A comprehensive Infrastructure as Code solution for managing Cisco Meraki dashboard administrators with automated security monitoring and compliance reporting.
🏗️ Infrastructure as Code
|
🔒 Security Monitoring
|
📊 Professional Dashboard
|
📝 Easy Management
|
Simple workflow: CSV Data → Terraform → Meraki API → Security Analysis → Web Dashboard
Before you begin, ensure you have:
# Clone or download this repository git clone https://github.com/yourusername/meraki-admin-security-tool.git cd meraki-admin-security-tool # Install Python dependencies pip install requests # Initialize Terraform terraform init
# Set your Meraki API key (recommended) export MERAKI_API_KEY="your_api_key_here" # OR create terraform.tfvars file cp terraform.tfvars.example terraform.tfvars # Edit terraform.tfvars with your API key
Edit admins.csv
with your administrator details:
email,permission_level,organization_id
admin@company.com,full,123456
readonly@company.com,read-only,123456
security@company.com,full,654321
analyst@company.com,read-only,654321
# Preview changes terraform plan # Apply configuration terraform apply
# Export data for dashboard ./export_outputs.sh # Start web server (optional) cd web_ui python3 -m http.server 8080 # Open http://localhost:8080/dashboard.html
# Required: Meraki API Key export MERAKI_API_KEY="your_meraki_api_key" # Optional: Debug mode export TF_LOG=DEBUG # Optional: Custom CSV file location export TF_VAR_admins_csv_file="custom_admins.csv"
Variable | Description | Default | Example |
---|---|---|---|
meraki_api_key |
Meraki Dashboard API Key | null |
"abc123..." |
admins_csv_file |
Path to administrators CSV | "admins.csv" |
"data/admins.csv" |
api_inactivity_threshold_days |
Days before flagging inactive API usage | 30 |
45 |
The administrators CSV file requires these columns:
full
or read-only
Example CSV Format:
email,permission_level,organization_id
john.admin@company.com,full,123456
jane.readonly@company.com,read-only,123456
security.team@company.com,full,654321
The tool automatically identifies administrators who pose security risks:
# Example security validation is_high_risk = ( not two_factor_enabled or (has_api_key and last_usage > 30_days_ago) or (has_api_key and never_used_api) )
Create .github/workflows/security-check.yml
:
name: Daily Security Check on: schedule: - cron: '0 9 * * *' # Daily at 9 AM workflow_dispatch: jobs: security-check: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup Terraform uses: hashicorp/setup-terraform@v2 - name: Run Security Assessment env: MERAKI_API_KEY: ${{ secrets.MERAKI_API_KEY }} run: | terraform init terraform apply -auto-approve ./export_outputs.sh - name: Upload Security Report uses: actions/upload-artifact@v3 with: name: security-report path: web_ui/terraform_outputs.json
# Add to crontab for daily checks 0 9 * * * cd /path/to/project && terraform apply -auto-approve && ./export_outputs.sh
Automated Workflow: Schedule → Security Scan → Risk Assessment → Report Generation → Notification
email,permission_level,organization_id
admin@company.com,full,123456
admin@company.com,read-only,654321
regional@company.com,full,789012
# terraform.tfvars api_inactivity_threshold_days = 45 # Custom threshold
# Export data for external processing terraform output -json > security_data.json # Send to monitoring system curl -X POST -H "Content-Type: application/json" \ -d @security_data.json \ https://your-monitoring-system.com/api/security-reports
# Solution: Add delays between operations export TF_LOG=DEBUG terraform apply # Check rate limit status curl -H "X-Cisco-Meraki-API-Key: $MERAKI_API_KEY" \ https://api.meraki.com/api/v1/organizations
# Verify API key permissions terraform output admin_summary # Check organization access curl -H "X-Cisco-Meraki-API-Key: $MERAKI_API_KEY" \ "https://api.meraki.com/api/v1/organizations/YOUR_ORG_ID/admins"
# Validate CSV format python3 -c "import csv; print(list(csv.DictReader(open('admins.csv'))))"
Enable detailed debug output for troubleshooting:
export TF_LOG=DEBUG
terraform apply
Metric | Small Org | Medium Org | Large Org |
---|---|---|---|
Administrators | 1-10 | 11-100 | 100+ |
Execution Time | <30s | 1-3 min | 3-10 min |
Memory Usage | <50MB | 50-200MB | 200MB+ |
API Calls | 10-20 | 50-150 | 200+ |
# Parallel execution for large deployments terraform apply -parallelism=10 # Reduced API calls with caching export TF_LOG=WARN # Reduce logging overhead
# Secure file permissions chmod 600 terraform.tfvars chmod 600 *.tfstate chmod +x scripts/*.py
We welcome contributions! Please see our Contributing Guidelines.
# Fork and clone repository git clone https://github.com/yourusername/meraki-admin-security-tool.git cd meraki-admin-security-tool # Install development dependencies pip install requests pytest # Run tests terraform validate python3 -m pytest tests/ (if tests exist) # Format code terraform fmt
Have an idea? Create a discussion or open an issue!
Popular requested features:
# View security summary terraform output admin_security_report # Check risky administrators terraform output risky_admins_alert # View compliance metrics terraform output two_factor_compliance # API usage statistics terraform output api_usage_summary
{ "risky_admins_alert": { "count": 2, "message": "Security risks detected", "details": { "admin@company.com": { "email": "admin@company.com", "organization_id": "123456", "reasons": ["2FA not enabled", "Has API key but never used APIs"] } } } }
meraki-admin-security-tool/
├── README.md # This file
├── LICENSE # MIT License
├── main.tf # Main Terraform configuration
├── variables.tf # Variable definitions
├── outputs.tf # Output definitions
├── terraform.tfvars.example # Example variables file
├── admins.csv # Administrator definitions
├── export_outputs.sh # Export script for web UI
├── scripts/
│ └── check_2fa_status.py # Security monitoring script
├── web_ui/
│ └── dashboard.html # Professional security dashboard
└── docs/
├── INSTALLATION.md # Detailed installation guide
└── TROUBLESHOOTING.md # Common issues and solutions
This project is licensed under the MIT License - see the LICENSE file for details.
MIT License - Feel free to use, modify, and distribute
Commercial use ✅ | Private use ✅ | Modification ✅ | Distribution ✅
Type | Link | Description |
---|---|---|
📖 Documentation | Wiki | Detailed guides and examples |
🐛 Bug Reports | Issues | Report bugs and request features |
💬 Discussions | Discussions | Ask questions and share ideas |
📧 Contact | Direct support contact |
⭐ If this tool helps you manage Meraki administrators more securely, please star the repository!
Made with ❤️ for the Cisco community
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community