-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
154 lines (122 loc) · 5.35 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# Copyright 2024 Chris Farris <[email protected]>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ifndef env
$(error env is not set)
endif
include config.$(env)
export
ifndef version
export version := $(shell date +%Y%m%d-%H%M)
endif
IMAGENAME ?= steampipe
DEPLOY_PREFIX ?= deploy-packages
# Local to this Makefile Vars
PROWLER_TEMPLATE=cloudformation/Prowler-Template.yaml
PROWLER_OUTPUT_TEMPLATE_PREFIX=Prowler-Template-Transformed
PROWLER_OUTPUT_TEMPLATE=$(PROWLER_OUTPUT_TEMPLATE_PREFIX)-$(version).yaml
PROWLER_TEMPLATE_URL ?= https://s3.amazonaws.com/$(DEPLOY_BUCKET)/$(DEPLOY_PREFIX)/$(PROWLER_OUTPUT_TEMPLATE)
#
# Steampipe Container Targets
#
build:
docker build -t $(IMAGENAME) .
force-build:
docker build --no-cache -t $(IMAGENAME) .
run: stop
docker run -itP \
-e AWS_DEFAULT_REGION -e AWS_SECRET_ACCESS_KEY -e AWS_ACCESS_KEY_ID -e AWS_SESSION_TOKEN \
-e ROLENAME -e OUTPUT_BUCKET \
--entrypoint bash $(IMAGENAME)
build-run: stop build run
list:
docker images | grep $(IMAGENAME)
stop:
$(eval ID := $(shell docker ps | grep $(IMAGENAME) | cut -d " " -f 1 ))
@if [ ! -z $(ID) ] ; then docker kill $(ID) ; fi
repo:
aws ecr create-repository --repository-name $(IMAGENAME)
push:
ifndef IMAGE_ID
$(eval IMAGE_ID := $(shell docker images $(IMAGENAME) --format "{{.ID}}" ))
endif
$(eval AWS_ACCOUNT_ID := $(shell aws sts get-caller-identity --query Account --output text ))
aws ecr get-login-password --region $(AWS_DEFAULT_REGION) | docker login --username AWS --password-stdin $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_DEFAULT_REGION).amazonaws.com
docker tag $(IMAGE_ID) $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_DEFAULT_REGION).amazonaws.com/$(IMAGENAME):$(version)
docker push $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_DEFAULT_REGION).amazonaws.com/$(IMAGENAME):$(version)
@echo "Now go set the IMAGE_VERSION to $(version)"
container: build push
#
# General Lambda / CFn targets
#
deps:
cd lambda && $(MAKE) deps
#
# Prowler Deploy Commands
#
prowler-package: deps
@aws cloudformation package --template-file $(PROWLER_TEMPLATE) --s3-bucket $(DEPLOY_BUCKET) --s3-prefix $(DEPLOY_PREFIX)/transform --output-template-file cloudformation/$(PROWLER_OUTPUT_TEMPLATE) --metadata build_ver=$(version)
@aws s3 cp cloudformation/$(PROWLER_OUTPUT_TEMPLATE) s3://$(DEPLOY_BUCKET)/$(DEPLOY_PREFIX)/
rm cloudformation/$(PROWLER_OUTPUT_TEMPLATE)
@echo "Deploy via $(PROWLER_TEMPLATE_URL)"
prowler-deploy: prowler-package
ifndef PROWLER_MANIFEST
$(error PROWLER_MANIFEST is not set)
endif
cft-deploy -m $(PROWLER_MANIFEST) --template-url $(PROWLER_TEMPLATE_URL) pTemplateURL=$(PROWLER_TEMPLATE_URL) pImageVersion=$(IMAGE_VERSION) --force
#
# Google Sheet Deploy Commands
#
gsheet-deps:
cd gsheet-lambda && $(MAKE) deps
gsheet-package: gsheet-deps
@aws cloudformation package --template-file $(GSHEET_TEMPLATE) --s3-bucket $(DEPLOY_BUCKET) --s3-prefix $(DEPLOY_PREFIX)/transform --output-template-file cloudformation/$(GSHEET_OUTPUT_TEMPLATE) --metadata build_ver=$(version)
@aws s3 cp cloudformation/$(GSHEET_OUTPUT_TEMPLATE) s3://$(DEPLOY_BUCKET)/$(DEPLOY_PREFIX)/
rm cloudformation/$(GSHEET_OUTPUT_TEMPLATE)
@echo "Deploy via $(GSHEET_TEMPLATE_URL)"
gsheet-deploy: gsheet-package
ifndef GSHEET_MANIFEST
$(error GSHEET_MANIFEST is not set)
endif
cft-deploy -m $(GSHEET_MANIFEST) --template-url $(GSHEET_TEMPLATE_URL) pTemplateURL=$(GSHEET_TEMPLATE_URL) --force
#
# Regional Findings Deploy commands
#
findings-package: deps
@aws cloudformation package --template-file $(FINDINGS_TEMPLATE) --s3-bucket $(DEPLOY_BUCKET) --s3-prefix $(DEPLOY_PREFIX)/transform --output-template-file cloudformation/$(FINDINGS_OUTPUT_TEMPLATE) --metadata build_ver=$(version)
@aws s3 cp cloudformation/$(FINDINGS_OUTPUT_TEMPLATE) s3://$(DEPLOY_BUCKET)/$(DEPLOY_PREFIX)/
rm cloudformation/$(FINDINGS_OUTPUT_TEMPLATE)
findings-deploy: findings-package
ifndef FINDINGS_MANIFEST
$(error FINDINGS_MANIFEST is not set)
endif
cft-deploy -m cloudformation/$(FINDINGS_MANIFEST) --template-url $(FINDINGS_TEMPLATE_URL) pTemplateURL=$(FINDINGS_TEMPLATE_URL) --force
clean:
cd lambda && $(MAKE) clean
#
# Bucket Import
#
prepare-import-bucket:
aws cloudformation create-change-set --output text \
--stack-name $(PROWLER_STACKNAME) \
--change-set-name bucket-import \
--parameters ParameterKey=pBucketName,ParameterValue=$(OUTPUT_BUCKET) \
--template-body file://cloudformation/ProwlerBucket-ImportTemplate.yaml \
--change-set-type IMPORT \
--resources-to-import ResourceType=AWS::S3::Bucket,LogicalResourceId=ProwlerBucket,ResourceIdentifier={BucketName=$(OUTPUT_BUCKET)}
@echo sleeping 30 seconds for changeset to execute
aws cloudformation describe-change-set --change-set-name bucket-import --stack-name $(PROWLER_STACKNAME)
@echo "If the Status is in CREATE_COMPLETE, you can perform `make execute-import-bucket`"
execute-import-bucket:
aws cloudformation execute-change-set --change-set-name bucket-import --stack-name $(PROWLER_STACKNAME)
# EOF