Fix CLI tool
Download the latest release from the releases page. On macOS and Linux make sure to make the binary executable.
Linux Example:
curl -Lo fixctl https://github.com/someengineering/fixctl/releases/download/0.0.9/fixctl-linux-amd64-0.0.9
chmod +x fixctl
brew install someengineering/tap/fixctl
fixctl allows you to search the Fix Security Graph and export cloud inventory data for further processing.
Usage:
fixctl [flags]
Flags:
--csv-headers string CSV headers (default "id,name,kind,/ancestors.cloud.reported.id,/ancestors.account.reported.id,/ancestors.region.reported.id")
--endpoint string API endpoint URL (env FIX_ENDPOINT) (default "https://app.fix.security")
--format string Output format: json, yaml or csv (default "json")
-h, --help help for fixctl
--search string Search string
--token string Auth token (env FIX_TOKEN)
--verbose enable verbose output
-v, --version version for fixctl
--with-edges Include edges in search results
--workspace string Workspace ID (env FIX_WORKSPACE)
If an environment variable is set, it will be used and the command line flag ignored.
Go to your user settings and create an API token. Set the FIX_TOKEN
environment variable to the token value.
Then go to your workspace settings and export FIX_WORKSPACE
to the workspace ID you want to query.
Search for available AWS EBS volumes that have not been accessed in the last 7 days and output in CSV format.
$ fixctl --format csv --search "is(aws_ec2_volume) and volume_status = available and last_access > 7d"
vol-0adeedfc71dcbe9d5,ResotoEKS-dynamic-pvc-e575191f-d4f3-4253-96e4-399ded05bf14,aws_ec2_volume,aws,752466027617,eu-central-1
vol-0ae5f3fad85b7b3c6,vol-0ae5f3fad85b7b3c6,aws_ec2_volume,aws,625596817853,eu-central-1
vol-0fe068d91a8aaaced,ResotoEKS-dynamic-pvc-08ded29a-70c9-4d36-9d28-727140850d96,aws_ec2_volume,aws,752466027617,eu-central-1
The default output format for fixctl
is JSON. Here we search for the same orphaned volumes and use jq
to format the output as aws ec2 delete-volume
commands.
$ fixctl --search "is(aws_ec2_volume) and volume_status = available and last_access > 30d" | jq -r '. | "aws ec2 delete-volume --volume-id \(.reported.id) --region \(.ancestors.region.reported.id) --profile \(.ancestors.account.reported.id)"'
aws ec2 delete-volume --volume-id vol-0adeedfc71dcbe9d5 --region eu-central-1 --profile 752466027617
aws ec2 delete-volume --volume-id vol-0ae5f3fad85b7b3c6 --region eu-central-1 --profile 625596817853
aws ec2 delete-volume --volume-id vol-0fe068d91a8aaaced --region eu-central-1 --profile 752466027617