diff --git a/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-sli.yaml b/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-sli.yaml index f46b4224..19622303 100644 --- a/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-sli.yaml +++ b/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-sli.yaml @@ -32,4 +32,6 @@ spec: - name: AWS_ACCESS_KEY_ID workspaceKey: {{custom.aws_access_key_id}} - name: AWS_SECRET_ACCESS_KEY - workspaceKey: {{custom.aws_secret_access_key}} \ No newline at end of file + workspaceKey: {{custom.aws_secret_access_key}} + - name: AWS_ROLE_ARN + workspaceKey: {{custom.aws_role_arn}} \ No newline at end of file diff --git a/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-taskset.yaml b/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-taskset.yaml index 75af3e1a..9a2aabd9 100644 --- a/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-taskset.yaml +++ b/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-taskset.yaml @@ -28,4 +28,6 @@ spec: - name: AWS_ACCESS_KEY_ID workspaceKey: {{custom.aws_access_key_id}} - name: AWS_SECRET_ACCESS_KEY - workspaceKey: {{custom.aws_secret_access_key}} \ No newline at end of file + workspaceKey: {{custom.aws_secret_access_key}} + - name: AWS_ROLE_ARN + workspaceKey: {{custom.aws_role_arn}} \ No newline at end of file diff --git a/codebundles/aws-eks-health/check_eks_cluster_health.sh b/codebundles/aws-eks-health/check_eks_cluster_health.sh index a1f65f38..3bfa0c7f 100755 --- a/codebundles/aws-eks-health/check_eks_cluster_health.sh +++ b/codebundles/aws-eks-health/check_eks_cluster_health.sh @@ -1,8 +1,25 @@ #!/bin/bash -source ./auth.sh # Environment Variables: # AWS_REGION +auth() { + # if required AWS_ cli vars are not set, error and exit 1 + if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY || -z $AWS_REGION ]]; then + echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables." + exit 1 + fi + # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs + if [[ -n $AWS_ROLE_ARN ]]; then + sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession") + AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId') + AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey') + AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken') + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + export AWS_SESSION_TOKEN + fi +} +auth # get list of eks clusters eks_clusters=$(aws eks list-clusters --region $AWS_REGION --output json --query 'clusters[*]' | jq -r '.[]') diff --git a/codebundles/aws-eks-health/check_eks_fargate_cluster_health_status.sh b/codebundles/aws-eks-health/check_eks_fargate_cluster_health_status.sh index aa0e290d..65f66b6e 100755 --- a/codebundles/aws-eks-health/check_eks_fargate_cluster_health_status.sh +++ b/codebundles/aws-eks-health/check_eks_fargate_cluster_health_status.sh @@ -1,8 +1,25 @@ #!/bin/bash -source ./auth.sh # Environment Variables: # AWS_REGION +auth() { + # if required AWS_ cli vars are not set, error and exit 1 + if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY || -z $AWS_REGION ]]; then + echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables." + exit 1 + fi + # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs + if [[ -n $AWS_ROLE_ARN ]]; then + sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession") + AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId') + AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey') + AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken') + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + export AWS_SESSION_TOKEN + fi +} +auth # get list of eks clusters eks_clusters=$(aws eks list-clusters --region $AWS_REGION --output json --query 'clusters[*]' | jq -r '.[]') diff --git a/codebundles/aws-eks-health/list_eks_fargate_metrics.sh b/codebundles/aws-eks-health/list_eks_fargate_metrics.sh index 79946c1b..94b11fda 100755 --- a/codebundles/aws-eks-health/list_eks_fargate_metrics.sh +++ b/codebundles/aws-eks-health/list_eks_fargate_metrics.sh @@ -1,8 +1,26 @@ #!/bin/bash -source ./auth.sh # Environment Variables: # AWS_REGION +auth() { + # if required AWS_ cli vars are not set, error and exit 1 + if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY || -z $AWS_REGION ]]; then + echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables." + exit 1 + fi + # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs + if [[ -n $AWS_ROLE_ARN ]]; then + sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession") + AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId') + AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey') + AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken') + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + export AWS_SESSION_TOKEN + fi +} +auth + METRICS_LIST="vCPU Memory CPUUtilization Duration OnDemand Spot" START=$(date -d "1 day ago" +%s) END=$(date +%s) diff --git a/codebundles/aws-eks-health/runbook.robot b/codebundles/aws-eks-health/runbook.robot index f800b014..1f046433 100644 --- a/codebundles/aws-eks-health/runbook.robot +++ b/codebundles/aws-eks-health/runbook.robot @@ -23,6 +23,7 @@ Check EKS Fargate Cluster Health Status ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} IF "Error" in """${process.stdout}""" RW.Core.Add Issue title=EKS Fargate Cluster in ${AWS_REGION} is Unhealthy ... severity=3 @@ -41,6 +42,7 @@ Check EKS Cluster Health Status ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} IF "Error" in """${process.stdout}""" RW.Core.Add Issue title=EKS Cluster in ${AWS_REGION} is Unhealthy ... severity=3 @@ -59,6 +61,7 @@ List EKS Cluster Metrics ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} RW.Core.Add Pre To Report ${process.stdout} @@ -76,10 +79,15 @@ Suite Initialization ... type=string ... description=AWS Secret Access Key ... pattern=\w* + ${AWS_ROLE_ARN}= RW.Core.Import Secret AWS_ROLE_ARN + ... type=string + ... description=AWS Role ARN + ... pattern=\w* Set Suite Variable ${AWS_REGION} ${AWS_REGION} Set Suite Variable ${AWS_ACCESS_KEY_ID} ${AWS_ACCESS_KEY_ID} Set Suite Variable ${AWS_SECRET_ACCESS_KEY} ${AWS_SECRET_ACCESS_KEY} + Set Suite Variable ${AWS_ROLE_ARN} ${AWS_ROLE_ARN} Set Suite Variable diff --git a/codebundles/aws-eks-health/sli.robot b/codebundles/aws-eks-health/sli.robot index 03bbef6e..50270e93 100644 --- a/codebundles/aws-eks-health/sli.robot +++ b/codebundles/aws-eks-health/sli.robot @@ -16,13 +16,14 @@ Library Process Suite Setup Suite Initialization *** Tasks *** -Check EKS Fargate Cluster Health Status +Check EKS Cluster Health Status [Documentation] This script checks the health status of an Amazon EKS cluster. [Tags] EKS Cluster Health AWS Kubernetes Pods Nodes - ${process}= RW.CLI.Run Bash File check_eks_cluster_health_status.sh + ${process}= RW.CLI.Run Bash File check_eks_cluster_health.sh ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} IF "Error" in """${process.stdout}""" RW.Core.Push Metric 0 ELSE @@ -43,10 +44,15 @@ Suite Initialization ... type=string ... description=AWS Secret Access Key ... pattern=\w* + ${AWS_ROLE_ARN}= RW.Core.Import Secret AWS_ROLE_ARN + ... type=string + ... description=AWS Role ARN + ... pattern=\w* Set Suite Variable ${AWS_REGION} ${AWS_REGION} Set Suite Variable ${AWS_ACCESS_KEY_ID} ${AWS_ACCESS_KEY_ID} Set Suite Variable ${AWS_SECRET_ACCESS_KEY} ${AWS_SECRET_ACCESS_KEY} + Set Suite Variable ${AWS_ROLE_ARN} ${AWS_ROLE_ARN} Set Suite Variable ... &{env} diff --git a/codebundles/aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-sli.yaml b/codebundles/aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-sli.yaml index fc444074..55e5b3ca 100644 --- a/codebundles/aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-sli.yaml +++ b/codebundles/aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-sli.yaml @@ -32,4 +32,6 @@ spec: - name: AWS_ACCESS_KEY_ID workspaceKey: {{custom.aws_access_key_id}} - name: AWS_SECRET_ACCESS_KEY - workspaceKey: {{custom.aws_secret_access_key}} \ No newline at end of file + workspaceKey: {{custom.aws_secret_access_key}} + - name: AWS_ROLE_ARN + workspaceKey: {{custom.aws_role_arn}} \ No newline at end of file diff --git a/codebundles/aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-taskset.yaml b/codebundles/aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-taskset.yaml index 8f9122e5..510566c7 100644 --- a/codebundles/aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-taskset.yaml +++ b/codebundles/aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-taskset.yaml @@ -28,4 +28,6 @@ spec: - name: AWS_ACCESS_KEY_ID workspaceKey: {{custom.aws_access_key_id}} - name: AWS_SECRET_ACCESS_KEY - workspaceKey: {{custom.aws_secret_access_key}} \ No newline at end of file + workspaceKey: {{custom.aws_secret_access_key}} + - name: AWS_ROLE_ARN + workspaceKey: {{custom.aws_role_arn}} \ No newline at end of file diff --git a/codebundles/aws-elasticache-redis-health/analyze_aws_elasticache_redis_metrics.sh b/codebundles/aws-elasticache-redis-health/analyze_aws_elasticache_redis_metrics.sh index 10203ccf..cd0ee77e 100755 --- a/codebundles/aws-elasticache-redis-health/analyze_aws_elasticache_redis_metrics.sh +++ b/codebundles/aws-elasticache-redis-health/analyze_aws_elasticache_redis_metrics.sh @@ -1,8 +1,25 @@ #!/bin/bash -source ./auth.sh # Environment Variables: # AWS_REGION +auth() { + # if required AWS_ cli vars are not set, error and exit 1 + if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY || -z $AWS_REGION ]]; then + echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables." + exit 1 + fi + # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs + if [[ -n $AWS_ROLE_ARN ]]; then + sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession") + AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId') + AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey') + AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken') + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + export AWS_SESSION_TOKEN + fi +} +auth # Variables METRIC_NAMESPACE="AWS/ElastiCache" diff --git a/codebundles/aws-elasticache-redis-health/monitor_redis_performance.sh b/codebundles/aws-elasticache-redis-health/monitor_redis_performance.sh index 14dfb3ac..e93c3d9d 100644 --- a/codebundles/aws-elasticache-redis-health/monitor_redis_performance.sh +++ b/codebundles/aws-elasticache-redis-health/monitor_redis_performance.sh @@ -1,8 +1,26 @@ #!/bin/bash -source ./auth.sh + # Environment Variables: # AWS_REGION # REDIS_PASSWORD +auth() { + # if required AWS_ cli vars are not set, error and exit 1 + if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY || -z $AWS_REGION ]]; then + echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables." + exit 1 + fi + # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs + if [[ -n $AWS_ROLE_ARN ]]; then + sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession") + AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId') + AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey') + AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken') + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + export AWS_SESSION_TOKEN + fi +} +auth SLOWLOG_ENTRY_LIMIT="10" diff --git a/codebundles/aws-elasticache-redis-health/redis_status_scan.sh b/codebundles/aws-elasticache-redis-health/redis_status_scan.sh index 9c24c002..73df0524 100755 --- a/codebundles/aws-elasticache-redis-health/redis_status_scan.sh +++ b/codebundles/aws-elasticache-redis-health/redis_status_scan.sh @@ -1,8 +1,25 @@ #!/bin/bash -source ./auth.sh # Environment Variables: # AWS_REGION +auth() { + # if required AWS_ cli vars are not set, error and exit 1 + if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY || -z $AWS_REGION ]]; then + echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables." + exit 1 + fi + # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs + if [[ -n $AWS_ROLE_ARN ]]; then + sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession") + AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId') + AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey') + AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken') + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + export AWS_SESSION_TOKEN + fi +} +auth # Variables serverless_caches=$(aws elasticache describe-serverless-caches --region "$AWS_REGION") diff --git a/codebundles/aws-elasticache-redis-health/runbook.robot b/codebundles/aws-elasticache-redis-health/runbook.robot index 28f1307d..f5dacc70 100644 --- a/codebundles/aws-elasticache-redis-health/runbook.robot +++ b/codebundles/aws-elasticache-redis-health/runbook.robot @@ -23,6 +23,7 @@ Scan AWS Elasticache Redis Status ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} RW.Core.Add Pre To Report ${process.stdout} IF "Snapshot retention limit is set to 0" in """${process.stdout}""" RW.Core.Add Issue title=Snapshots not configured for Elasticache in region ${AWS_REGION} @@ -57,11 +58,16 @@ Suite Initialization ... type=string ... description=AWS Secret Access Key ... pattern=\w* + ${AWS_ROLE_ARN}= RW.Core.Import Secret AWS_ROLE_ARN + ... type=string + ... description=AWS Role ARN + ... pattern=\w* Set Suite Variable ${AWS_REGION} ${AWS_REGION} Set Suite Variable ${AWS_ACCESS_KEY_ID} ${AWS_ACCESS_KEY_ID} Set Suite Variable ${AWS_SECRET_ACCESS_KEY} ${AWS_SECRET_ACCESS_KEY} + Set Suite Variable ${AWS_ROLE_ARN} ${AWS_ROLE_ARN} Set Suite Variable diff --git a/codebundles/aws-elasticache-redis-health/sli.robot b/codebundles/aws-elasticache-redis-health/sli.robot index dc4b502a..3ddd928b 100644 --- a/codebundles/aws-elasticache-redis-health/sli.robot +++ b/codebundles/aws-elasticache-redis-health/sli.robot @@ -23,6 +23,7 @@ Scan ElastiCaches ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} Log ${process.stdout} Log ${process.stderr} IF ${process.rc} != 0 @@ -46,10 +47,15 @@ Suite Initialization ... type=string ... description=AWS Secret Access Key ... pattern=\w* + ${AWS_ROLE_ARN}= RW.Core.Import Secret AWS_ROLE_ARN + ... type=string + ... description=AWS Role ARN + ... pattern=\w* Set Suite Variable ${AWS_REGION} ${AWS_REGION} Set Suite Variable ${AWS_ACCESS_KEY_ID} ${AWS_ACCESS_KEY_ID} Set Suite Variable ${AWS_SECRET_ACCESS_KEY} ${AWS_SECRET_ACCESS_KEY} + Set Suite Variable ${AWS_ROLE_ARN} ${AWS_ROLE_ARN} Set Suite Variable ... &{env} diff --git a/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-sli.yaml b/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-sli.yaml index b62690fc..6c7016d2 100644 --- a/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-sli.yaml +++ b/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-sli.yaml @@ -32,4 +32,6 @@ spec: - name: AWS_ACCESS_KEY_ID workspaceKey: {{custom.aws_access_key_id}} - name: AWS_SECRET_ACCESS_KEY - workspaceKey: {{custom.aws_secret_access_key}} \ No newline at end of file + workspaceKey: {{custom.aws_secret_access_key}} + - name: AWS_ROLE_ARN + workspaceKey: {{custom.aws_role_arn}} \ No newline at end of file diff --git a/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-taskset.yaml b/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-taskset.yaml index ff6aed45..15ab5343 100644 --- a/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-taskset.yaml +++ b/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-taskset.yaml @@ -28,4 +28,6 @@ spec: - name: AWS_ACCESS_KEY_ID workspaceKey: {{custom.aws_access_key_id}} - name: AWS_SECRET_ACCESS_KEY - workspaceKey: {{custom.aws_secret_access_key}} \ No newline at end of file + workspaceKey: {{custom.aws_secret_access_key}} + - name: AWS_ROLE_ARN + workspaceKey: {{custom.aws_role_arn}} \ No newline at end of file diff --git a/codebundles/aws-lambda-health/analyze_lambda_invocation_errors.sh b/codebundles/aws-lambda-health/analyze_lambda_invocation_errors.sh index de7b17b6..b9721d1d 100755 --- a/codebundles/aws-lambda-health/analyze_lambda_invocation_errors.sh +++ b/codebundles/aws-lambda-health/analyze_lambda_invocation_errors.sh @@ -1,9 +1,25 @@ #!/bin/bash -source ./auth.sh # Environment Variables: #AWS_REGION - +auth() { + # if required AWS_ cli vars are not set, error and exit 1 + if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY || -z $AWS_REGION ]]; then + echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables." + exit 1 + fi + # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs + if [[ -n $AWS_ROLE_ARN ]]; then + sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession") + AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId') + AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey') + AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken') + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + export AWS_SESSION_TOKEN + fi +} +auth SINCE="24h" diff --git a/codebundles/aws-lambda-health/list_lambda_runtimes.sh b/codebundles/aws-lambda-health/list_lambda_runtimes.sh index 3742eec7..19d71b16 100755 --- a/codebundles/aws-lambda-health/list_lambda_runtimes.sh +++ b/codebundles/aws-lambda-health/list_lambda_runtimes.sh @@ -1,6 +1,22 @@ #!/bin/bash -source ./auth.sh - +auth() { + # if required AWS_ cli vars are not set, error and exit 1 + if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY || -z $AWS_REGION ]]; then + echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables." + exit 1 + fi + # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs + if [[ -n $AWS_ROLE_ARN ]]; then + sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession") + AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId') + AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey') + AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken') + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + export AWS_SESSION_TOKEN + fi +} +auth # Fetch all Lambda function names function_names=$(aws lambda list-functions --query 'Functions[*].FunctionName' --output text) diff --git a/codebundles/aws-lambda-health/monitor_aws_lambda_performance_metrics.sh b/codebundles/aws-lambda-health/monitor_aws_lambda_performance_metrics.sh index 5d20263a..b1e72300 100755 --- a/codebundles/aws-lambda-health/monitor_aws_lambda_performance_metrics.sh +++ b/codebundles/aws-lambda-health/monitor_aws_lambda_performance_metrics.sh @@ -1,9 +1,26 @@ #!/bin/bash -source ./auth.sh - # Environment Variables: # AWS_REGION +auth() { + # if required AWS_ cli vars are not set, error and exit 1 + if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY || -z $AWS_REGION ]]; then + echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables." + exit 1 + fi + # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs + if [[ -n $AWS_ROLE_ARN ]]; then + sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession") + AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId') + AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey') + AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken') + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + export AWS_SESSION_TOKEN + fi +} +auth + START=$(date -d "60 minutes ago" +%s) END=$(date +%s) PERIOD=3600 diff --git a/codebundles/aws-lambda-health/runbook.robot b/codebundles/aws-lambda-health/runbook.robot index 62527933..6c9a7cdf 100644 --- a/codebundles/aws-lambda-health/runbook.robot +++ b/codebundles/aws-lambda-health/runbook.robot @@ -23,6 +23,7 @@ List Lambda Versions and Runtimes ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} RW.Core.Add Pre To Report ${process.stdout} Analyze AWS Lambda Invocation Errors @@ -32,6 +33,7 @@ Analyze AWS Lambda Invocation Errors ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} RW.Core.Add Pre To Report ${process.stdout} IF "ERROR" in """${process.stdout}""" RW.Core.Add Issue title=AWS Lambda Invocation Errors @@ -50,6 +52,7 @@ Monitor AWS Lambda Performance Metrics ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} RW.Core.Add Pre To Report ${process.stdout} @@ -68,10 +71,15 @@ Suite Initialization ... type=string ... description=AWS Secret Access Key ... pattern=\w* + ${AWS_ROLE_ARN}= RW.Core.Import Secret AWS_ROLE_ARN + ... type=string + ... description=AWS Role ARN + ... pattern=\w* Set Suite Variable ${AWS_REGION} ${AWS_REGION} Set Suite Variable ${AWS_ACCESS_KEY_ID} ${AWS_ACCESS_KEY_ID} Set Suite Variable ${AWS_SECRET_ACCESS_KEY} ${AWS_SECRET_ACCESS_KEY} + Set Suite Variable ${AWS_ROLE_ARN} ${AWS_ROLE_ARN} Set Suite Variable ... &{env} diff --git a/codebundles/aws-lambda-health/sli.robot b/codebundles/aws-lambda-health/sli.robot index ab2c2b8d..125a6987 100644 --- a/codebundles/aws-lambda-health/sli.robot +++ b/codebundles/aws-lambda-health/sli.robot @@ -23,6 +23,7 @@ Analyze AWS Lambda Invocation Errors ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} IF "ERROR" in """${process.stdout}""" RW.Core.Push Metric 0 ELSE @@ -43,10 +44,15 @@ Suite Initialization ... type=string ... description=AWS Secret Access Key ... pattern=\w* + ${AWS_ROLE_ARN}= RW.Core.Import Secret AWS_ROLE_ARN + ... type=string + ... description=AWS Role ARN + ... pattern=\w* Set Suite Variable ${AWS_REGION} ${AWS_REGION} Set Suite Variable ${AWS_ACCESS_KEY_ID} ${AWS_ACCESS_KEY_ID} Set Suite Variable ${AWS_SECRET_ACCESS_KEY} ${AWS_SECRET_ACCESS_KEY} + Set Suite Variable ${AWS_ROLE_ARN} ${AWS_ROLE_ARN} Set Suite Variable ... &{env} diff --git a/codebundles/aws-s3-bucket-storage-report/.runwhen/templates/aws-s3-bucket-storage-report-taskset.yaml b/codebundles/aws-s3-bucket-storage-report/.runwhen/templates/aws-s3-bucket-storage-report-taskset.yaml index cdd53dc8..96025db8 100644 --- a/codebundles/aws-s3-bucket-storage-report/.runwhen/templates/aws-s3-bucket-storage-report-taskset.yaml +++ b/codebundles/aws-s3-bucket-storage-report/.runwhen/templates/aws-s3-bucket-storage-report-taskset.yaml @@ -28,4 +28,6 @@ spec: - name: AWS_ACCESS_KEY_ID workspaceKey: {{custom.aws_access_key_id}} - name: AWS_SECRET_ACCESS_KEY - workspaceKey: {{custom.aws_secret_access_key}} \ No newline at end of file + workspaceKey: {{custom.aws_secret_access_key}} + - name: AWS_ROLE_ARN + workspaceKey: {{custom.aws_role_arn}} \ No newline at end of file diff --git a/codebundles/aws-s3-bucket-storage-report/check_aws_s3_bucket_storage_utilization.sh b/codebundles/aws-s3-bucket-storage-report/check_aws_s3_bucket_storage_utilization.sh index 6346c8bc..3604fa32 100755 --- a/codebundles/aws-s3-bucket-storage-report/check_aws_s3_bucket_storage_utilization.sh +++ b/codebundles/aws-s3-bucket-storage-report/check_aws_s3_bucket_storage_utilization.sh @@ -1,5 +1,22 @@ #!/bin/bash -source ./auth.sh +auth() { + # if required AWS_ cli vars are not set, error and exit 1 + if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY || -z $AWS_REGION ]]; then + echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables." + exit 1 + fi + # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs + if [[ -n $AWS_ROLE_ARN ]]; then + sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession") + AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId') + AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey') + AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken') + export AWS_ACCESS_KEY_ID + export AWS_SECRET_ACCESS_KEY + export AWS_SESSION_TOKEN + fi +} +auth # Variables # THRESHOLD=85 diff --git a/codebundles/aws-s3-bucket-storage-report/runbook.robot b/codebundles/aws-s3-bucket-storage-report/runbook.robot index cbe6dda5..e5cc404f 100644 --- a/codebundles/aws-s3-bucket-storage-report/runbook.robot +++ b/codebundles/aws-s3-bucket-storage-report/runbook.robot @@ -23,6 +23,7 @@ Check AWS S3 Bucket Storage Utilization ... env=${env} ... secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} ... secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} + ... secret__AWS_ROLE_ARN=${AWS_ROLE_ARN} RW.Core.Add Pre To Report ${process.stdout} *** Keywords *** @@ -39,10 +40,15 @@ Suite Initialization ... type=string ... description=AWS Secret Access Key ... pattern=\w* + ${AWS_ROLE_ARN}= RW.Core.Import Secret AWS_ROLE_ARN + ... type=string + ... description=AWS Role ARN + ... pattern=\w* Set Suite Variable ${AWS_REGION} ${AWS_REGION} Set Suite Variable ${AWS_ACCESS_KEY_ID} ${AWS_ACCESS_KEY_ID} Set Suite Variable ${AWS_SECRET_ACCESS_KEY} ${AWS_SECRET_ACCESS_KEY} + Set Suite Variable ${AWS_ROLE_ARN} ${AWS_ROLE_ARN} Set Suite Variable ... &{env}