Final Post — Concept: Alexa Golden Images with Packer on AWS, Azure, and GCP

  • Provider: Cloud provider told to Alexa
  • Decision: Yes/No to Inspector scan question
  • Operating System: OS told to Alexa
  • Download the latest, preconfigured Packer build config JSON, depending on the Cloud Provider, that was stored in an S3 bucket.
{
"variables": {
"aws_access_key": "",
"aws_secret_key": "",
"packer_vpc_id": "",
"packer_subnet_id": "",
"packer_security_group": "",
"ami_name": ""
},
"builders": [{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"type": "amazon-ebs",
"region": "us-east-1",
"source_ami": "ami-0947d2ba12ee1ff75",
"instance_type": "m4.large",
"ssh_username": "ec2-user",
"ami_name": "{{user `ami_name`}}",
"ssh_timeout": "5m",
"iam_instance_profile": "SSMAutomationPackerCF",
"vpc_id": "{{user `packer_vpc_id`}}",
"subnet_id": "{{user `packer_subnet_id`}}",
"security_group_id": "{{user `packer_security_group`}}",
"associate_public_ip_address": true
}],
"provisioners": [{
"type": "shell",
"inline": ["sudo yum update -y"]
}]
}
{
"variables": {
"client_id": "",
"client_secret": "",
"tenant_id": "",
"subscription_id": "",
"location": "",
"managed_image_name": ""
},
"builders": [{
"type": "azure-arm",
"client_id": "{{ user `client_id` }}",
"client_secret": "{{ user `client_secret` }}",
"tenant_id": "{{ user `tenant_id` }}",
"subscription_id": "{{ user `subscription_id` }}",
"managed_image_resource_group_name": "packer-azure-resource-group",
"managed_image_name": "{{ user `managed_image_name` }}",
"os_type": "Linux",
"image_publisher": "Canonical",
"image_offer": "UbuntuServer",
"image_sku": "18.04-LTS",
"image_version": "latest",
"location": "{{ user `location` }}",
"vm_size": "Standard_B2s"
}],
"provisioners": [{
"type": "shell",
"inline": ["sudo yum update -y"]
}]
}
{
"variables": {
"account_file": "",
"project_id": "",
"zone": "",
"image_name": ""
},
"builders": [{
"type": "googlecompute",
"project_id": "{{user `project_id`}}",
"source_image": "debian-9-stretch-v20200805",
"zone": "{{user `zone`}}",
"ssh_username": "packer",
"account_file": "{{ user `service_account_json`}}",
"image_name": "{{ user `image_name`}}"
}],
"provisioners": [{
"type": "shell",
"inline": ["sudo yum update -y"]
}]
}
ssm_client = boto3.client('ssm', region_name=region)
response = ssm_client.start_automation_execution(
DocumentName='AWS-RunPacker',
Parameters={
"TemplateFileName": <template_file>,
"TemplateS3BucketName": <bucket_name>,
"Mode": ["Build"]
}
)
execution_id = response["AutomationExecutionId"]
status = "InProgress"
while status in ["Pending","InProgress"]:
updated = ssm_client.get_automation_execution(AutomationExecutionId=execution_id)
status = updated['AutomationExecution']['AutomationExecutionStatus']
print(status)
time.sleep(15)
findings_response = inspector_client.list_findings(
assessmentRunArns=[event['AWS']],
filter={
'severities': ['High']
}
)
findings_details = inspector_client.describe_findings(findingArns=findings_list, locale='EN_US')
def parse_findings(findings_data):
""" Parse findings into something useful """
findings_parsed =[]
for details in findings_data['findings']:
if details is not None:
details['recommendation'] = re.sub('\s+',' ', details['recommendation']).strip()
details['title'] = re.sub('\s+',' ', details['title']).strip()
details['description'] = re.sub('\s+',' ', details['description']).strip().replace('Description ', 'Description: ')
finding = {
"rule_id": details['id'].strip(),
"recommendation": details['recommendation'],
"severity": details['severity'].strip(),
"title": details['title'],
"description": details['description']
}
findings_parsed.append(finding)
return findings_parsed

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Web Storages and Cookies

A Review a Day Keeps the Conflicts Away

Quirks in Class Template Argument Deduction

</ OverTheWire > Bandit Level 2 → Level 3

How to be a Senior Junior Software Engineer?(part 1)

Test Azure Service Bus Performance by Generating a Million Test Messages in Queue, Topic or Event…

And the next, you’re perfectly in flow, writing the most important book of your entire career.

Why using pre-push Git Hooks with Husky is not always a good idea

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
rav3n

rav3n

More from Medium

Azure Eventhub to GCP pubsub cross-clouds real-time migration

Infrastructure as Code: Is it so hard?

Kubernetes Deployment Strategies

Cloud Composer upgrade