedRoles,
S3ActivateIntelligentTiering,
];
this.failingChecks = [];

this.resourceIDs = [];
this.allFunctions = [];
this.stackFunctions = [];
this.allS3Buckets = [];

if (program.slsDevToolsConfig) {
this.config = program.slsDevToolsConfig.guardian;
Expand Down Expand Up @@ -78,12 +82,19 @@ class GuardianCI {
return lambdaFunctionResources.map((lambda) => lambda.PhysicalResourceId);
}

async getAllS3Buckets() {
const S3 = new this.AWS.S3();
const allBuckets = getAllS3Buckets(S3);
return allBuckets;
}

async initResources() {
this.resourceIDs = await this.getStackFunctionResouceIDs();
this.allFunctions = await this.getAllLambdaFunctions();
this.stackFunctions = this.allFunctions.filter((lambda) =>
this.resourceIDs.includes(lambda.FunctionName)
);
this.allS3Buckets = await this.getAllS3Buckets();
}

ignoreCheck(check) {
Expand Down Expand Up @@ -144,7 +155,8 @@ class GuardianCI {
this.AWS,
this.stackName,
this.stackFunctions,
this.SLS
this.SLS,
this.allS3Buckets
);
if (!this.ignoreCheck(check)) {
const filteredStack = this.ignoreArns(check, this.stackFunctions);
Expand Down
51 changes: 51 additions & 0 deletions src/guardian/rules/best_practices/s3-activate-intelligent-tiering/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
class S3IntelligentTiering {
constructor(AWS, stackName, stackFunctions, SLS, stackS3Buckets) {
this.AWS = AWS;
this.stackName = stackName;
this.stackFunctions = stackFunctions;
this.SLS = SLS;
this.stackS3Buckets = stackS3Buckets;
this.name = "s3-intl-tiering";
this.failureMessage =
"The following S3 buckets have no Intelligent Tiering configurations defined";
this.S3 = new this.AWS.S3();
this.failingResources = [];
}

async getNumberOfIntelligentTieringConfigurations(bucketName) {
const configurations = await this.S3.listBucketIntelligentTieringConfigurations(
{
Bucket: bucketName,
}
).promise();
return configurations.IntelligentTieringConfigurationList.length;
}

async run() {
try {
const bucketsWithCount = await Promise.all(
this.stackS3Buckets.map(async (bucket) => {
const numberOfConfigurations = await this.getNumberOfIntelligentTieringConfigurations(
bucket.Name
);
return {
bucketName: bucket.Name,
numberOfConfigurations,
};
})
);
this.failingResources = bucketsWithCount.reduce(
(acc, current) =>
current.numberOfConfigurations === 0 ? [...acc, current] : acc,
[]
);
this.result = this.failingResources.length === 0;
} catch (e) {
console.error(e);
this.result = false;
}
return this.result;
}
}

export default S3IntelligentTiering;
9 changes: 9 additions & 0 deletions src/services/awsS3.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
async function getAllS3Buckets(S3) {
const response = await S3.listBuckets({}).promise();
const allBuckets = response.Buckets;
return allBuckets;
}

module.exports = {
getAllS3Buckets,
};
1 change: 1 addition & 0 deletions src/services/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
export { getAWSCredentials } from "./awsCredentials";
export { getStackResources } from "./stackResources";
export { getLambdaFunctions } from "./awsLambda";
export { getAllS3Buckets } from "./awsS3";