- Print
- DarkLight
LimaCharlie's Cloud CLI Extension (ext-cloud-cli
) allows you to trigger actions against CLI or API endpoints for third-party products. This extension facilitates bi-directional communication between LimaCharlie and nearly any telemetry source. Actions can be triggered from the Cloud CLI UI or automated via D&R rules.
This extension currently supports interaction with the following platforms:
Usage
The Cloud CLI extension is enabled via the Add-Ons Marketplace. When enabled, the Cloud CLI extension provides the following UI, available via the Extensions menu in LimaCharlie.
From this UI, you can build and execute commands against the CLI or API endpoints of the chosen product.
Cloud CLI commands can also be executed via D&R rules and the use of the extension request
action. Two examples include:
Example 1: Stop EC2 instances based on an instance_id
parameter found in AWS telemetry.
- action: extension request
extension action: run
extension name: ext-cloud-cli
extension request:
cloud: '{{ "aws" }}'
command_tokens:
- ec2
- stop-instances
- '--instance-ids'
- '{{ .event.instance_id }}'
- '--region'
- us-east-1
credentials: '{{ "hive://secret/secret-name" }}'
Example 2: Enumerate a list of VMs from an Azure tenant.
- action: extension request
extension action: run
extension name: ext-cloud-cli
extension request:
cloud: '{{ "az" }}'
command_line: '{{ "vm list" }}'
credentials: '{{ "hive://secret/secret-name" }}'
Credentials
You must set up credentials in the respective third-party tools or platforms prior to utilizing this extension. Once procured, credentials can be stored in the Secrets config hive or provided ad-hoc to the extension, in the UI. We recommend storing credentials in the Secrets config hive if you plan to make repetitive calls with this extension.
Where available, details for procuring third-party credentials are provided in their respective sub-pages.