-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* feat: Create .gitignore * feat: initial working code
- Loading branch information
1 parent
3e22413
commit 46e1da5
Showing
7 changed files
with
650 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
name: Publish to GHCR.io | ||
|
||
on: [push] | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
|
||
jobs: | ||
build_tag_push_to_ghcr: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | ||
|
||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 | ||
|
||
- name: Setup Docker buildx | ||
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | ||
|
||
- name: Log into registry ${{ env.REGISTRY }} | ||
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Extract Docker metadata | ||
id: meta | ||
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | ||
with: | ||
github-token: ${{ secrets.GITHUB_TOKEN }} | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
tags: | | ||
type=ref,event=branch,prefix= | ||
type=ref,event=tag,prefix= | ||
type=sha,format=short,prefix= | ||
type=sha,format=long,prefix= | ||
env: | ||
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index | ||
|
||
|
||
|
||
- name: Determine version | ||
id: determine_version | ||
run: | | ||
if [ "${GITHUB_REF_TYPE}" == "tag" ]; then | ||
VERSION=${GITHUB_REF_NAME} | ||
else | ||
VERSION=v0.0.0-${GITHUB_SHA::7} | ||
fi | ||
BUILD_TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | ||
echo "VERSION=${VERSION}" >> $GITHUB_ENV | ||
echo "COMMIT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV | ||
echo "BUILD_TIMESTAMP=${BUILD_TIMESTAMP}" >> $GITHUB_ENV | ||
- name: Build and push Docker image | ||
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 | ||
with: | ||
context: . | ||
push: ${{ github.event_name != 'pull_request' }} | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
build-args: | | ||
VERSION=${{ env.VERSION }} | ||
COMMIT_SHA=${{ env.COMMIT_SHA }} | ||
BUILD_TIMESTAMP=${{ env.BUILD_TIMESTAMP }} | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,162 @@ | ||
# Byte-compiled / optimized / DLL files | ||
__pycache__/ | ||
*.py[cod] | ||
*$py.class | ||
|
||
# C extensions | ||
*.so | ||
|
||
# Distribution / packaging | ||
.Python | ||
build/ | ||
develop-eggs/ | ||
dist/ | ||
downloads/ | ||
eggs/ | ||
.eggs/ | ||
lib/ | ||
lib64/ | ||
parts/ | ||
sdist/ | ||
var/ | ||
wheels/ | ||
share/python-wheels/ | ||
*.egg-info/ | ||
.installed.cfg | ||
*.egg | ||
MANIFEST | ||
|
||
# PyInstaller | ||
# Usually these files are written by a python script from a template | ||
# before PyInstaller builds the exe, so as to inject date/other infos into it. | ||
*.manifest | ||
*.spec | ||
|
||
# Installer logs | ||
pip-log.txt | ||
pip-delete-this-directory.txt | ||
|
||
# Unit test / coverage reports | ||
htmlcov/ | ||
.tox/ | ||
.nox/ | ||
.coverage | ||
.coverage.* | ||
.cache | ||
nosetests.xml | ||
coverage.xml | ||
*.cover | ||
*.py,cover | ||
.hypothesis/ | ||
.pytest_cache/ | ||
cover/ | ||
|
||
# Translations | ||
*.mo | ||
*.pot | ||
|
||
# Django stuff: | ||
*.log | ||
local_settings.py | ||
db.sqlite3 | ||
db.sqlite3-journal | ||
|
||
# Flask stuff: | ||
instance/ | ||
.webassets-cache | ||
|
||
# Scrapy stuff: | ||
.scrapy | ||
|
||
# Sphinx documentation | ||
docs/_build/ | ||
|
||
# PyBuilder | ||
.pybuilder/ | ||
target/ | ||
|
||
# Jupyter Notebook | ||
.ipynb_checkpoints | ||
|
||
# IPython | ||
profile_default/ | ||
ipython_config.py | ||
|
||
# pyenv | ||
# For a library or package, you might want to ignore these files since the code is | ||
# intended to run in multiple environments; otherwise, check them in: | ||
# .python-version | ||
|
||
# pipenv | ||
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. | ||
# However, in case of collaboration, if having platform-specific dependencies or dependencies | ||
# having no cross-platform support, pipenv may install dependencies that don't work, or not | ||
# install all needed dependencies. | ||
#Pipfile.lock | ||
|
||
# poetry | ||
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. | ||
# This is especially recommended for binary packages to ensure reproducibility, and is more | ||
# commonly ignored for libraries. | ||
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control | ||
#poetry.lock | ||
|
||
# pdm | ||
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. | ||
#pdm.lock | ||
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it | ||
# in version control. | ||
# https://pdm.fming.dev/latest/usage/project/#working-with-version-control | ||
.pdm.toml | ||
.pdm-python | ||
.pdm-build/ | ||
|
||
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm | ||
__pypackages__/ | ||
|
||
# Celery stuff | ||
celerybeat-schedule | ||
celerybeat.pid | ||
|
||
# SageMath parsed files | ||
*.sage.py | ||
|
||
# Environments | ||
.env | ||
.venv | ||
env/ | ||
venv/ | ||
ENV/ | ||
env.bak/ | ||
venv.bak/ | ||
|
||
# Spyder project settings | ||
.spyderproject | ||
.spyproject | ||
|
||
# Rope project settings | ||
.ropeproject | ||
|
||
# mkdocs documentation | ||
/site | ||
|
||
# mypy | ||
.mypy_cache/ | ||
.dmypy.json | ||
dmypy.json | ||
|
||
# Pyre type checker | ||
.pyre/ | ||
|
||
# pytype static type analyzer | ||
.pytype/ | ||
|
||
# Cython debug symbols | ||
cython_debug/ | ||
|
||
# PyCharm | ||
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can | ||
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore | ||
# and can be added to the global gitignore or merged into this file. For a more nuclear | ||
# option (not recommended) you can uncomment the following to ignore the entire idea folder. | ||
#.idea/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
# Use an official Python runtime as a parent image | ||
FROM python:3.11.10-alpine@sha256:65c34f59d896f939f204e64c2f098db4a4c235be425bd8f0804fd389b1e5fd80 AS builder | ||
|
||
# Set working directory | ||
WORKDIR /app | ||
|
||
# Copy the requirements file | ||
COPY requirements.txt . | ||
|
||
# Install dependencies | ||
RUN pip install --no-cache-dir -r requirements.txt | ||
|
||
# Use a smaller base image for the final image | ||
FROM python:3.11.10-alpine@sha256:65c34f59d896f939f204e64c2f098db4a4c235be425bd8f0804fd389b1e5fd80 | ||
|
||
# Set working directory | ||
WORKDIR /app | ||
|
||
# Copy the dependencies from the builder stage | ||
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages | ||
COPY --from=builder /usr/local/bin /usr/local/bin | ||
|
||
# Copy the application files | ||
COPY app /app | ||
|
||
# Set environment variables | ||
ENV PYTHONUNBUFFERED=1 | ||
|
||
# Accept build arguments for versioning | ||
ARG VERSION=unknown | ||
ARG COMMIT_SHA=unknown | ||
ARG BUILD_TIMESTAMP=unknown | ||
|
||
ENV VERSION=${VERSION} | ||
ENV COMMIT_SHA=${COMMIT_SHA} | ||
ENV BUILD_TIMESTAMP=${BUILD_TIMESTAMP} | ||
|
||
# Create a non-root user and switch to it | ||
RUN adduser -D appuser | ||
USER appuser | ||
|
||
# Make port 8000 available to the world outside this container | ||
EXPOSE 8000 | ||
|
||
# Use ENTRYPOINT to ensure the container runs as expected | ||
ENTRYPOINT ["python", "-u", "main.py"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,82 @@ | ||
# getoutline-docs-update-aws-organizations | ||
|
||
This project uses `boto3` to interact with AWS Organizations and IAM services to generate a markdown file containing information about AWS accounts and IAM users. The generated markdown includes details such as AWS Account ID, Account Name, Account Email, Created Date, SIGNIN URL, and Description for each account, as well as IAM User Name, Access Key ID, and Description for each IAM user. Once finished the Markdown will be added to our wiki hosted at getoutline.com | ||
|
||
## Prerequisites | ||
|
||
- Python 3.11 | ||
- AWS credentials require these AWS permissions: | ||
- `arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess` | ||
- `arn:aws:iam::aws:policy/IAMReadOnlyAccess` | ||
|
||
## Installation | ||
|
||
1. Clone the repository: | ||
```sh | ||
git clone https://github.com/yourusername/getoutline-docs-update-aws-organizations.git | ||
cd getoutline-docs-update-aws-organizations | ||
``` | ||
|
||
2. Install the required Python packages: | ||
```sh | ||
pip install -r requirements.txt | ||
``` | ||
|
||
## Usage | ||
|
||
1. Set the required environment variables: | ||
```sh | ||
export GETOUTLINE_DOCUMENT_ID='your_outline_document_id' | ||
export GETOUTLINE_API_TOKEN='your_outline_api_token' | ||
export AWS_CREDENTIALS_JSON='your_aws_credentials_json' | ||
``` | ||
|
||
Example of `AWS_CREDENTIALS_JSON`: | ||
```json | ||
{ | ||
"accounts": [ | ||
{ | ||
"name": "org1", | ||
"access_key": "your_access_key_id_for_org1", | ||
"secret_key": "your_secret_access_key_for_org1" | ||
}, | ||
{ | ||
"name": "org2", | ||
"access_key": "your_access_key_id_for_org2", | ||
"secret_key": "your_secret_access_key_for_org2" | ||
} | ||
] | ||
} | ||
``` | ||
|
||
2. Run the script: | ||
```sh | ||
python app/main.py | ||
``` | ||
|
||
3. The script will generate markdown and nest it under an existing AWS document within our getoutline docs. | ||
|
||
## Script Details | ||
|
||
### `main.py` | ||
|
||
- **get_aws_accounts(org_client)**: Retrieves a list of AWS accounts in the organization. | ||
- **get_account_tags(org_client, account_id)**: Retrieves the tags for a given AWS account. | ||
- **generate_signin_url(account_id)**: Generates the SIGNIN URL for a given AWS account ID. | ||
- **list_iam_users(iam_client)**: Lists all IAM users in the root organization. | ||
- **get_user_access_keys(iam_client, user_name)**: Retrieves the access keys for a given IAM user. | ||
- **create_markdown(accounts, org_client)**: Generates the markdown content for AWS accounts and IAM users. | ||
|
||
## Example Output | ||
|
||
The generated markdow output will look like this: | ||
|
||
```md | ||
| AWS Account ID | Account Name | Account Email | Created Date | SIGNIN URL | Description | | ||
|----------------|--------------|---------------|--------------|------------|-------------| | ||
| 123456789012 | ExampleName | [email protected] | 2022-01-01 | https://123456789012.signin.aws.amazon.com/console | Example Description | | ||
| IAM User Name | Access Key ID | Description | | ||
|---------------|---------------|-------------| | ||
| example-user | AKIAIOSFODNN7EXAMPLE | Example Description | | ||
``` |
Oops, something went wrong.