Skip to content

Commit

Permalink
style: Make links short and clickable
Browse files Browse the repository at this point in the history
  • Loading branch information
dorukozturk committed Dec 15, 2022
1 parent 12cbcba commit b74f006
Show file tree
Hide file tree
Showing 15 changed files with 40 additions and 40 deletions.
4 changes: 2 additions & 2 deletions hardeneks/cluster_wide/reliability/applications.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ def check_metrics_server_is_running(resources: Resources):
print(
Panel(
"[red]Deploy metrics server.",
subtitle="Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-kubernetes-metrics-server",
subtitle="[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-kubernetes-metrics-server]Click to see the guide[/link]",
)
)
console.print()
Expand All @@ -41,7 +41,7 @@ def check_vertical_pod_autoscaler_exists(resources: Resources):
print(
Panel(
"[red]Deploy vertical pod autoscaler if needed.",
subtitle="Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#vertical-pod-autoscaler-vpa",
subtitle="[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#vertical-pod-autoscaler-vpa]Click to see the guide[/link]",
)
)
console.print()
Expand Down
2 changes: 1 addition & 1 deletion hardeneks/cluster_wide/security/detective_controls.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ def check_logs_are_enabled(resources: Resources):
print(
Panel(
"[red]Enable control plane logs for auditing",
subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/detective/#enable-audit-logs",
subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/detective/#enable-audit-logs]Click to see the guide[/link]",
)
)
console.print()
Expand Down
6 changes: 3 additions & 3 deletions hardeneks/cluster_wide/security/encryption_secrets.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ def use_encryption_with_ebs(resources: Resources):
print_storage_class_table(
offenders,
"[red]EBS Storage Classes should have encryption parameter",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest]Click to see the guide[/link]",
)
return offenders

Expand All @@ -39,7 +39,7 @@ def use_encryption_with_efs(resources: Resources):
print_persistent_volume_table(
offenders,
"[red]EFS Persistent volumes should have tls mount option",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest]Click to see the guide[/link]",
)
return offenders

Expand All @@ -57,6 +57,6 @@ def use_efs_access_points(resources: Resources):
print_persistent_volume_table(
offenders,
"[red]EFS Persistent volumes should leverage access points",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-efs-access-points-to-simplify-access-to-shared-datasets",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-efs-access-points-to-simplify-access-to-shared-datasets]Click to see the guide[/link]",
)
return offenders
10 changes: 5 additions & 5 deletions hardeneks/cluster_wide/security/iam.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ def restrict_wildcard_for_cluster_roles(resources: Resources):
print_role_table(
offenders,
"[red]ClusterRoles should not have '*' in Verbs or Resources",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings]Click to see the guide[/link]",
"ClusterRole",
)
return offenders
Expand All @@ -40,7 +40,7 @@ def check_endpoint_public_access(resources: Resources):
print(
Panel(
"[red]EKS Cluster Endpoint is not Private",
subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#make-the-eks-cluster-endpoint-private",
subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#make-the-eks-cluster-endpoint-private]Click to see the guide[/link]",
)
)
console.print()
Expand All @@ -58,7 +58,7 @@ def check_aws_node_daemonset_service_account(resources: Resources):
print(
Panel(
"[red]Update the aws-node daemonset to use IRSA",
subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#update-the-aws-node-daemonset-to-use-irsa",
subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#update-the-aws-node-daemonset-to-use-irsa]Click to see the guide[/link]",
)
)
console.print()
Expand Down Expand Up @@ -95,7 +95,7 @@ def check_access_to_instance_profile(resources: Resources):
print_instance_metadata_table(
offenders,
"[red]Restrict access to the instance profile assigned to nodes",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#when-your-application-needs-access-to-imds-use-imdsv2-and-increase-the-hop-limit-on-ec2-instances-to-2",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#when-your-application-needs-access-to-imds-use-imdsv2-and-increase-the-hop-limit-on-ec2-instances-to-2]Click to see the guide[/link]",
)
return offenders

Expand All @@ -116,7 +116,7 @@ def disable_anonymous_access_for_cluster_roles(resources: Resources):
print_role_table(
offenders,
"[red]Don't bind clusterroles to anonymous/unauthenticated groups",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access]Click to see the guide[/link]",
"ClusterRoleBinding",
)

Expand Down
2 changes: 1 addition & 1 deletion hardeneks/cluster_wide/security/image_security.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def use_immutable_tags_with_ecr(resources: Resources):
offenders,
"imageTagMutability",
"[red]Make image tags immutable.",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/image/#use-immutable-tags-with-ecr",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/image/#use-immutable-tags-with-ecr]Click to see the guide[/link]",
)

return offenders
4 changes: 2 additions & 2 deletions hardeneks/cluster_wide/security/infrastructure_security.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def deploy_workers_onto_private_subnets(resources: Resources):
print_instance_public_table(
offenders,
"[red]Place worker nodes on private subnets.",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#deploy-workers-onto-private-subnets",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#deploy-workers-onto-private-subnets]Click to see the guide[/link]",
)
return offenders

Expand All @@ -59,7 +59,7 @@ def make_sure_inspector_is_enabled(resources: Resources):
print(
Panel(
"[red]Enable Amazon Inspector for ec2 and ecr",
subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#run-amazon-inspector-to-assess-hosts-for-exposure-vulnerabilities-and-deviations-from-best-practices",
subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#run-amazon-inspector-to-assess-hosts-for-exposure-vulnerabilities-and-deviations-from-best-practices]Click to see the guide[/link]",
)
)
console.print()
Expand Down
2 changes: 1 addition & 1 deletion hardeneks/cluster_wide/security/multi_tenancy.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ def ensure_namespace_quotas_exist(resources: Resources):
print_namespace_table(
offenders,
"[red]Namespaces should have quotas assigned",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/multitenancy/#namespaces",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/multitenancy/#namespaces]Click to see the guide[/link]",
)

return offenders
6 changes: 3 additions & 3 deletions hardeneks/cluster_wide/security/network_security.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def check_vpc_flow_logs(resources: Resources):
print(
Panel(
"[red]Enable flow logs for your VPC.",
subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#log-network-traffic-metadata",
subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#log-network-traffic-metadata]Click to see the guide[/link]",
)
)
console.print()
Expand All @@ -43,7 +43,7 @@ def check_awspca_exists(resources: Resources):
print(
Panel(
"[red]Install aws privateca issuer for your certificates.",
subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#acm-private-ca-with-cert-manager",
subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#acm-private-ca-with-cert-manager]Click to see the guide[/link]",
)
)
console.print()
Expand All @@ -60,7 +60,7 @@ def check_default_deny_policy_exists(resources: Resources):
print_namespace_table(
offenders,
"[red]Namespaces that does not have default network deny policies",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#create-a-default-deny-policy",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#create-a-default-deny-policy]Click to see the guide[/link]",
)

return offenders
2 changes: 1 addition & 1 deletion hardeneks/cluster_wide/security/pod_security.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ def ensure_namespace_psa_exist(resources: Resources):
print_namespace_table(
offenders,
"[red]Namespaces should have psa modes.",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/pods/#pod-security-standards-pss-and-pod-security-admission-psa",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/pods/#pod-security-standards-pss-and-pod-security-admission-psa]Click to see the guide[/link]",
)

return offenders
12 changes: 6 additions & 6 deletions hardeneks/namespace_based/reliability/applications.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ def avoid_running_singleton_pods(namespaced_resources: NamespacedResources):
print_pod_table(
offenders,
"[red]Avoid running pods without deployments.",
"Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#avoid-running-singleton-pods",
"[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#avoid-running-singleton-pods]Click to see the guide[/link]",
)
return offenders

Expand All @@ -35,7 +35,7 @@ def run_multiple_replicas(namespaced_resources: NamespacedResources):
print_deployment_table(
offenders,
"[red]Avoid running single replica deployments",
"Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-multiple-replicas",
"[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-multiple-replicas]Click to see the guide[/link]",
)
return offenders

Expand All @@ -58,7 +58,7 @@ def schedule_replicas_across_nodes(namespaced_resources: NamespacedResources):
print_service_table(
offenders,
"[red]Spread replicas across AZs and Nodes",
"Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#schedule-replicas-across-nodes",
"[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#schedule-replicas-across-nodes]Click to see the guide[/link]",
)
return offenders

Expand All @@ -78,7 +78,7 @@ def check_horizontal_pod_autoscaling_exists(
print_service_table(
offenders,
"[red]Deploy horizontal pod autoscaler for deployments",
"Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#horizontal-pod-autoscaler-hpa",
"[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#horizontal-pod-autoscaler-hpa]Click to see the guide[/link]",
)
return offenders

Expand All @@ -95,7 +95,7 @@ def check_readiness_probes(namespaced_resources: NamespacedResources):
print_pod_table(
offenders,
"[red]Define readiness probes for pods.",
"Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-readiness-probe-to-detect-partial-unavailability",
"[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-readiness-probe-to-detect-partial-unavailability]Click to see the guide[/link]",
)
return offenders

Expand All @@ -112,6 +112,6 @@ def check_liveness_probes(namespaced_resources: NamespacedResources):
print_pod_table(
offenders,
"[red]Define liveness probes for pods.",
"Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-liveness-probe-to-remove-unhealthy-pods",
"[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-liveness-probe-to-remove-unhealthy-pods]Click to see the guide[/link]",
)
return offenders
2 changes: 1 addition & 1 deletion hardeneks/namespace_based/security/encryption_secrets.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ def disallow_secrets_from_env_vars(resources: NamespacedResources):
print_pod_table(
offenders,
"[red]Disallow secrets from env vars",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-volume-mounts-instead-of-environment-variables",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-volume-mounts-instead-of-environment-variables]Click to see the guide[/link]",
)

return offenders
14 changes: 7 additions & 7 deletions hardeneks/namespace_based/security/iam.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def restrict_wildcard_for_roles(resources: NamespacedResources):
print_role_table(
offenders,
"[red]Roles should not have '*' in Verbs or Resources",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings]Click to see the guide[/link]",
"Role",
)
return offenders
Expand All @@ -44,7 +44,7 @@ def disable_service_account_token_mounts(resources: NamespacedResources):
print_pod_table(
offenders,
"[red]Auto-mounting of Service Account tokens is not allowed",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#disable-auto-mounting-of-service-account-tokens",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#disable-auto-mounting-of-service-account-tokens]Click to see the guide[/link]",
)
return offenders

Expand All @@ -64,7 +64,7 @@ def disable_run_as_root_user(resources: NamespacedResources):
print_pod_table(
offenders,
"[red]Running as root is not allowed",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#run-the-application-as-a-non-root-user",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#run-the-application-as-a-non-root-user]Click to see the guide[/link]",
)

return offenders
Expand All @@ -86,7 +86,7 @@ def disable_anonymous_access_for_roles(resources: NamespacedResources):
print_role_table(
offenders,
"[red]Don't bind roles to anonymous or unauthenticated groups",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access]Click to see the guide[/link]",
"RoleBinding",
)
return offenders
Expand Down Expand Up @@ -116,7 +116,7 @@ def use_dedicated_service_accounts_for_each_deployment(
print_workload_table(
offenders,
"[red]Don't share service accounts between Deployments",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application]Click to see the guide[/link]",
"Deployment",
)

Expand Down Expand Up @@ -147,7 +147,7 @@ def use_dedicated_service_accounts_for_each_stateful_set(
print_workload_table(
offenders,
"[red]Don't share service accounts between StatefulSets",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application]Click to see the guide[/link]",
"StatefulSet",
)

Expand Down Expand Up @@ -178,7 +178,7 @@ def use_dedicated_service_accounts_for_each_daemon_set(
print_workload_table(
offenders,
"[red]Don't share service accounts between DaemonSets",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application]Click to see the guide[/link]",
"DaemonSet",
)

Expand Down
2 changes: 1 addition & 1 deletion hardeneks/namespace_based/security/network_security.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,6 @@ def use_encryption_with_aws_load_balancers(
print_service_table(
offenders,
"[red]Make sure you specify an ssl cert",
"Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#use-encryption-with-aws-load-balancers",
"[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#use-encryption-with-aws-load-balancers]Click to see the guide[/link]",
)
return offenders
Loading

0 comments on commit b74f006

Please sign in to comment.