feat(core): Script for generating config rules configuration for acce… (aws-samples#530)

* feat(core): Script for generating config rules configuration for accelerator
* Update README.md

Co-authored-by: Brian969 <[email protected]>

Author: naveenkoppula

reference-artifacts/Custom-Scripts/Conformance-Pack-Converter/README.md

@@ -0,0 +1,18 @@
+## AWS Config Rules Configuration generator script
+
+This script take an AWS Conformance pack template (cloudformation yaml/json) found [here](https://docs.aws.amazon.com/config/latest/developerguide/conformancepack-sample-templates.html) as input and generates a configuration file containing the corresponding config rules and parameters formatted for consumption by the AWS Secure Environment Accelerator. 
+
+### Usage
+
+``` 
+usage: generate-config-rules.py [-h] --path PATH [--outputFormat {json,yaml}]
+                                [--inputFormat {json,yaml}] 
+```
+
+### Example
+
+```
+    python generate-config-rules.py --path=/Users/Desktop/config --outputFormat=yaml
+```
+
+

reference-artifacts/Custom-Scripts/Conformance-Pack-Converter/generate-config-rules.py

@@ -0,0 +1,92 @@
+import yaml
+import argparse
+import json
+import os
+
+
+pseudo_params = ['AWS::AccountId', 'AWS::NotificationARNs', 'AWS::Partition',
+                 'AWS::Region', 'AWS::StackId', 'AWS::StackName', 'AWS::URLSuffix']
+none_param = 'AWS::NoValue'
+rules = []
+ruleNames = []
+
+def generate_config(input_path, input_format, output_format):
+    files = (file for file in os.listdir(input_path)
+             if os.path.isfile(os.path.join(input_path, file)))
+    for file_name in files:
+        if not file_name.endswith(input_format):
+            continue
+        with open(os.path.join(input_path, file_name)) as f:
+            if input_format == 'yaml':
+                data = yaml.load(f, Loader=yaml.FullLoader)
+        generate_config_impl(data)
+    
+    with open(os.path.join(input_path, 'output',  'accel-config-rules.' + output_format), 'w') as writefile:
+        print("Created Config Rules configuration in  : %s" %
+              os.path.join(input_path, 'output',  'accel-config-rules.' + output_format))
+        if output_format == 'json':
+            json.dump(rules, writefile, indent=2)
+            print(json.dumps(ruleNames))
+        else:
+            yaml.dump(rules, writefile, indent=2)
+            print(yaml.dump(ruleNames))
+
+
+def generate_config_impl(data):
+    parameters = data.get("Parameters", [])
+    resources = data.get("Resources", {})
+    for name, props in resources.items():
+        rule = {}
+        if props['Type'] != "AWS::Config::ConfigRule":
+            continue
+        if not props["Properties"]["Source"] or props["Properties"]["Source"]["Owner"] != 'AWS':
+            continue
+        rule['name'] = props["Properties"]["Source"]["SourceIdentifier"]
+        ruleNames.append(props["Properties"]["Source"]["SourceIdentifier"])
+        for param_name, value in props["Properties"].get("InputParameters", {}).items():
+            if 'parameters' not in rule:
+                rule['parameters'] = {}
+            if not isinstance(value, dict):
+                rule['parameters'][param_name] = value
+            else:
+                if 'Ref' in value:
+                    if parameters.get(value['Ref']) and parameters.get(value['Ref']).get('Default'):
+                        rule['parameters'][param_name] = parameters[value['Ref']]['Default']
+                elif 'Fn::If' in value:
+                    true_val = value['Fn::If'][1]
+                    false_val = value['Fn::If'][2] if len(
+                        value['Fn::If']) > 2 else None
+                    if isinstance(true_val, dict) and 'Ref' in true_val:
+                        if parameters.get(true_val['Ref']):
+                            if true_val['Ref'] in pseudo_params:
+                                rule['parameters'][param_name] = true_val['Ref']
+                            elif parameters.get(true_val['Ref']).get('Default'):
+                                rule['parameters'][param_name] = parameters[true_val['Ref']]['Default']
+                    elif isinstance(true_val, str):
+                        rule['parameters'][param_name] = true_val
+                    elif isinstance(false_val, dict):
+                        if parameters.get(false_val['Ref']):
+                            if false_val['Ref'] in pseudo_params:
+                                rule['parameters'][param_name] = false_val['Ref']
+                            elif parameters.get(false_val['Ref']).get('Default'):
+                                rule['parameters'][param_name] = parameters[false_val['Ref']]['Default']
+                    elif isinstance(false_val, str):
+                        rule['parameters'][param_name] = false_val
+                if param_name not in rule["parameters"]:
+                    rule['parameters'][param_name] = "${REPLACE::%s}" % param_name
+        rules.append(rule)
+    return
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description='Generate Config Options')
+    parser.add_argument('--path', required=True,
+                        help='Input File path', default=os.path.expanduser('~'))
+    parser.add_argument('--outputFormat', required=False,
+                        choices=['json', 'yaml'], help='json/yaml', default='json')
+    parser.add_argument('--inputFormat', required=False,
+                        choices=['json', 'yaml'], help='json/yaml', default='yaml')
+    args = parser.parse_args()
+    if not os.path.exists(os.path.join(args.path, 'output')):
+        os.mkdir(os.path.join(args.path, 'output'))
+    generate_config(args.path, args.inputFormat, args.outputFormat)