Bots.md

Guardrails Bots

MyHosting / Guardrails Bot Index

Add-ons

### DynamoDB ADD_ONS_KEYS ################################################################
ADD_ONS_KEYS = ['Bots', 'Connectivity', 'Egress', 'Networking', 'SupportAccess', 'Tooling']

Add-ons Objects Summary

### DynamoDB ADD_ONS_SUM #################################################################
Bots          = ['FLBS', 'GDBS', 'IATM', 'Initiative', 'NAAPI', 'ZoneInventory', 'tagger']
Connectivity  = ['Transit Gateway', 'Virtual WAN', 'VGW']
Egress        = ['Network Firewall', 'Blacklist Firewall', 'BlacklistNAT', 'BlacklistFirewall', 
                    'Customer Managed', 'WhitelistNAT']
Networking    = ['VPC Peering', 'VNET Peering', 'TGW', 'ATT Direct Connect']
SupportAccess = ['CloudPod', 'Predix', 'WebOps', 'Healthcloud', 'CloudOps', 'DBOps', 'AMS', 'Pavla']
Tooling       = ['Scalr']

Action Bot

Execution Account: (277688789493) [public-cloud-prod], at us-east-1 region, Provisioned on 2013-11-27 3:28:50 PM Owner: 200016241 Brock, Robert D.

Trigger: EventBridge Role: cs/p-actionbots
Trust relationship:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::277688789493:role/gourdians-of-the-galaxy-prod-us-east-1-lambdaRole",
                    "arn:aws:iam::277688789493:role/ecr-for-evm",
                    "arn:aws:iam::277688789493:role/iatm-prod-us-east-1-lambdaRole",
                    "arn:aws:iam::277688789493:role/flowdoula-prod-us-east-1-lambdaRole"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Managed Attached Policies:

• AmazonEC2ReadOnlyAccess
• AmazonGuardDutyReadOnlyAccess
• CloudWatchReadOnlyAccess

Custom Attached Policy:

• p-actionbots-policy
• refried-beans

p-actionbots-policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "FlowDoula",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateFlowLogs",
                "logs:CreateLogGroup",
                "logs:PutRetentionPolicy"
            ],
            "Resource": "*"
        },
        {
            "Sid": "FlowDoulaPassRole",
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::432375862099:role/cs/vpc_flow_to_logs"
        },
        {
            "Sid": "GuardDuty",
            "Effect": "Allow",
            "Action": [
                "guardduty:CreateDetector",
                "guardduty:AcceptInvitation",
                "guardduty:CreateMembers",
                "guardduty:InviteMembers"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowScanningECR",
            "Effect": "Allow",
            "Action": [
                "ecr:DescribeImageScanFindings",
                "ecr:StartImageScan",
                "ecr:PutImageScanningConfiguration"
            ],
            "Resource": "*"
        },
        {
            "Sid": "FloatingRoleRemediation",
            "Effect": "Allow",
            "Action": "iam:UpdateAssumeRolePolicy",
            "Resource": "*"
        }
    ]
}

refried-beans

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Resource": [
                "arn:aws:ec2:*",
                "arn:aws:ec2:*:*:volume/*",
                "arn:aws:rds:*",
                "arn:aws:s3:::*",
                "arn:aws:elasticloadbalancing:*"
            ],
            "Action": [
                "ec2:CreateTags",
                "rds:AddTagsToResource",
                "s3:PutBucketTagging",
                "elasticloadbalancing:AddTags"
            ],
            "Effect": "Allow",
            "Sid": "allowTagging"
        }
    ]
}