Blog

Automate Your Auditing Settings

November 12, 2020 · by Roy Martinez ·
Categories:

I’m Roy Martinez, an Enterprise Architect in Akamai’s Global Consulting Services. My team makes up some of Akamai’s technical experts, providing our customers with the innovative designs and guidance they need to further their online business. 

In this blog, I’d like to share some code I created to help some of my customers automate auditing settings across hundreds of configurations on a regular basis to provide governance on their Akamai properties.  

This project is meant to allow teams to pull account details in order to create a snapshot in time. Our goal is to make it easier for you to get an account snapshot audited or get an offload summary for additional deep-dive analysis, and to provide a quick idea of where an account is in regard to offload. 

We have two types of audits right now, with more to come in the future:

  • Account Summary
    This audit gathers information from multiple Akamai API endpoints, providing an account resource summary (like Property Manager configurations, Enrollments (certificates), etc). You can view the output in ‘xlsx’ format.

  • Offload Summary
    This audit gathers the data collected from the total offload for each CPcode (grouped by extension or URL), the perc (percentage) of traffic that each CPcode represents to the total hits of all CPcodes reviewed, total bytes served and offloaded, and an extension offload summary for each of the CPcodes. You can view the output in ‘xlsx’ format.

You can see examples here: https://github.com/akamai-contrib/Akamai-Account-Audit/tree/master/Examples 

Account Summary

chart

When this is run, it will create a folder within the current directory under the name "Account_Name". Within this folder, the following files will be created:

Sheet Name

Purpose

Host Summary

Provides a high-level summary for each hostname under all PM Configurations and their App sec protection.

contracts

Lists all the contracts in the account.

groups

Lists all the groups in the account.

cpcodes

Lists all the CP Codes in the account.

hostnames

Pulls all the hostnames listed within the configurations. It will also list if the domain is CNAMED to Akamai, slot, and compare with the CNAME listed in the configuration.

certs

Lists all the enrollments in the account and their corresponding slot.

edgehostnames

Lists of all edge hostnames associated with this account

properties

Lists all the properties associated with the account. For each property, it will list the following details: Property name, Current version in prod and staging, latest version, and first version details. Finally, it lists all the behaviors seen in the config.

propertyBehavior

Lists all behaviors available for each property (based on property type) and checks for their use.

origins

Lists all the unique origin names defined within the configurations. It will also segregate as Customer origin or GTM Origin

secConfigs

Lists all the WAF security configurations in the account.

secMatch

Lists all the WAF security configuration match targets in the account.

secConfigbyHost

Lists all hostnames and corresponding configurations and match policies.

Host Summary

Provides a high-level summary for each hostname under all PM Configurations and their App sec protection.

Offload Summary

There are two types of offload summaries that we offer: Account offload and CPcode by extension. Below, you'll see an example of each. 

Account offload summary

chart

CPcode summary by extention

chart

This mode will collect offload data from the CPcodes provided in '--cpcodes' or if not provided it will do an account-wide review of all CPcodes. If no dates are provided it defaults to the last month.

Requirements

  • Add the API credentials with access to the Property Manager API (PAPI) In your ~/.edgerc file under a section called ‘papi’ (or indicate the '--section' parameter followed by the section name if you use something else than ‘papi’).

  • Ensure you have python 3.x.

  • As a pre-installation step, please add the libraries that are required.

pip install -r requirements.txt 

Usage

python3 akamai-audit.py [parameters]

Parameters

Purpose

--type [as|os]

[REQUIRED] as: Account Summary (default), os: Offload Summary

--switchKey

[OPTIONAL] Allows Akamai employees and some partners to run the code on other accounts they can manage by indicating the Account ID to Audit.

Account ID found here: https://control.akamai.com/apps/ids-resources/#/accounts/current

--verbose

[OPTIONAL] Print Additional details

--section

[OPTIONAL] Section to use within the .edgerc file

 Account audit example

python3 akamai-audit.py --type as

python3 akamai-audit.py --switchKey {AccountID}

Offload summary example

python3 akamai-audit.py --type os --start {YYYY-MM-DD} --end {YYYY-MM-DD} --cpcodes {CPCODE_1} {CPCODE_2} {CPCODE_3}

Argument

Purpose

--start

[OPTIONAL] Start Date in the format 'YYYY-MM-DD'. If not provided default is last month's traffic.

--end

[OPTIONAL] End Date in the format 'YYYY-MM-DD'. If not provided default is last month's traffic.

--cpcodes

[OPTIONAL] List of cpcodes to query (space-delimited). If not provided, an account-wide analysis will be done.

--groupby [ext|url]

[OPTIONAL] By default this report aggregates by URL extension but in many cases like APIs, we will not have extensions. For those cases, we can aggregate by URLs.

You might also like

Here are great resources for you if you’d like to learn more:

About the author

Roy Martinez

Roy Martinez is a photography enthusiast, but in business hours he is an enterprise architect with 10 years of industry experience. He has a strong background in full-stack web development, DevOps, web performance, cloud computing, architecture changes, and advanced edge logic implementations, which allows him to provide consulting and support for customers.