-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrunInspecChecks
39 lines (32 loc) · 1 KB
/
runInspecChecks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
import boto3
import json
import re
client = boto3.client('ec2')
response = client.describe_tags(Filters=[{'Name': 'key','Values': ['<assigned Tag>']},])
for i in response["Tags"]:
resource = i["ResourceId"]
os = i["Value"]
if os == '<Tag Value>' and resource.startswith("i-"):
client = boto3.client('ssm')
association = client.create_association(
Name='AWS-RunInspecChecks',
Parameters={
'sourceType': [
'S3'
],
'sourceInfo': [
"{\"path\":\"https://<path to controls>\"}"
],
},
Targets=[
{
'Key': 'InstanceIds',
'Values': [
str(resource),
]
},
],
AssociationName='RHEL7STIGControls',
ComplianceSeverity='CRITICAL'and'HIGH'and'MEDIUM'and'LOW'and'UNSPECIFIED'
)
association