This job removes public access from RDS instances and makes the instances private.
5c8c26467a550e1fb6560c48
RDS instance should restrict public access
The provided AWS credential must have permissions that listed in the policy file here
You may run this script using following commands:
pip install -r ../../requirements.txt
python3 rds_remove_public_endpoint.py "`cat finding.json`"where finding.json has volume id and region info:
{
"notificationInfo": {
"FindingInfo": {
"ObjectId": "database-1",
"Region": "us-west-2"
}
}
}You may run test using following command under vss-remediation-worker-job-code-python directory:
python3 -m pytest test- Provision a Virtual Machine Create an EC2 instance to use for the worker. The minimum required specifications are 128 MB memory and 1/2 Core CPU.
- Setup Docker Install Docker on the newly provisioned EC2 instance. You can refer to the docs here for more information.
- Deploy the worker image SSH into the EC2 instance and run the command below to deploy the worker image:
docker run --rm -it --name worker \
-e VSS_CLIENT_ID={ENTER CLIENT ID}
-e VSS_CLIENT_SECRET={ENTER CLIENT SECRET} \
vmware/vss-remediation-worker:latest-pythonThe Secure State team welcomes welcomes contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our FAQ. All contributions to this repository must be signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on as an open-source patch.
For more detailed information, refer to CONTRIBUTING.md.
We use SemVer for versioning. For the versions available, see the tags on this repository.
- VMware Secure State - Initial work
See also the list of contributors who participated in this project.
This project is licensed under the Apache License - see the LICENSE file for details