iagcl / Watchmen
Licence: apache-2.0
(Not maintained anymore) Watchmen - AWS account compliance using centrally managed Config Rules
Stars: ✭ 178
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Watchmen
Awslambdaproxy
An AWS Lambda powered HTTP/SOCKS web proxy
Stars: ✭ 571 (+220.79%)
Mutual labels: aws, lambda-functions
Aws Serverless Airline Booking
Airline Booking is a sample web application that provides Flight Search, Flight Payment, Flight Booking and Loyalty points including end-to-end testing, GraphQL and CI/CD. This web application was the theme of Build on Serverless Season 2 on AWS Twitch running from April 24th until end of August in 2019.
Stars: ✭ 1,290 (+624.72%)
Mutual labels: aws, lambda-functions
Serverless Typescript Starter
🗄🙅♀️ Deploy your next serverless JavaScript function in seconds
Stars: ✭ 653 (+266.85%)
Mutual labels: aws, lambda-functions
Serverless Plugin Canary Deployments
Canary deployments for your Serverless application
Stars: ✭ 283 (+58.99%)
Mutual labels: aws, lambda-functions
Serverless Aws Alias
Alias support for Serverless 1.x
Stars: ✭ 171 (-3.93%)
Mutual labels: aws, lambda-functions
Webiny Js
Enterprise open-source serverless CMS. Includes a headless CMS, page builder, form builder and file manager. Easy to customize and expand. Deploys to AWS.
Stars: ✭ 4,869 (+2635.39%)
Mutual labels: aws, lambda-functions
Serverless
This is intended to be a repo containing all of the official AWS Serverless architecture patterns built with CDK for developers to use. All patterns come in Typescript and Python with the exported CloudFormation also included.
Stars: ✭ 1,048 (+488.76%)
Mutual labels: aws, lambda-functions
Serverless Photo Recognition
A collection of 3 lambda functions that are invoked by Amazon S3 or Amazon API Gateway to analyze uploaded images with Amazon Rekognition and save picture labels to ElasticSearch (written in Kotlin)
Stars: ✭ 345 (+93.82%)
Mutual labels: aws, lambda-functions
Lambda Toolkit
*DO NOT USE* - This project was done during my initial python and lambda's studies. I would recommend you the `serverless framework`.
Stars: ✭ 114 (-35.96%)
Mutual labels: aws, lambda-functions
Zip It And Ship It
Intelligently prepare Node.js Lambda functions for deployment
Stars: ✭ 104 (-41.57%)
Mutual labels: aws, lambda-functions
Lambda Proxy Router
A simple router for AWS Lambda Proxy Functions
Stars: ✭ 14 (-92.13%)
Mutual labels: aws, lambda-functions
Aws Secrets Manager Rotation Lambdas
Contains Lambda functions to be used for automatic rotation of secrets stored in AWS Secrets Manager
Stars: ✭ 128 (-28.09%)
Mutual labels: aws, lambda-functions
Lambcycle
🐑🛵 A declarative lambda middleware with life cycle hooks 🐑🛵
Stars: ✭ 88 (-50.56%)
Mutual labels: aws, lambda-functions
Full Stack Serverless Cdk
Learn to Build Full-Stack Serverless Apps and APIs using AWS Cloud Development Kit (CDK) in Baby Steps.
Stars: ✭ 122 (-31.46%)
Mutual labels: aws, lambda-functions
Aws Lambda List
A list of hopefully useful AWS lambdas and lambda-related resources.
Stars: ✭ 130 (-26.97%)
Mutual labels: aws, lambda-functions
Amplify Cli
The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development.
Stars: ✭ 2,399 (+1247.75%)
Mutual labels: lambda-functions
Terraform Aws Components
Opinionated, self-contained Terraform root modules that each solve one, specific problem
Stars: ✭ 168 (-5.62%)
Mutual labels: aws
Amazon Ecs Plugin
Amazon EC2 Container Service Plugin for Jenkins
Stars: ✭ 169 (-5.06%)
Mutual labels: aws
Externalsecret Operator
An operator to fetch secrets from cloud services and inject them in Kubernetes
Stars: ✭ 177 (-0.56%)
Mutual labels: aws
Watchmen
(AWS account compliance using centrally managed Config Rules)...
Overview...
Watchmen provides the framework to centralise the lambda functions used by AWS config rules into a single AWS account so that they can be managed easily and efficiently using automation.
Essentially we deploy our Watchmen stack to a dedicated AWS account. We then get our other AWS accounts (Citizens) to deploy a Citizen stack which provides Watchmen with a role that will allow us to deploy and manage config rules in their account. These config rules will be pointing to lambdas in the Watchmen account. When the config rule is trigged, Watchmen will run the lambda but will assume another role in the Citizen account so that it reports on resources in the Citizen accounts.
What is Watchmen?
Watchmen is an AWS CloudFormation stack comprising of:
- Lambda functions written in Python that process AWS resources and determine if they are compliant or non-compliant based on certain rules logic.
- Monitoring stack using CloudWatch to monitor the Lambda functions.
- ElasticSearch stack to ingest the logs from the Lambda functions so they can be easily visualised and searched.
- Reporting stack using additional lambda functions to report on the status of each Citizen's Config Rules and import into DynamoDB.
- Citizen Update stack using a SNS topic and additional lambda function to manage the AWS Config rules in each Citizen account.
- Other stuff that makes everything work (IAM roles, polices, lambda permissions, etc).
Citizens...
To enable the monitoring of a Citizen AWS account, we deploy a stack comprising of:
- IAM roles that allow us to deploy config rules and query AWS Config for statuses of resources.
- Config Rules that display in AWS Config whether resources are compliant or non-compliant.
Further Information
More detailed information is provided on our github wiki: https://github.com/iagcl/watchmen/wiki
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].