awsenergylabelercli

=================== awsenergylabelercli

A cli to label accounts and landing zones with energy labels based on Security Hub finding.

• Documentation: https://aws-energy-labeler-cli.readthedocs.io/en/latest/

Development Workflow

The workflow supports the following steps

• lint
• test
• build
• document
• upload
• graph

These actions are supported out of the box by the corresponding scripts under _CI/scripts directory with sane defaults based on best practices. Sourcing setup_aliases.ps1 for windows powershell or setup_aliases.sh in bash on Mac or Linux will provide with handy aliases for the shell of all those commands prepended with an underscore.

The bootstrap script creates a .venv directory inside the project directory hosting the virtual environment. It uses pipenv for that. It is called by all other scripts before they do anything. So one could simple start by calling _lint and that would set up everything before it tried to actually lint the project

Once the code is ready to be delivered the _tag script should be called accepting one of three arguments, patch, minor, major following the semantic versioning scheme. So for the initial delivery one would call

$ _tag --minor

which would bump the version of the project to 0.1.0 tag it in git and do a push and also ask for the change and automagically update HISTORY.rst with the version and the change provided.

So the full workflow after git is initialized is:

• repeat as necessary (of course it could be test - code - lint :) )

  • code
  • lint
  • test

• commit and push

• develop more through the code-lint-test cycle

• tag (with the appropriate argument)

• build

• upload (if you want to host your package in pypi)

• document (of course this could be run at any point)

Important Information

This template is based on pipenv. In order to be compatible with requirements.txt so the actual created package can be used by any part of the existing python ecosystem some hacks were needed. So when building a package out of this do not simple call

$ python setup.py sdist bdist_egg

as this will produce an unusable artifact with files missing. Instead use the provided build and upload scripts that create all the necessary files in the artifact.

History

0.0.1 (11-11-2021)

• First code creation

0.1.0 (26-11-2021)

• First official release.

0.1.1 (02-12-2021)

• Additional details added to export of accounts. Instead of only the energy label, it now includes the number of findings per severity

0.1.2 (06-12-2021)

• Added allow/deny function for regions

0.1.3 (06-12-2021)

• Updated library version

0.1.4 (09-12-2021)

• Allow to export to the root of an S3 bucket

0.2.0 (14-12-2021)

• Bumped awsenergylabelerlib and added logic for exporting finding resource data and finding type data

0.3.0 (31-01-2022)

• Introduced single account mode and exporting of metrics only

0.3.1 (01-02-2022)

• Bumped library version to filter FAILED findings only

0.4.0 (03-03-2022)

• Updated help documentation
• Uses newest library version to not count suppressed findings to the label

0.4.1 (04-03-2022)

• Bumped lib version.

0.4.2 (04-03-2022)

• Bumped lib to get unique findings only.

0.4.3 (16-05-2022)

• Matching underlying library refactoring.

1.0.0 (16-05-2022)

• Matching underlying library refactoring.

1.0.1 (11-07-2022)

• Fixed list.append

1.1.0 (13-09-2022)

• Added option to set environment variables instead of CLI flags.

1.1.1 (26-09-2022)

• Bumped library version

1.1.2 (26-09-2022)

• Bumped lib version

1.1.3 (04-10-2022)

• Fixed framework filtering for single accounts

2.0.0 (25-10-2022)

• Made region a required argument

3.0.0 (17-11-2022)

• Major update including the possibility to create a metadata file containing details on the execution.
• Now audit zones are supported, for environments without access to AWS Organizations.
• It is possible to use custom SecurityHub query filters and score thresholds.

3.0.1 (23-11-2022)

• Reporting on enabled integrations in SecurityHub

3.1.0 (23-11-2022)

• Reporting on enabled integrations in SecurityHub

3.2.0 (08-03-2023)

• Added flag to disable printing the banner

3.2.1 (10-03-2023)

• Bump dependencies.

3.2.2 (11-04-2023)

• Added support for Python3.11

3.2.3 (13-04-2023)

• Bumped library - Changed dataclass to normal class

3.2.4 (24-04-2023)

• Bumped library to support read-only filesystems when exporting to S3

3.2.5 (06-06-2023)

• Implement support for consolidated findings.

3.2.6 (01-12-2023)

• Update dependencies.