GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → coreos → Grafiti

coreos / Grafiti

Licence: apache-2.0
Tag and remove AWS Resources with Automation

Programming Languages

go
31211 projects - #10 most used programming language

Labels

awstagging

Projects that are alternatives of or similar to Grafiti

Terratag
Terratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources
Stars: ✭ 385 (+1032.35%)
Mutual labels:  aws, tagging
Tempest
Typesafe DynamoDB for Kotlin and Java.
Stars: ✭ 32 (-5.88%)
Mutual labels:  aws
Tweetmap
A real time Tweet Trend Map and Sentiment Analysis web application with kafka, Angular, Spring Boot, Flink, Elasticsearch, Kibana, Docker and Kubernetes deployed on the cloud
Stars: ✭ 28 (-17.65%)
Mutual labels:  aws
Graphql Auto Transformer
A custom transformer of the amplify-cli. It can control accessibility of auto generated fields.
Stars: ✭ 31 (-8.82%)
Mutual labels:  aws
Aws Scalable Big Blue Button Example
Demonstration of how to deploy a scalable video conference solution based on Big Blue Button
Stars: ✭ 29 (-14.71%)
Mutual labels:  aws
Terraform Sqs Lambda Trigger Example
Example on how to create a AWS Lambda triggered by SQS in Terraform
Stars: ✭ 31 (-8.82%)
Mutual labels:  aws
Graphql Serverless
Sample project to guide the use of GraphQL and Serverless Architecture.
Stars: ✭ 28 (-17.65%)
Mutual labels:  aws
Ebs bckup
Stars: ✭ 32 (-5.88%)
Mutual labels:  aws
Rdrpostagger
R package for Ripple Down Rules-based Part-Of-Speech Tagging (RDRPOS). On more than 45 languages.
Stars: ✭ 31 (-8.82%)
Mutual labels:  tagging
Ethereum Etl
Python scripts for ETL (extract, transform and load) jobs for Ethereum blocks, transactions, ERC20 / ERC721 tokens, transfers, receipts, logs, contracts, internal transactions. Data is available in Google BigQuery https://goo.gl/oY5BCQ
Stars: ✭ 956 (+2711.76%)
Mutual labels:  aws
React Native Aws Iot Device Shadows
React Native Component for connecting to AWS IoT Shadows from a device using SDK JavaScript bundle
Stars: ✭ 30 (-11.76%)
Mutual labels:  aws
Aws Secretsmanager Files
writes AWS Secrets Manager secrets to files on disk. single binary, no dependencies. osx & linux & windows. #aws #golang #cli
Stars: ✭ 29 (-14.71%)
Mutual labels:  aws
Plz
Say the magic word 😸
Stars: ✭ 31 (-8.82%)
Mutual labels:  aws
Aws Sdk Android Samples
This repository has samples that demonstrate various aspects of the AWS SDK for Android, you can get the SDK source on Github https://github.com/aws-amplify/aws-sdk-android/
Stars: ✭ 943 (+2673.53%)
Mutual labels:  aws
Eventhorizon
CQRS/ES toolkit for Go
Stars: ✭ 961 (+2726.47%)
Mutual labels:  aws
Serverless Plugin Stackstorm
Plugin for serverless framework to run ready to use actions from StackStorm Exchange as AWS Lambda.
Stars: ✭ 28 (-17.65%)
Mutual labels:  aws
Terraform Aws Cross Account Role
A Terraform module to create an IAM Role for Cross Account delegation.
Stars: ✭ 30 (-11.76%)
Mutual labels:  aws
Reactive Aws Clients
AWS Client libraries for Scala (Automatic generation from AWS source code)
Stars: ✭ 30 (-11.76%)
Mutual labels:  aws
Xiringuito
SSH-based "VPN for poors"
Stars: ✭ 969 (+2750%)
Mutual labels:  aws
Amazon Cognito Identity Js
Amazon Cognito Identity SDK for JavaScript
Stars: ✭ 965 (+2738.24%)
Mutual labels:  aws
View All Similar Projects ➔

Grafiti

Build Status

Grafiti is a tool for parsing, tagging, and deleting AWS resources.

  • Using a CloudTrail trail, resource CRUD events can be parsed using grafiti for identifying resource information.
  • Parsed data can optionally be fed through grafiti filter --ignore-file <tag-file>, which filters out all resources tagged with tags in <tag-file> from parsed data.
  • Parsed data can be fed into grafiti tag and tagged using the AWS resource group tagging API.
  • Tagged resources are retrieved using the same API during grafiti delete, and deleted using resource type-specific service API's.

Each sub-command can be used in a sequential pipe, or individually.

Motivating Example

We listen to CloudTrail events, and tag created resources with a default expiration of 2 weeks and the ARN of the creating user.

Every day, we can query the resource tagging API for resources that will expire in one week, and the owners can be notified via email/Slack.

Every day, we also query for resources that have expired, and delete them.

Installation

Ensure you have the following installed:

Retrieve and install grafiti (the binary will be in $GOPATH/bin):

go get -u github.com/coreos/grafiti/cmd/grafiti

If $GOPATH/src/github.com/coreos/grafiti is already present, simply install grafiti:

go install github.com/coreos/grafiti/cmd/grafiti

or use the Makefile (requires make):

make install

jq installation

jq is a CLI JSON parsing tool that grafiti uses internally to evaluate config file expressions, and must be installed before running grafiti. This program is quite useful for parsing grafiti input/output as well. You can find download instructions on the jq website.

Usage

Grafiti commands

  • grafiti parse - Parses CloudTrail data and outputs useful information (to be consumed by grafiti tag or grafiti filter)
  • grafiti filter - Filters grafiti parse output by removing resources with defined tags (to be consumed by grafiti tag)
  • grafiti tag - Tags resources in AWS based on tagging rules defined in your config.toml file
  • grafiti delete - Deletes resources in AWS based on tags
Usage:
  grafiti [flags]
  grafiti [command]

Available Commands:
  delete      Delete resources in AWS by tag.
  filter      Filter AWS resources by tag.
  help        Help about any command
  parse       Parse resource data from CloudTrail logs.
  tag         Tag resources in AWS.

Flags:
  -c, --config string   Config file (default: $HOME/.grafiti.toml).
      --debug           Enable debug logging.
      --dry-run         Output changes to stdout instead of AWS.
  -h, --help            help for grafiti
  -e, --ignore-errors   Continue processing even when there are API errors.

Use "grafiti [command] --help" for more information about a command.

Configure AWS

You will need to configure your machine to talk to AWS prior to running grafiti; configuring both credentials and AWS region is required.

Credentials

There are several ways to configure your AWS credentials for the Go SDK. Grafiti supports all methods because it uses the Go SDK and does not implement its own credential handling logic.

Configure Grafiti

Grafiti takes a config file which configures it's basic function.

resourceTypes = ["AWS::EC2::Instance"]
endHour = 0
startHour = -8
endTimeStamp = "2017-06-14T01:01:01Z"
startTimeStamp = "2017-06-13T01:01:01Z"
maxNumRequestRetries = 11
includeEvent = false
tagPatterns = [
  "{CreatedBy: .userIdentity.arn}"
]
filterPatterns = [
  ".TaggingMetadata.ResourceType == \"AWS::EC2::Instance\""
]
logDir = "/var/log"
  • resourceTypes - Specifies a list of resource types to query for. These can be any values the CloudTrail API, or CloudTrail log files if you're parsing files from a CloudTrail S3 bucket, accept.
  • endHour,startHour - Specifies the range of hours (beginning at startHour, ending at endHour) to query events from CloudTrail.
  • endTimeStamp,startTimeStamp - Specifies the range between two exact times (beginning at startTimeStamp, ending at endTimeStamp) to query events from CloudTrail. These fields take RFC-3339 (no milliseconds) format.
    • Note: Only one of *Hour, *TimeStamp pairs can be used. An error will be thrown if both are used.
  • maxNumRequestRetries = The maximum number of retries the delete request retryer should attempt. Defaults to 8.
  • includeEvent - Setting true will include the raw CloudEvent in the tagging output (this is useful for finding attributes to filter on).
  • tagPatterns - should use jq syntax to generate {tagKey: tagValue} objects from output from grafiti parse. The results will be included in the Tags field of the tagging output.
  • filterPatterns - will filter output of grafiti parse based on jq syntax matches.
  • logDir - By default, grafiti logs to stderr. If this field is present in your config, grafiti writes logs to a file in this directory. Log files have the format: 'grafiti-yyyymmdd_HHMMSS.log'.

Environment variables

Grafiti can be configured with the following environment variables in addition to, or in lieu of, a config file:

  • GRF_START_HOUR corresponds to the startHour config file field.
  • GRF_END_HOUR corresponds to the endHour config file field.
  • GRF_START_TIMESTAMP corresponds to the startTimeStamp config file field.
  • GRF_END_TIMESTAMP corresponds to the endTimeStamp config file field.
  • GRF_INCLUDE_EVENT corresponds to the includeEvent config file field.
  • GRF_MAX_NUM_RETRIES corresponds to the maxNumRequestRetries config file field.

If one of the above variables is set, its' data will be used as the corresponding config value and override that config file field if set. Setting environment variables allows you to avoid using a config file in certain cases; some config file fields are complex, ex. tagPatterns and filterPatterns, and cannot be succinctly encoded by environment variables. See this pull request for the reasoning behind this hierarchy.

Further documentation

A note on resource deletion order.

Examples of grafiti in action:

Kubernetes:

Usage notes and tips:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].