{"id":15406686,"url":"https://github.com/majormoses/aws-watcher","last_synced_at":"2026-01-29T00:03:03.421Z","repository":{"id":46275405,"uuid":"86449008","full_name":"majormoses/aws-watcher","owner":"majormoses","description":"A mechanism for finding nodes that have spun up and not bootstrapped to chef","archived":false,"fork":false,"pushed_at":"2021-11-03T00:37:33.000Z","size":50,"stargazers_count":0,"open_issues_count":2,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-07T12:42:11.872Z","etag":null,"topics":["aws","bootstrap","chef","cost-control","monitoring"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/majormoses.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-03-28T10:53:53.000Z","updated_at":"2021-11-03T00:37:36.000Z","dependencies_parsed_at":"2022-08-29T12:40:38.008Z","dependency_job_id":null,"html_url":"https://github.com/majormoses/aws-watcher","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/majormoses/aws-watcher","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/majormoses%2Faws-watcher","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/majormoses%2Faws-watcher/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/majormoses%2Faws-watcher/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/majormoses%2Faws-watcher/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/majormoses","download_url":"https://codeload.github.com/majormoses/aws-watcher/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/majormoses%2Faws-watcher/sbom","scorecard":{"id":613258,"data":{"date":"2025-08-11","repo":{"name":"github.com/majormoses/aws-watcher","commit":"084b067f537310c899eea1ba2dc966ee514fbde6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.2,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/6 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/majormoses/aws-watcher/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/majormoses/aws-watcher/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/majormoses/aws-watcher/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/majormoses/aws-watcher/codeql-analysis.yml/master?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T03:11:11.913Z","repository_id":46275405,"created_at":"2025-08-21T03:11:11.913Z","updated_at":"2025-08-21T03:11:11.913Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28856911,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T22:56:21.783Z","status":"ssl_error","status_checked_at":"2026-01-28T22:56:00.861Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","bootstrap","chef","cost-control","monitoring"],"created_at":"2024-10-01T16:24:57.323Z","updated_at":"2026-01-29T00:03:03.405Z","avatar_url":"https://github.com/majormoses.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aws-watcher\nA mechanism for finding nodes that have spun up and not bootstrapped to chef\n\nThe implementation is based on: https://github.com/eheydrick/aws-cleaner\n\nThis application is under active development and is not production ready, there will be rapid and breaking changes for a bit and when we are ready we will release a 1.0 and then all breaking changes will be a major version bump regardless of the % of users it breaks.\n\n# Setup\nThe setup for cloudwatch should be the same as aws-cleaner other than it should use a different queue name and should be the same other than the state should be \"running\" rather than terminated. here is an example of the event pattern:\n```json\n{\n  \"source\": [\n    \"aws.ec2\"\n  ],\n  \"detail-type\": [\n    \"EC2 Instance State-change Notification\"\n  ],\n  \"detail\": {\n    \"state\": [\n      \"running\"\n    ]\n  }\n}\n```\n\nYou will also need to have some tag that we can filter on I recommend using something like the environment name or the chef_server name.\n\n### Installation\n\n1. `gem install aws-watcher`\n\n### Usage\n\n```\nOptions:\n  -c, --config=\u003cs\u003e    Path to config file (default: config.yml)\n  -t, --tag=\u003cs\u003e       Filters events by ec2 tag. Can supply multiple values (tagName:tagValue1,tagValue2)\n  -h, --help          Show this message\n```\n\nCopy the example config file `config.yml.sample` to `config.yml`\nand fill in the configuration details. You will need AWS Credentials\nand are strongly encouraged to use an IAM user with access limited to\nthe AWS CloudWatch Events SQS queue.You will need to specify the region\nin the config even if you are using IAM Credentials.\n\nThe app takes a configuration file via arg `-c`. If `-c` is omitted it will look for `config.yml` file in the current directory.\n\nDue to limitations on Cloudwatch alert filtering there is no way to support multiple chef servers in the same aws account and region without filtering on something like an aws tag. As such we decided to go a simple route and have this specified via arg `-t`. The idea is that many companies need multiple chef servers in the same aws account and in the same region but may be separated by business unit or environment.\n\nExample use cases for aws tags:\n- Single chef server for an org/business unit or per environment chef servers: `environment:dev` or `biz_unit:foo`\n- Single chef server with multiple environments: `environment:prod1,prod2`\n- Single chef server (possibly mixed with other groups using other CM): `chef_managed:true`\n\n\n\nThe app is started by running aws_watcher.rb and it will run until\nterminated. A production install would start it with upstart or\nsimilar.\n\nExample Notification:\n\n![aws-watcher](https://raw.github.com/majormoses/aws-watcher/master/example-notification.png)\n\n### Limitations\n#### Cloudwatch\nThere are some limitations on cloudwatch and the ability to filter an event. Even if you have multiple vpcs providing isolation per account we cant filter without some information. I decided to go with an aws tag as this provides a simple way and fits my existing deployment model. See above for usage.\n\n#### aws-cleaner\n- the notification for Hipchat will always have 'AWS Cleaner' because this is hard coded in the upstream library. I have identified where and I will create a PR to fix that once my existing PRs are merged.\n\nIn addtion please note the limitations in the upstream repository: https://github.com/eheydrick/aws-cleaner/blob/master/README.md#limitations\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmajormoses%2Faws-watcher","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmajormoses%2Faws-watcher","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmajormoses%2Faws-watcher/lists"}