EBS snapshot scanning with Trivy

snapshot.sh

#!/bin/bash

AMI_ID=$1
echo $AMI_ID

KEY_NAME=xxxx
SECURITY_GROUP_ID=sg-xxxxxxxxxxx
SUBNET_ID=subnet-xxxxxxxxxxxxx
INSTANCE_TYPE=t2.micro

# Create an instance
INSTANCE_ID=$(aws ec2 run-instances --image-id $AMI_ID --instance-type $INSTANCE_TYPE --key-name $KEY_NAME --security-group-ids $SECURITY_GROUP_ID --subnet-id $SUBNET_ID --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=trivy-test}]' 'ResourceType=volume,Tags=[{Key=Name,Value=trivy-test}]' --query "Instances[0].InstanceId" --output text)
echo $INSTANCE_ID

# Wait for the instance to launch
aws ec2 wait instance-status-ok --instance-ids $INSTANCE_ID

# Describe the instance
VOLUME_ID=$(aws ec2 describe-instances --instance-ids ${INSTANCE_ID} --query "Reservations[0].Instances[0].BlockDeviceMappings[0].Ebs.VolumeId" --output text)
echo $VOLUME_ID

# Create a snapshot
SNAPSHOT_ID=$(aws ec2 create-snapshot --description trivy-test --volume-id $VOLUME_ID --query "SnapshotId" --output text)
echo $SNAPSHOT_ID

# Wait for the snapshot to complete
aws ec2 wait snapshot-completed --snapshot-ids $SNAPSHOT_ID

# Run Trivy
trivy vm --security-checks vuln -o result.txt ebs:${SNAPSHOT_ID}

# Delete the instance
aws ec2 terminate-instances --instance-ids $INSTANCE_ID

# Delete the snapshot
aws ec2 delete-snapshot --snapshot-id $SNAPSHOT_ID