Gerard King - Cloud Security Policy Enforcer

"""

Title: Cloud Security Policy Enforcer

Author: Gerard King

Date: 2023-09-02

Use Case: Enforce security policies for cloud resources

Target Audience: Security teams, Cloud administrators

Website: www.gerardking.dev

Description:

This script enforces security policies for cloud resources on AWS using Boto3.

Designed for security teams and cloud administrators to ensure compliance with security best practices.

Usage:

1. Install 'boto3' library using 'pip install boto3'.

2. Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variables.

3. Customize 'resource_id', 'policy_rules', and 'enforcement_action'.

4. Run the script using 'python security_policy_enforcer.py'.

"""

import boto3

import os

def enforce_security_policy():

aws_access_key = os.getenv('AWS_ACCESS_KEY_ID')

aws_secret_key = os.getenv('AWS_SECRET_ACCESS_KEY')

if not aws_access_key or not aws_secret_key:

raise ValueError("AWS credentials not configured. Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variables.")

config = boto3.client('config', region_name='us-east-1', aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)

resource_id = 'i-1234567890' # Replace with actual resource ID

policy_rules = ['security-group-public-egress', 'instance-no-public-ip']

enforcement_action = 'DELETE'

response = config.put_evaluations(

Evaluations=[{

'ComplianceResourceType': 'AWS::EC2::Instance',

'ComplianceResourceId': resource_id,

'ComplianceType': 'NON_COMPLIANT',

'Annotation': f"Non-compliant due to policy violations: {', '.join(policy_rules)}",

'OrderingTimestamp': '2023-09-02T00:00:00Z'

}]

)

print(f"Enforced security policy on {resource_id}. Action: {enforcement_action}")

if __name__ == "__main__":

try:

enforce_security_policy()

except Exception as e:

print("An error occurred:", str(e))