Giters

forward3d / garrison-agent-aws-sqs

Garrison Agent that provides AWS SQS compliance checks

Home Page:https://github.com/forward3d/garrison

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

garrisongarrison-agentaws-sqscompliance

Garrison Agent - AWS SQS

This is a part of the Garrison security project. This agent mainly provides compliance alerts and other basic checks.

Checks Provided

Function Name Description
check_dlq_retention Checks that the DeadLetterQueues have the max message retention period
check_encryption Checks that the queues have encryption enabled
check_redrive Checks for queues without a redrive policy (excluding those acting as one)

Installation & Example

Docker Hub - https://hub.docker.com/r/forward3d/garrison-agent-aws-sqs/

docker pull forward3d/garrison-agent-aws-sqs
docker run --rm -e "GARRISON_URL=https://garrison.internal.acme.com" forward3d/garrison-agent-aws-sqs check_encryption

AWS Authentication

As this requires access to the AWS API you will need this IAM policy as a minimum for it to operate correctly.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "sqs:ListQueues",
                "sqs:GetQueueAttributes"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

We recommend using EC2/ECS Task roles so that you don't need to send credentials into the container, however if you can't use those or want to send in specific Access Keys and Secret keys, please see the AWS Documentation as to how you do that.

Check Specific Configuration

Some checks provided by this agent have extra configuration options.

check_dlq_retention

Environmental Variable Default
GARRISON_SQS_MESSAGE_RETENTION_THRESHOLD 1209600 (14 days)

About

Garrison Agent that provides AWS SQS compliance checks

https://github.com/forward3d/garrison

garrisongarrison-agentaws-sqscompliance

Languages

Language:Ruby 92.1%Language:Dockerfile 7.9%