created AWS repo

.ansible-sign/sha256sum.txt

@@ -0,0 +1,34 @@
+ca4c3bcb516497efc8aea5acde5a2d4804530c7ac2eb397344d182191a66cc4c  .config/ansible-lint.yml
+d01eacaa4a112ec4bda636f9c5dc11defffbd2552b0666cb801cf08fee615934  .github/workflows/ansible-lint.yml
+cf237c7aff44efbe6e502e645c3e06da03a69d7bdeb43392108ef3348143417e  .gitignore
+defe410a0ec093562779ec1baad49811323ed31818b620fcd69517ae01ea6db9  MANIFEST.in
+9ad6f55b4ccbb8868f29f93cf9eeb7674fc428765cbfc87791f6d6bdb265ef67  README.md
+334e2ea382939e200bdb588389bd93be4378b5e800a5ab25352a83c202ba4063  aws_parking_schedule.yml
+015f24b8ce1526d6c238368d441d27e21ba69c31f40ed754a36b48ff0a17bc48  aws_parking_start.yml
+b0b35c8cf39a7dfdb0692c8fc796dda38fdf448793d83e2503104b423a437007  aws_parking_stop.yml
+8b8c3e48b0872ca247149870922aefd6c4b346b9fd5c24fff9a00d20df199f3c  buildawsdetailedreport.yml
+fbebf3d2acc8fa8b93de398c099bec0d384582365a9e885eca3ae10a46077c7f  collections/requirements.yml
+4cb7ea6a459bb3d191fbe3b9fbb52bc6dbfe31e1b76adabf7b5c9e0ccf0b4f94  roles/aws_opt_in_start/defaults/main.yml
+207cb6dc0bb8b3c9388ba75aa3aa74570e68f0fce8d315eb84758eb74bd889c0  roles/aws_opt_in_start/tasks/main.yml
+d38d5b606954eef22a54eecc796d7d49e65a4a09459f743abca1451871795d0c  roles/aws_opt_in_start/tasks/start_ec2.yml
+4cb7ea6a459bb3d191fbe3b9fbb52bc6dbfe31e1b76adabf7b5c9e0ccf0b4f94  roles/aws_opt_in_stop/defaults/main.yml
+9ca94921ccf52e9a5e2a437c855fdf10e0fa9689f66b02aceacb4ff477648e0d  roles/aws_opt_in_stop/tasks/main.yml
+b8c2121806926f58faa4e46eb3a6481271f99804c07e8c54013303cffabe2ce8  roles/aws_opt_in_stop/tasks/stop_ec2.yml
+4cb7ea6a459bb3d191fbe3b9fbb52bc6dbfe31e1b76adabf7b5c9e0ccf0b4f94  roles/aws_retrieve_info/defaults/main.yml
+a426eb8fbffc99ade4cdce996e6c18d2cec0572632ea5ec3be9cf4af9d03831b  roles/aws_retrieve_info/tasks/main.yml
+589b37c25262ef29faaf469dcedc9008803b2a1a1c8e63e77c4645785ffdbca3  roles/aws_retrieve_info/tasks/retrieve_info.yml
+6c8b0dca0627067f90cf42f2eb4909022d5460bb7326949d98ce33c0232844b3  roles/aws_schedule_parking/tasks/main.yml
+030b09eb3b997831369b4928ba145b5e5530999259ae60fc613e8ac17d92a812  roles/build_report_aws/README.md
+85a58f5ab2fe784d4da58faa8e806d596b715dd2e956e5d24c1880bcbcbd3825  roles/build_report_aws/defaults/main.yml
+4524385a1dc3d49e61a7ddb824fc73da2feafe9547a3c9a29f95de7d1c757874  roles/build_report_aws/files/aws.png
+521d73e3e54fba589d7d7e72e7b864b473fbe3ec5da941a83e7ba053d150f0d7  roles/build_report_aws/files/css/aws.css
+131169581a08c7ac015462841a248157b7563e5b8c933d77fd41761188fa26e7  roles/build_report_aws/files/redhat-ansible-logo.svg
+2bfe24d4f6ca202fec0c7218897bda32340ec0cfd52329d5e37297a200ca781b  roles/build_report_aws/files/webpage_logo.png
+8656f39933ecb711379e46f4add535d86f1b244a741f6772282523502aec253b  roles/build_report_aws/meta/main.yml
+6e63b20277d99ffe50e945c75e43273349815e48ae189b099aba5d8cb7453615  roles/build_report_aws/tasks/main.yml
+1020dc7dced8d6364eab8a6288206e97b412621a0a4411c568eb652d54eb1e01  roles/build_report_aws/templates/ansible.j2
+26efbca220d46debc6058a876ea9f9e2ca9e75c8cb26343ec6d1e4d0c7000f4a  roles/build_report_aws/templates/fullreport.j2
+9f323ad6ccd1e98424e82df19fc8f1a23fba135d560fa40e00e2da2be6ef8d7e  roles/build_report_aws/templates/header.j2
+7a0f9cf2df62ee7d32115a933867daeb8dbaeafc2a598cdd6ecef58b4611c567  roles/build_report_aws/templates/report.j2
+6dd97b061c6e99597d170dfa49068192e29194d15b494f82c8959d81458f5539  roles/build_report_aws/templates/vpc.j2
+06867d265474dce008de42804b05715a89a84a2ee90daefedc7fe16dc6dc9a8e  roles/build_report_aws/vars/main.yml

.ansible-sign/sha256sum.txt.sig

@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmVOiisACgkQTiIiIXrU
+DNEyCgv8CzDugIRGfBSpUPLJKIma6NbRSewPlMewzQPUVmd+jTfd98bOB/EvOzL+
+L5RqcZp3njmppjJpOdqXafokqOnRLNWg8NrQBrzYXjOY18BeCoMoghjW0u8wRIqa
+3OlG9W8kPis4kTh8OeXEzTdWiur20p2t++hJzMVcUEah+tOJT5ECNP3HCINnkJqO
+OBe3o9KqMi/7oi/i67c/cChsVJRhufUxxbSbrSeQXlPHJBNtTnqYbc73bu0B24dG
+jAx4tWIddhSut0Qo8g3jS2ICN+qSjs8RhIhRE+6jXdeNV4c/0u9na1ehDU2eCkWw
+6e3YMf1YOrWoYh68U4kDPRwJv+q5mGHvK/1GNbdYE/Ewf/QvtJuiScPjNdYQ0urB
+IKeE7VV45drGLe2R+TETo+Evs48cuQ59qtkQLykRafqid85kd+gIpqLszIniW4cU
+J7Bje9K+EwPSPFj3voFUnR6wvWeeku4Amks82xABWcmGXAGfJpi0KoPoI+Xet08P
+YqoAsVdn
+=Xeqf
+-----END PGP SIGNATURE-----

.config/ansible-lint.yml

@@ -0,0 +1,34 @@
+---
+# parseable: true
+# quiet: true
+# verbosity: 1
+
+# use_default_rules: true
+# Load custom rules from this specific folder
+# rulesdir:
+#   - ./rule/directory/
+exclude_paths:
+  - /github/workspace/roles/shadowman_cis_rhel7/
+  - /github/workspace/roles/shadowman_cis_rhel8/
+  - /github/workspace/roles/shadowman_cis_windows_2016/
+  - /github/workspace/roles/shadowman_nist_rhel7/
+  - /github/workspace/roles/shadowman_nist_rhel8/
+  - /github/workspace/roles/shadowman_stig_windows_2016/
+  - /github/workspace/roles/shadowman_pci_rhel7/
+  - /github/workspace/roles/shadowman_pci_rhel8/
+  - /github/workspace/.github/workflows/
+# Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is
+# mentioned in the enable_list:
+# This makes the linter display but not fail for rules/tags listed below:
+offline: true
+warn_list:
+  - ignore-errors
+  - command-instead-of-module
+  - package-latest
+  - yaml
+  - no-changed-when
+  - literal-compare
+  - empty-string-compare
+  - git-latest
+  - name
+  - args[module]

.github/workflows/ansible-lint.yml

@@ -0,0 +1,19 @@
+name: Ansible Lint  # feel free to pick your own name
+
+on: [push, pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    # Important: This sets up your GITHUB_WORKSPACE environment variable
+    - uses: actions/checkout@v2
+
+    - name: Lint Ansible Playbook
+      # replace "master" with any valid ref
+      uses: ansible/[email protected]
+      # optional:
+      # with:
+      #   path: "playbooks/"  # <-- only one value is allowed

.gitignore

@@ -0,0 +1 @@
+.DS_Store

MANIFEST.in

@@ -0,0 +1,10 @@
+include README.md
+include .gitignore
+include *.yml
+include .config/ansible-lint.yml
+include .github/workflows/ansible-lint.yml
+include *.code-workspace
+recursive-exclude .git *
+recursive-include collections *.yml
+recursive-include roles *
+recursive-include SNOW *

aws_parking_schedule.yml

@@ -0,0 +1,7 @@
+- name: AWS Scheduler for Parking
+  hosts: localhost
+  connection: local
+  gather_facts: false
+
+  roles:
+    - aws_schedule_parking

aws_parking_start.yml

@@ -0,0 +1,7 @@
+- name: AWS Start VMs
+  hosts: localhost
+  connection: local
+  gather_facts: false
+
+  roles:
+    - aws_opt_in_start

aws_parking_stop.yml

@@ -0,0 +1,7 @@
+- name: AWS Stop VMs
+  hosts: localhost
+  connection: local
+  gather_facts: false
+
+  roles:
+    - aws_opt_in_stop

buildawsdetailedreport.yml

@@ -0,0 +1,15 @@
+---
+- name: Create AWS Detailed Report
+  hosts: localhost
+  tasks:
+
+    - name: Gather AWS Detailed info
+      ansible.builtin.include_role:
+        name: aws_retrieve_info
+
+    - name: Build the report
+      ansible.builtin.include_role:
+        name: build_report_aws
+        apply:
+          delegate_to: report.shadowman.dev
+          run_once: true

collections/requirements.yml

@@ -0,0 +1,2 @@
+collections:
+  - name: amazon.aws

roles/aws_opt_in_start/defaults/main.yml

@@ -0,0 +1,30 @@
+---
+ec2_regions:
+  - 'us-east-1'
+  - 'us-east-2'
+  - 'us-west-1'
+  - 'us-west-2'
+  - 'ca-central-1'
+  # 'af-south-1'
+  # - 'ap-east-1'
+  # - 'ap-south-2'
+  # - 'ap-southeast-3'
+  # - 'ap-southeast-4'
+  - 'ap-south-1'
+  - 'ap-southeast-1'
+  - 'ap-southeast-2'
+  - 'ap-northeast-1'
+  - 'ap-northeast-2'
+  - 'ap-northeast-3'
+  - 'eu-central-1'
+  # - 'eu-central-2'
+  - 'eu-west-1'
+  - 'eu-west-2'
+  - 'eu-west-3'
+  # - 'eu-south-1'
+  # - 'eu-south-2'
+  - 'eu-north-1'
+  # - 'me-south-1'
+  # - 'me-central-1'
+  - 'sa-east-1'
+  # - 'us-gov-east-1'

roles/aws_opt_in_start/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Loop over all ec2 regions
+  ansible.builtin.include_tasks:
+    file: start_ec2.yml
+  loop: "{{ ec2_regions }}"

roles/aws_opt_in_start/tasks/start_ec2.yml

@@ -0,0 +1,12 @@
+---
+- name: Start EC2 Instances based on tag in region {{ item }}
+  amazon.aws.ec2_instance:
+    region: "{{ item }}"
+    filters:
+      "tag:owner": "{{ owner }}"
+      "tag:env": "{{ env }}"
+    state: started
+  register: startresult
+  failed_when:
+    - startresult.msg != "You must include an image_id or image.id parameter to create an instance, or use a launch_template."
+    - startresult.msg != "Instances started"

roles/aws_opt_in_stop/defaults/main.yml

@@ -0,0 +1,30 @@
+---
+ec2_regions:
+  - 'us-east-1'
+  - 'us-east-2'
+  - 'us-west-1'
+  - 'us-west-2'
+  - 'ca-central-1'
+  # 'af-south-1'
+  # - 'ap-east-1'
+  # - 'ap-south-2'
+  # - 'ap-southeast-3'
+  # - 'ap-southeast-4'
+  - 'ap-south-1'
+  - 'ap-southeast-1'
+  - 'ap-southeast-2'
+  - 'ap-northeast-1'
+  - 'ap-northeast-2'
+  - 'ap-northeast-3'
+  - 'eu-central-1'
+  # - 'eu-central-2'
+  - 'eu-west-1'
+  - 'eu-west-2'
+  - 'eu-west-3'
+  # - 'eu-south-1'
+  # - 'eu-south-2'
+  - 'eu-north-1'
+  # - 'me-south-1'
+  # - 'me-central-1'
+  - 'sa-east-1'
+  # - 'us-gov-east-1'

roles/aws_opt_in_stop/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Loop over all ec2 regions
+  ansible.builtin.include_tasks:
+    file: stop_ec2.yml
+  loop: "{{ ec2_regions }}"

roles/aws_opt_in_stop/tasks/stop_ec2.yml

@@ -0,0 +1,12 @@
+---
+- name: Stop EC2 Instances based on tag in region {{ item }}
+  amazon.aws.ec2_instance:
+    region: "{{ item }}"
+    filters:
+      "tag:owner": "{{ owner }}"
+      "tag:env": "{{ env }}"
+    state: stopped
+  register: stopresult
+  failed_when:
+    - stopresult.msg != "You must include an image_id or image.id parameter to create an instance, or use a launch_template."
+    - stopresult.msg != "Instances stopped"

roles/aws_retrieve_info/defaults/main.yml

@@ -0,0 +1,30 @@
+---
+ec2_regions:
+  - 'us-east-1'
+  - 'us-east-2'
+  - 'us-west-1'
+  - 'us-west-2'
+  - 'ca-central-1'
+  # 'af-south-1'
+  # - 'ap-east-1'
+  # - 'ap-south-2'
+  # - 'ap-southeast-3'
+  # - 'ap-southeast-4'
+  - 'ap-south-1'
+  - 'ap-southeast-1'
+  - 'ap-southeast-2'
+  - 'ap-northeast-1'
+  - 'ap-northeast-2'
+  - 'ap-northeast-3'
+  - 'eu-central-1'
+  # - 'eu-central-2'
+  - 'eu-west-1'
+  - 'eu-west-2'
+  - 'eu-west-3'
+  # - 'eu-south-1'
+  # - 'eu-south-2'
+  - 'eu-north-1'
+  # - 'me-south-1'
+  # - 'me-central-1'
+  - 'sa-east-1'
+  # - 'us-gov-east-1'

roles/aws_retrieve_info/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Loop over all ec2 regions
+  ansible.builtin.include_tasks:
+    file: retrieve_info.yml
+  loop: "{{ ec2_regions }}"
+
+- name: Grab boto version
+  ansible.builtin.pip:
+    name: boto3
+  register: register_boto3_version
+  check_mode: true
+
+- name: Grab information about AWS user
+  amazon.aws.aws_caller_info:
+  register: whoami
+
+- name: Save username of AWS user and boto3 version
+  ansible.builtin.set_fact:
+    aws_user: '{{ whoami.arn.split("/")[-1] }}'
+    boto3_version: >-
+      {{ lookup('pipe', ansible_playbook_python ~ ' -c "import boto3; print(boto3.__version__)"') | default('unknown') }}

roles/aws_retrieve_info/tasks/retrieve_info.yml

@@ -0,0 +1,30 @@
+---
+- name: Retrieve vpc information for {{ item }}
+  amazon.aws.ec2_vpc_net_info:
+    region: "{{ item }}"
+  register: vpc_info
+  delegate_to: localhost
+
+- name: Retrieve info for ec2 instances
+  amazon.aws.ec2_instance_info:
+    region: "{{ item }}"
+  register: ec2_instance_info
+  delegate_to: localhost
+
+- name: Retrieve information about Internet Gateways IGWs
+  amazon.aws.ec2_vpc_igw_info:
+    region: "{{ item }}"
+  register: igw_info
+  delegate_to: localhost
+
+# Dashes are not allowed as Ansible var names so we use underscores _
+- name: Set facts all info for {{ item }}
+  ansible.builtin.set_fact:
+    '{{ item|replace("-", "_") }}':
+      vpc_info: '{{ vpc_info }}'
+      ec2_instance_info: '{{ ec2_instance_info }}'
+      igw_info: '{{ igw_info }}'
+
+- name: Set facts all info for {{ item }}
+  ansible.builtin.set_fact:
+    all_ec2_regions: "{{ all_ec2_regions | default([]) + [{item | replace('-', '_'): hostvars[inventory_hostname][item | replace('-', '_')]}] }}"

roles/aws_schedule_parking/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Build the Schedule for Stopping AWS instances for {{ owner }} in {{ env }}
+  ansible.controller.schedule:
+    name: Park AWS instances for {{ owner }} in {{ env }}
+    state: present
+    unified_job_template: AWSParking-Stop
+    rrule: "{{ query('ansible.controller.schedule_rrule', frequency, start_date=stop_date_time, timezone='GMT', every=repetition | int) }}"
+    extra_data:
+      owner: "{{ owner }}"
+      env: "{{ env }}"
+
+- name: Build the Schedule for Starting AWS instances for {{ owner }} in {{ env }}
+  ansible.controller.schedule:
+    name: UnPark AWS instances for {{ owner }} in {{ env }}
+    state: present
+    unified_job_template: AWSParking-Start
+    rrule: "{{ query('ansible.controller.schedule_rrule', frequency, start_date=start_date_time, timezone='GMT', every=repetition | int) }}"
+    extra_data:
+      owner: "{{ owner }}"
+      env: "{{ env }}"