{"id":42552631,"url":"https://github.com/scottbrown/hardtarget","last_synced_at":"2026-01-28T19:21:53.292Z","repository":{"id":66784512,"uuid":"130911037","full_name":"scottbrown/hardtarget","owner":"scottbrown","description":"A serverless solution to provide security assessments of newly built AMIs.","archived":false,"fork":false,"pushed_at":"2026-01-12T11:35:08.000Z","size":58,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-12T19:24:14.826Z","etag":null,"topics":["aws","security","serverless"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scottbrown.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-04-24T20:38:28.000Z","updated_at":"2026-01-12T11:35:06.000Z","dependencies_parsed_at":"2024-07-08T12:23:52.302Z","dependency_job_id":null,"html_url":"https://github.com/scottbrown/hardtarget","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/scottbrown/hardtarget","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottbrown%2Fhardtarget","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottbrown%2Fhardtarget/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottbrown%2Fhardtarget/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottbrown%2Fhardtarget/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scottbrown","download_url":"https://codeload.github.com/scottbrown/hardtarget/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottbrown%2Fhardtarget/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28849821,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T15:15:36.453Z","status":"ssl_error","status_checked_at":"2026-01-28T15:15:13.020Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","security","serverless"],"created_at":"2026-01-28T19:21:52.420Z","updated_at":"2026-01-28T19:21:53.284Z","avatar_url":"https://github.com/scottbrown.png","language":null,"readme":"# Hard Target\n\nA serverless solution to provide security assessments of newly built AMIs.\n\nThis project relies heavily on Amazon Web Services (AWS).\n\n## Logic\n\nWhen a new AMI is built, an event is published onto EventBridge.\nThis project captures that event and initiates a set of processes.\nThe first process is to spin up an EC2 instance using the newly built\nAMI.  Once the server has started, Lynis is installed and then run so\nthat it generates a report.  This should take about 3 minutes.  Once the\nreport is ready, it is uploaded to an S3 bucket for permanent storage.\nFinally, the server shuts itself down.\n\nWhen the report lands in the S3 bucket, an event notification occurs\nwhich notifies Event Bridge.  This invokes two Lambda functions.  The\nfirst shuts down the EC2 instance.  The second inspects the report, pulls\nout the score, then tags the AMI with the score.\n\nAnd finally, there is a Lambda function which runs every 10 minutes to\ncheck whether there are any old EC2 instances still sitting around doing\nnothing.  Perhaps they got stuck.  It terminates them.\n\n### Sequence Diagrams\n\n#### Assessing an AMI\n\n```mermaid\nsequenceDiagram\n  title Assessing an AMI\n\n  participant AMI\n  participant EB as EventBridge\n  participant L as Lambda\n  participant CFN as CloudFormation\n  participant EC2\n  participant S3\n\n  AMI-\u003e\u003eEB: publish event\n  EB-\u003e\u003eL: invokes\n  activate L\n  L-\u003e\u003eCFN: launches\n  CFN--\u003e\u003eL: \u003c\u003c ok \u003e\u003e\n  deactivate L\n  activate EC2\n  CFN-\u003e\u003eEC2: creates\n  EC2-\u003e\u003eEC2: run user data\n  EC2-\u003e\u003eS3: uploads report\n  S3--\u003e\u003eEC2: \u003c\u003c ok \u003e\u003e\n  deactivate EC2\n  S3-\u003e\u003eEB: puts event\n```\n\n#### Cleaning Up\n\n```mermaid\nsequenceDiagram\n  title Cleaning Up\n\n  participant EB as EventBridge\n  participant L as Lambda\n  participant CFN as CloudFormation\n  participant EC2\n\n  EB-\u003e\u003eL: invokes\n  L-\u003e\u003eCFN: deletes\n  CFN-\u003e\u003eEC2: terminates\n  EC2--\u003e\u003eCFN: \u003c\u003c ok \u003e\u003e\n  CFN--\u003e\u003eL: \u003c\u003c ok \u003e\u003e\n```\n\n#### Inspecting the Report\n\n```mermaid\nsequenceDiagram\n  title Inspecting the Report\n\n  participant EB as EventBridge\n  participant L as Lambda\n  participant CFN as CloudFormation\n  participant EC2\n  participant S3\n\n  EB-\u003e\u003eL: invokes\n  activate L\n  L-\u003e\u003eS3: get report\n  S3--\u003e\u003eL: \u003c\u003c file \u003e\u003e\n  L-\u003e\u003eL: get score from report\n  L-\u003e\u003eL: get AMI from event\n  L-\u003e\u003eAMI: tags\n  AMI--\u003e\u003eL: \u003c\u003c ok \u003e\u003e\n  deactivate L\n```\n\n#### Reaping Stuck EC2 Instances\n\n```mermaid\nsequenceDiagram\n  title Reaping Stuck EC2 Instances\n\n  participant EB as EventBridge\n  participant L as Lambda\n  participant CFN as CloudFormation\n\n  EB-\u003e\u003eEB: timer fires every 10 mins\n  EB-\u003e\u003eL: invokes\n  activate L\n  L-\u003e\u003eCFN: list old hardtarget stacks\n  CFN--\u003e\u003eL: \u003c\u003c list(stacks) \u003e\u003e\n  loop \"each stack\"\n    L-\u003e\u003eCFN: delete stack\n    CFN--\u003e\u003eL: \u003c\u003c ok \u003e\u003e\n  end\n  deactivate L\n```\n\n## Goals\n\nThis project lives by the following goals:\n\n1. Do not interfere with normal servers.  This would break immutable infrastructure environments.\n1. Do not impact the existing infrastructure environment.  Play well with others.\n1. Do not cost too much money.  Security is still seen as a cost centre.\n1. Do not keep persistent servers around.\n1. Gather data, do not apply policy.  AMIs are tagged with a score.  It is up to service teams to implement their own standards of what is secure.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscottbrown%2Fhardtarget","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscottbrown%2Fhardtarget","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscottbrown%2Fhardtarget/lists"}