Scripts and templates relevant to patching and scanning EC2 instances
See https://confluence.cornell.edu/display/CLOUD/Beta+AWS+Inspector+and+Patching
-
cloudformation contains CloudFormation templates for deploying this functionality.
-
lambda-unused contains a lambda function developed to catch Inspector notifications and send Inspector reports
-
scripts contains reporting scripts used by Jenkins jobs
The patch baselines in cloudformation/15-patch-baselines.yaml are based on the AWS default patch baselines, but slightly modified to patch additional packages that Inspector would otherwise trigger on.
This repo comes with Dockerfile and docker-compose.yml files that can help provide an execution environment for running the scripts in scripts/.
docker and docker-compose must be installed and configured. See https://docs.docker.com/install/.
Bring container up (it will build if there isn't one locally already):
docker-compose up --detachAttach to bash shell in container to run scripts:
docker-compose exec awspython bashStop Docker container and clean up after docker-compose:
docker-compose down