Snapshot 4n6ir Imager for Docker
THE CHALLENGE
Snapshot 4n6ir Imager python script has worked great for converting Amazon EBS Snapshots to DD images! A containerized version was needed so that the imaging process could be automated. The new version needs to support the incident response playbook with the following features:
- Secure Transfer
- High Availability
- Encryption Management
- Temporary Credentials
- Cost-Conscious
SNAPSHOT 4N6IR IMAGER FOR DOCKER
Snapshot 4n6ir Imager for Docker v0.1.1
optional arguments:
-h, --help show this help message and exit
Required:
--region REGION us-east-2
--snapshot SNAPSHOT snap-056e0b1bd07ad91b2
--token TOKEN abacadaba-abacadaba-abacadaba
The end-user initially receives an email with a token to access the Upload API for a specific region. Remember to store the API Key in AWS Secrets Manager or AWS Systems Manager Parameter Store to protect the credential.
Cloud 4n6ir Upload API Key
URL Link: https://upload.us-east-2.4n6ir.com
API Key: abacadaba-abacadaba-abacadaba
AWS Region: us-east-2
TTL Seconds: 120
Accessing the Upload API generates a pre-signed URL with a short TTL to an S3 bucket in the specific region for each block. Block size is only 512K by default that gets GZIP compressed, well under the 5 GB file size limit for a single S3 put object call. The snapshot block encrypts with the auto-generated keys before the transfer from the Upload API response.
$ python3 Snapshot-4n6ir-Imager-for-Docker.py --region us-east-2 --snapshot snap-07fd2195ff4777cfe --token abacadaba-abacadaba-abacadaba
Snapshot 4n6ir Imager for Docker v0.1.1
Region: us-east-2
Snapshot: snap-090e77f6aabdf5435
Blocks: 2730
Completed: Confirmed!
The primary objective is security, but the cost needs to be considered and accomplished by limiting data transfers to regional with the pre-signed S3 URLs. Once the image uploads to an S3 bucket, storage costs are less than EBS Snapshots plus opens the opportunity to use Amazon Glacier for additional cost savings.
Automation plays such a critical part in helping incident handlers deal with the volume of events that they need to respond too! Figured I would share an early iteration as I work on a Snapshot 4n6ir Pipeline for AWS.
Happy Coding,
John Lukach
DOWNLOAD
$ wget https://cloud.4n6ir.com/scripts/Snapshot-4n6ir-Imager-for-Docker.py.gz
$ wget https://cloud.4n6ir.com/scripts/Snapshot-4n6ir-Imager-for-Docker.sha256.txt
$ gunzip Snapshot-4n6ir-Imager-for-Docker.py.gz
$ shasum -a 256 Snapshot-4n6ir-Imager-for-Docker.py
5d45e0ecdadb2ead94ffde9c5d02192d05326692d9c8570b1ff4694293092e0c Snapshot-4n6ir-Imager-for-Docker.py