我需要有人帮我修改这个脚本。当我尝试在AWS中创建堆栈时,我收到以下错误。
模板无效:模板属性或属性无效[1,2,3,DoNotify,4,PassPercent,5,6]
我不是脚本编写者。我在网上找到了这个脚本。我已经google了很多,但由于编码知识非常低,我无法修改它
{
"DoNotify": "false",
"PassPercent": "70",
"1": {
"Title": "Create a group with administrative permission.",
"Points": "10",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": "IAM",
"Method": "step_one_check",
"Code": [
"def step_one_check(handles,points)\n",
" iam = handles[0]\n",
" ret_hash = { :done => false, :score => 0 }\n",
" resp = iam.list_groups\n",
" groups = resp.groups\n",
" if groups!=[]\n",
" groups.each do |group|\n",
" group_name = group.group_name\n",
" resp1 = iam.list_attached_group_policies({group_name: group_name})\n",
" attached_policies = resp1.attached_policies\n",
" if attached_policies!=[]\n",
" attached_policies.each do |policy|\n",
" policy_name = policy.policy_name\n",
" if (policy_name.include? 'SystemAdministrator') || (policy_name.include? 'AdministratorAccess')\n",
" ret_hash = { :done => true, :score => points, :message => 'User group is created with administrative permission'}\n",
" else\n",
" ret_hash[:message] = \"Attached permissions is not Administrative permission\"\n",
" end\n",
" break if ret_hash[:done]\n",
" end\n",
" else\n",
" ret_hash[:message] = \"Administrative permission is not given to User group\"\n",
" end\n",
" end\n",
" else\n",
" ret_hash[:message] = \"User group is not created\"\n",
" end\n",
" return ret_hash\n",
"end"]
}
},
"2": {
"Title": "Create IAM role with appropriate permissions.",
"Points": "20",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": "IAM",
"Method": "step_two_check",
"Code": [
"def step_two_check(handles,points)\n",
" iam = handles[0]\n",
" getScore = 0\n",
" putScore = 0\n",
" listScore = 0\n",
" ret_hash = { :done => false, :score => 0 }\n",
" resp = iam.list_roles\n",
" roles = resp.roles\n",
" if roles!=[]\n",
" roles.each do |role|\n",
" if role.assume_role_policy_document.include? 'ec2.amazonaws.com'\n",
" msg3 = 'Created an Amazon EC2 AWS Service role '\n",
" resp1 = iam.list_role_policies({role_name: role.role_name})\n",
" policies = resp1.policy_names\n",
" if policies!= []\n",
" policies.each do |policy|\n",
" permissions = iam.get_role_policy({role_name: role.role_name, policy_name: policy}).policy_document\n",
" if permissions.include? 's3'\n",
" if permissions.include? 'Get'\n",
" getScore = 5\n",
" end\n",
" if permissions.include? 'Put'\n",
" putScore = 5\n",
" end\n",
" if permissions.include? 'List'\n",
" listScore = 5\n",
" end\n",
" else\n",
" ret_hash[:message] = \"S3 permissions not found\"\n",
" end\n",
" break if ret_hash[:done]\n",
" end\n",
" else\n",
" ret_hash[:message] = \"Policies are not attached\"\n",
" end\n",
" points = getScore + putScore + listScore +5\n",
" if points == 20\n",
" ret_hash = { :done => true, :score => points, :message => 'Role created with all required permissions'}\n",
" end\n",
" if points > 0 and points < 20\n",
" ret_hash = { :done => true, :score => points, :message => 'Role created but some permissions are missing'}\n",
" end\n",
" else\n",
" ret_hash[:message] = \"Role is not Amazon ec2 service role\"\n",
" end\n",
" break if ret_hash[:done]\n",
" end\n",
" else\n",
" ret_hash[:message] = \"Amazon ec2 service role is not created\"\n",
" end\n",
" return ret_hash\n",
" end"]
}
},
"3": {
"Title": "Require Virtual MFA for administrator users.",
"Points": "10",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": "IAM",
"Method": "step_three_check",
"Code": [
"def step_three_check(handles,points)\n",
" iam = handles[0]\n",
" count = 0\n",
" arn = \"\"\n",
" ret_hash = { :done => false, :score => 0 }\n",
" resp = iam.list_users.users\n",
" if resp.count > 1\n",
" resp = iam.list_virtual_mfa_devices\n",
" virtual_mfa_devices = resp.virtual_mfa_devices\n",
" virtual_mfa_devices.each do |device|\n",
" arn = device.user.arn\n",
" if !arn.include? 'awsstudent'\n",
" count = count +1\n",
" end\n",
" end\n",
" if count == 1\n",
" ret_hash = { :done => true, :score => 5, :message => 'Enabled Virtual MFA device for first administrator users'}\n",
" elsif count == 2\n",
" ret_hash = { :done => true, :score => points, :message => 'Enabled virtual MFA device for both administrator user'}\n",
" else\n",
" ret_hash = { :done => true, :score => 0, :message => 'Virtual MFA device is not Enabled for administrator user'}\n",
" end\n",
" else\n",
" ret_hash[:message] = \"Administrator Users are not created yet\"\n",
" end\n",
" return ret_hash\n",
"end"]
}
},
"4": {
"Title": "Log all API calls.",
"Points": "10",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": "CloudTrail",
"Method": "step_four_check",
"Code": [
"def step_four_check(handles,points)\n",
" cloud_trail = handles[0]\n",
" ret_hash = { :done => false, :score => 0 }\n",
" resp = cloud_trail.describe_trails\n",
" trail_list = resp.trail_list\n",
" trail_list.each do |list|\n",
" trail_name = list.name\n",
" if !trail_name.include? 'qltrail-lab-'\n",
" ret_hash = { :done => true, :score => points, :message => 'Successfully Created CloudTrail to log all API calls'}\n",
" else\n",
" ret_hash[:message] = \"CloudTrail not created yet\"\n",
" end\n",
" break if ret_hash[:done]\n",
" end\n",
" return ret_hash\n",
"end"]
}
},
"5": {
"Title": "Create load balancers for web tier and app tier.",
"Points": "20",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": "ElasticLoadBalancing",
"Method": "step_five_check",
"Code": [
"def step_five_check(handles,points)\n",
" elb = handles[0]\n",
" resp = elb.describe_load_balancers.load_balancer_descriptions\n",
" if resp!=[]\n",
" appTireScore = 0\n",
" webTireScore = 0\n",
" internalScheme = 0\n",
" externalScheme = 0\n",
" total=0\n",
" resp.each do |load|\n",
" if load.load_balancer_name.downcase == 'web-elb'\n",
" webTireScore = 5\n",
" if load.scheme == 'internet-facing'\n",
" externalScheme = 5\n",
" end\n",
" end\n",
" if load.load_balancer_name.downcase == 'app-elb'\n",
" appTireScore = 5\n",
" if load.scheme == 'internal'\n",
" internalScheme = 5\n",
" end\n",
" end\n",
" end\n",
" total = appTireScore + webTireScore + internalScheme + externalScheme\n",
" if appTireScore == 5 && webTireScore == 5\n",
" if internalScheme == 5 && externalScheme == 5\n",
" ret_hash = { :done => true, :score => total, :message => 'ELB Created for both web and app tiers'}\n",
" elsif internalScheme == 5 && externalScheme == 0\n",
" ret_hash = { :done => true, :score => total, :message => 'Created 2 elb but scheme of web-elb is wrong'}\n",
" elsif internalScheme == 0 && externalScheme == 5\n",
" ret_hash = { :done => true, :score => total, :message => 'Created 2 elb but scheme of app-elb is wrong'}\n",
" else\n",
" ret_hash = { :done => true, :score => total, :message => 'app-elb and web-elb is created but scheme of both elb is wrong'}\n",
" end\n",
" elsif appTireScore == 5 && webTireScore == 0\n",
" if internalScheme == 5\n",
" ret_hash = { :done => true, :score => total, :message => 'app-elb is created with correct scheme, but failed to create web-elb'}\n",
" else\n",
" ret_hash = { :done => true, :score => total, :message => 'app-elb is created but scheme of app-elb is wrong and also failed to create web-elb'}\n",
" end\n",
" elsif appTireScore == 0 && webTireScore == 5\n",
" if externalScheme == 5\n",
" ret_hash = { :done => true, :score => total, :message => 'web-elb is created with correct scheme, but failed to create app-elb'}\n",
" else\n",
" ret_hash = { :done => true, :score => total, :message => 'web-elb is created but scheme of web-elb is wrong and also failed to create app-elb'}\n",
" end\n",
" else\n",
" ret_hash = { :done => true, :score => 0, :message => 'No valid ELB found'}\n",
" end\n",
" else\n",
" ret_hash = { :done => true, :score => 0, :message => 'Load balancer not created yet'}\n",
" end\n",
" return ret_hash\n",
"end"]
}
},
"6": {
"Title": "Computing capacity for web and application tiers are auto scalable.",
"Points": "30",
"Interval": "30",
"Max": "30",
"Assessments": {
"API": "AWS",
"Service": ["AutoScaling"],
"Method": "step_six_check",
"Code": [
"def step_six_check(handles,points)\n",
" auto_scaling = handles[0]\n",
" auto_scaling_groups = auto_scaling.describe_auto_scaling_groups.auto_scaling_groups\n",
" if auto_scaling_groups != []\n",
" isAppAutoDone = false\n",
" isWebAutoDone = false\n",
" webAutoScale = 0\n",
" webElb = 0\n",
" webMinScore = 0\n",
" webMaxScore = 0\n",
" appAutoScale = 0\n",
" appElb = 0\n",
" appMinScore = 0\n",
" appMaxScore = 0\n",
" total= 0\n",
" ret_hash = { :done => false, :score => 0 }\n",
" auto_scaling_groups.each do |group|\n",
" if group.auto_scaling_group_name.downcase == 'webtier'\n",
" isWebAutoDone = true\n",
" webAutoScale = 5\n",
" elbArray=group.load_balancer_names\n",
" if elbArray != []\n",
" elbArray.each do |elbName|\n",
" if elbName.downcase == 'web-elb'\n",
" webElb = 5\n",
" end\n",
" end\n",
" end\n",
" if group.min_size == 2\n",
" webMinScore = 3\n",
" end\n",
" if group.max_size >= 4\n",
" webMaxScore = 2\n",
" end\n",
" end\n",
" if group.auto_scaling_group_name.downcase == 'apptier'\n",
" isAppAutoDone = true\n",
" appAutoScale = 5\n",
" elbArray=group.load_balancer_names\n",
" elbArray.each do |elbName|\n",
" if elbName.downcase == 'app-elb'\n",
" appElb = 5\n",
" end\n",
" end\n",
" if group.min_size == 2\n",
" appMinScore = 3\n",
" end\n",
" if group.max_size >= 4\n",
" appMaxScore = 2\n",
" end\n",
" end\n",
" break if (isAppAutoDone && isWebAutoDone)\n",
" end\n",
" total= webAutoScale + webElb + webMinScore + webMaxScore + appAutoScale + appElb + appMinScore + appMaxScore\n",
" if total == 30\n",
" ret_hash = { :done => true, :score => total, :message => 'Both Auto scalling groups are created and configured successfuly'}\n",
" elsif total < 30 && total > 0\n",
" ret_hash = { :done => true, :score => total, :message => 'Auto scalling group is created, but not configured correctly'}\n",
" else\n",
" ret_hash = { :done => true, :score => total, :message => 'No valid Auto scalling group is created'}\n",
" end\n",
" else\n",
" ret_hash = { :done => true, :score => total, :message => 'No valid Auto scalling group is created'}\n",
" end\n",
" return ret_hash\n",
"end"]
}
}
}