Snapshot 4n6ir Imager for Docker

THE CHALLENGE

Snapshot 4n6ir Imager python script has worked great for converting Amazon EBS Snapshots to DD images! A containerized version was needed so that the imaging process could be automated. The new version needs to support the incident response playbook with the following features:

  • Secure Transfer
  • High Availability
  • Encryption Management
  • Temporary Credentials
  • Cost-Conscious
SNAPSHOT 4N6IR IMAGER FOR DOCKER
Snapshot 4n6ir Imager for Docker v0.1.1

optional arguments:
  -h, --help           show this help message and exit

Required:
  --region REGION      us-east-2
  --snapshot SNAPSHOT  snap-056e0b1bd07ad91b2
  --token TOKEN        abacadaba-abacadaba-abacadaba

The end-user initially receives an email with a token to access the Upload API for a specific region. Remember to store the API Key in AWS Secrets Manager or AWS Systems Manager Parameter Store to protect the credential.

Cloud 4n6ir Upload API Key

	URL Link: https://upload.us-east-2.4n6ir.com
	API Key: abacadaba-abacadaba-abacadaba
	AWS Region: us-east-2
	TTL Seconds: 120

Accessing the Upload API generates a pre-signed URL with a short TTL to an S3 bucket in the specific region for each block. Block size is only 512K by default that gets GZIP compressed, well under the 5 GB file size limit for a single S3 put object call. The snapshot block encrypts with the auto-generated keys before the transfer from the Upload API response.

$ python3 Snapshot-4n6ir-Imager-for-Docker.py --region us-east-2 --snapshot snap-07fd2195ff4777cfe --token abacadaba-abacadaba-abacadaba

Snapshot 4n6ir Imager for Docker v0.1.1

	Region: 	us-east-2
	Snapshot: 	snap-090e77f6aabdf5435
	Blocks: 	2730
	Completed: 	Confirmed!

The primary objective is security, but the cost needs to be considered and accomplished by limiting data transfers to regional with the pre-signed S3 URLs. Once the image uploads to an S3 bucket, storage costs are less than EBS Snapshots plus opens the opportunity to use Amazon Glacier for additional cost savings.

Automation plays such a critical part in helping incident handlers deal with the volume of events that they need to respond too! Figured I would share an early iteration as I work on a Snapshot 4n6ir Pipeline for AWS.

Happy Coding,

John Lukach

DOWNLOAD
$ wget https://cloud.4n6ir.com/scripts/Snapshot-4n6ir-Imager-for-Docker.py.gz
$ wget https://cloud.4n6ir.com/scripts/Snapshot-4n6ir-Imager-for-Docker.sha256.txt
$ gunzip Snapshot-4n6ir-Imager-for-Docker.py.gz
$ shasum -a 256 Snapshot-4n6ir-Imager-for-Docker.py 
5d45e0ecdadb2ead94ffde9c5d02192d05326692d9c8570b1ff4694293092e0c  Snapshot-4n6ir-Imager-for-Docker.py

Snapshot-4n6ir-Imager-for-Docker