Scripts and templates relevant to patching and scanning EC2 instances
See https://confluence.cornell.edu/display/CLOUD/Beta+AWS+Inspector+and+Patching
- Moved and renamed repo to https://github.com/cu-cit-cloud-team/aws-patching-scanning; was https://github.com/CU-CommunityApps/ct-patching-scanning.
- Removed unused Lambda function and AMI data file.
- Renamed default branch to
main; wasmaster. - Added bucket policy to S3 bucket and set public access block for bucket.
-
cloudformation contains CloudFormation templates for deploying this functionality.
-
scripts contains reporting scripts used by Jenkins jobs
The patch baselines in cloudformation/15-patch-baselines.yaml are based on the AWS default patch baselines, but slightly modified to patch additional packages that Inspector would otherwise trigger on.
This repo comes with Dockerfile and docker-compose.yml files that can help provide an execution environment for running the scripts in scripts/.
docker and docker-compose must be installed and configured. See https://docs.docker.com/install/.
Bring container up (it will build if there isn't one locally already):
docker-compose up --detachAttach to bash shell in container to run scripts:
docker-compose exec awspython bashStop Docker container and clean up after docker-compose:
docker-compose down