A comprehensive collection of DevOps automation tools and scripts for cloud infrastructure management, CI/CD pipelines, and operational tasks.
devops-automation/
├── aws-agentcore-runtime/ # AWS Bedrock AgentCore AI agent deployment
├── aws-backup-failed-monitoring/ # AWS Backup job failure monitoring
├── aws-cloudwatch-alarm-failed-monitoring/ # CloudWatch alarm action failure monitoring
├── aws-cost-explorer-report/ # AWS cost analysis and reporting
├── aws-cw-orphan-alarms/ # CloudWatch orphaned alarms cleanup
├── aws-ec2-backup-check/ # EC2 backup validation automation
├── aws-ec2-spot-interruption-notification/ # EC2 Spot Instance interruption alerts
├── aws-ecs-service-monitoring/ # ECS service monitoring and alerting
├── aws-ecs-service-task-recycle/ # ECS service task sequential recycling
├── aws-guardduty-notification/ # GuardDuty multi-channel alert system
├── aws-iam-identity-accounts-sso/ # AWS SSO credential automation
├── aws-news/ # AWS news aggregation service
├── aws-start-stop-services/ # EC2 instance automated scheduling
├── aws-target-group-report/ # Target group health reporting
├── database-user-management/ # Database user access management automation
├── kong-service-routes/ # Kong API Gateway automation
├── npm-vulnerability-report/ # NPM security vulnerability scanning
├── unauthenticated-apis-report/ # API authentication security scanning
└── README.md # This file
Location: aws-agentcore-runtime/
Comprehensive solution for building, deploying, and managing AI agents using AWS Bedrock AgentCore Runtime. Provides a serverless, fully managed environment for running AI agents at scale with enterprise-grade security and performance.
Key Features:
- Serverless AI agent deployment using AWS Bedrock AgentCore
- Integration with Claude 3 Haiku model for natural language processing
- Automated build and deployment pipeline with S3 storage
- Production-ready Python implementation with error handling and logging
- Direct API invocation and Lambda integration support
- Comprehensive monitoring and observability features
- Security best practices and compliance considerations
Location: database-user-management/
Automated database user access management system that handles MySQL user creation, privilege management, and access control. Provides comprehensive user lifecycle management with email notifications and DynamoDB tracking.
Key Features:
- Automated MySQL user creation and deletion
- Granular privilege management (READ, READ_WRITE, ADMIN levels)
- Multi-project and multi-database support
- DynamoDB integration for user tracking and audit trails
- Email notifications for access grants, updates, and revocations
- Flexible AWS authentication methods
- Comprehensive logging and error handling
- Command-line interface for easy integration
- Security validation and email domain restrictions
Location: aws-backup-failed-monitoring/
Automated monitoring solution for AWS Backup jobs that identifies failed backup operations and sends detailed reports via email. Helps maintain backup compliance by proactively alerting on backup failures.
Key Features:
- Failed backup job detection over configurable time periods
- Excel report generation with detailed failure information
- Email notifications with attached reports
- Multi-account support with various authentication methods
- Jenkins pipeline integration for automated scheduling
Location: aws-secrets-manager-backup/
Automated daily backup solution for AWS Secrets Manager that stores all secrets in S3 in JSON format. Provides comprehensive backup management with date-based organization and optional email notifications.
Key Features:
- Daily automated backup of all AWS Secrets Manager secrets
- S3 storage with date-based organization and latest versions
- Optional SMTP email notifications for backup status reports
- Flexible AWS authentication methods (profile, role, keys, STS)
- CloudFormation deployment with EventInvokeConfig (0 retries)
- Comprehensive logging and error handling
- S3 lifecycle policies for automatic cleanup
- Production-ready security with encryption and access controls
Location: aws-cost-explorer-report/
Generates comprehensive AWS cost analysis reports with breakdowns by service, region, and account. Includes integration with Prowler and AWS Scout Suite for security assessments.
Key Features:
- Cost breakdown by service and region
- Excel export functionality
- Multi-account cost aggregation
- Security scanning integration
Location: aws-cw-orphan-alarms/
Identifies and manages orphaned CloudWatch alarms that reference deleted resources. Helps maintain clean monitoring infrastructure and reduce costs.
Key Features:
- Automated orphan alarm detection
- Jenkins pipeline integration
- Email notifications
- Multi-account support
Location: aws-cloudwatch-alarm-failed-monitoring/
Monitors CloudWatch alarms for failed actions and sends detailed email reports. Helps maintain monitoring infrastructure health by proactively alerting on alarm action failures.
Key Features:
- Failed alarm action detection
- Detailed error reporting with HTML email format
- Multi-account authentication support
- Jenkins pipeline integration for automated scheduling
- SMTP configuration via AWS Secrets Manager
Location: aws-ec2-backup-check/
Validates EC2 instance backup compliance and sends notifications for instances without proper backup configurations. Deployable as Lambda function.
Key Features:
- Automated backup validation
- CloudFormation deployment
- Email notifications via SES
- Scheduled execution support
Location: aws-ec2-spot-interruption-notification/
Automated notification system for AWS EC2 Spot Instance interruption warnings. Monitors spot instance interruption events and sends alerts via multiple channels including SNS, Google Chat, and SMTP email.
Key Features:
- Multi-channel notifications (SNS, Google Chat, SMTP email)
- ECS service detection on interrupted instances
- Flexible AWS authentication methods
- CloudFormation deployment with automated scripts
- Real-time spot interruption monitoring
- Service impact assessment and reporting
Location: aws-iam-identity-accounts-sso/
Automates AWS SSO authentication and credential extraction for multiple accounts and roles. Streamlines access management across different AWS environments.
Key Features:
- Automated SSO device flow authentication
- Multi-account credential extraction
- JSON output for integration with other tools
- Support for multiple roles per account
Location: aws-news/
Serverless Lambda function that aggregates and delivers AWS news and updates. Includes Terraform infrastructure as code for deployment.
Key Features:
- Automated AWS news collection
- Terraform deployment
- Serverless architecture
- Scheduled news delivery
Location: aws-target-group-report/
Generates health and status reports for AWS Application Load Balancer target groups. Monitors target health and sends notifications.
Key Features:
- Target health monitoring
- Automated reporting
- Lambda-based execution
- Email notifications
Location: aws-ecs-service-monitoring/
Automated monitoring solution for AWS ECS services that detects service failures, deployment issues, and task placement problems. Sends real-time notifications via SNS and creates custom CloudWatch metrics.
Key Features:
- Real-time ECS service event monitoring
- Automated failure detection and alerting
- Custom CloudWatch metrics creation
- SNS notification integration
- Terraform infrastructure as code
- Support for multiple clusters and services
Location: aws-ecs-service-task-recycle/
Automated Lambda function for recycling AWS ECS service tasks sequentially, maintaining service availability during the process. Unlike ECS force deployment which replaces all tasks in parallel, this solution stops and replaces tasks one by one with configurable wait times.
Key Features:
- Sequential task recycling instead of parallel replacement
- Service stability checks between each task replacement
- Optional capacity management to maintain availability
- Configurable wait time between task replacements
- Support for services with Application Auto Scaling
- Flexible AWS authentication methods
- Optional SMTP email notifications
- CloudFormation deployment with EventInvokeConfig (0 retries)
- Event-driven execution with customizable parameters
Location: aws-guardduty-notification/
Comprehensive serverless solution for processing AWS GuardDuty security findings and delivering intelligent notifications across multiple channels. Built with enterprise-grade security and reliability in mind.
Key Features:
- Real-time GuardDuty finding processing via EventBridge
- Multi-channel notifications (SNS, Email, Google Chat)
- Flexible AWS authentication methods
- Production-ready error handling and logging
- CloudFormation infrastructure as code
- Automated deployment scripts
- Severity-based alert formatting
- Comprehensive security best practices
Location: aws-start-stop-services/
Automated EC2 instance scheduling solution that starts and stops instances based on EventBridge cron schedules. Designed for cost optimization in non-production environments by running instances only during business hours.
Key Features:
- Automated start/stop scheduling with EventBridge cron expressions
- Multi-instance and multi-module support (backend, frontend, databases)
- SNS notifications for success and failure scenarios
- VPC-enabled Lambda with security group controls
- Terraform infrastructure as code with workspace support
- CloudWatch logging and error alarms
- Production-ready Python code with type hints and error handling
- Cost savings up to 64% for non-production workloads
- Idempotent operations safe for retries
- Comprehensive observability and audit trail
Location: kong-service-routes/
Automated Kong API Gateway service and route management tool that creates and configures Kong services, routes, plugins, and consumers based on JSON configuration.
Key Features:
- Automated service and route creation
- Plugin configuration management
- Consumer and credential management
- Duplicate prevention validation
- Comprehensive logging system
Location: npm-vulnerability-report/
Scans GitHub and GitLab repositories for NPM package vulnerabilities. Generates consolidated security reports across multiple repositories.
Key Features:
- GitHub and GitLab integration
- NPM audit automation
- Vulnerability aggregation
- Email notifications
Location: unauthenticated-apis-report/
Security automation tool that scans API endpoints to identify unauthenticated access vulnerabilities. Tests various HTTP methods and authentication schemes.
Key Features:
- Multi-method API testing (GET, POST, PUT, DELETE)
- Authentication bypass detection
- Token validation testing
- Automated security reporting
- Email notifications for vulnerabilities
- Python 3.13+
- AWS CLI configured
- Appropriate cloud provider access
- Git for version control
# Clone the repository
git clone <repository-url>
cd devops-automation
# Navigate to specific solution (examples)
cd aws-cost-explorer-report
cd aws-cloudwatch-alarm-failed-monitoring
cd aws-iam-identity-accounts-sso
cd npm-vulnerability-report
cd kong-service-routes
# Follow solution-specific README- Browse Solutions: Each directory contains a specific automation solution
- Read Documentation: Check individual README files for detailed instructions
- Customize: Modify scripts according to your environment requirements
- Test: Always test in non-production environments first
- Contribute: Add new solutions following the established structure
- Never commit actual credentials or sensitive data
- Use example files with placeholder values
- Implement proper secret management
- Follow least privilege access principles
- Regular security audits of automation scripts
- Create a new directory with descriptive name
- Include comprehensive README.md
- Provide example configuration files
- Add security considerations
- Update this main README
solution-name/
├── README.md # Detailed documentation
├── main-script.py # Primary automation script
├── example-config.json # Sample configuration
├── requirements.txt # Dependencies (if applicable)
└── tests/ # Test files (optional)
- Kubernetes cluster automation
- Terraform state management
- CI/CD pipeline templates
- Monitoring and alerting setup
- Container registry management
- Infrastructure cost optimization
- Backup and disaster recovery automation
- Multi-cloud resource management
- Security compliance automation
- Cross-cloud provider support
- Integration with popular DevOps tools
- Automated testing frameworks
- Performance monitoring
- Documentation automation
- Use GitHub issues for bug reports
- Provide detailed reproduction steps
- Include environment information
- Tag issues appropriately
- Follow semantic versioning
- Maintain changelog for major updates
- Tag releases appropriately
- Document breaking changes
This project is licensed under the MIT License - see individual solution directories for specific licensing information.
DevOps Lead: Prashant Gupta
Team: Cloud Platform Lead
Note: This repository contains automation tools for DevOps operations. Always review and test scripts in non-production environments before deployment. Ensure compliance with your organization's security policies and procedures.