Beispiel #1
0
 def connect_elb(self):
     '''
     Connect to ELB
     '''
     try:
         for reg in elb.regions():
             if(reg.name == os.environ['AWS_DEFAULT_REGION']):
                 return elb.connect_to_region(reg.name)
         return None
     except Exception as e:
         print "%s" % e
         exit(-1)
Beispiel #2
0
 def connect_elb(self):
     '''
     Connect to ELB
     '''
     try:
         for reg in elb.regions():
             if (reg.name == os.environ['AWS_DEFAULT_REGION']):
                 return elb.connect_to_region(reg.name)
         return None
     except Exception as e:
         print "%s" % e
         exit(-1)
Beispiel #3
0
 def elb_connection(self):
     """(:class:`boto.ec2.elb.ELBConnection`) The ELB connection."""
     ec2 = self.app.ec2_connection
     region = next(r for r in regions() if r.name == ec2.region.name)
     return ELBConnection(
         aws_access_key_id=ec2.provider.access_key,
         aws_secret_access_key=ec2.provider.secret_key,
         is_secure=ec2.is_secure, port=ec2.port,
         proxy=ec2.proxy, proxy_port=ec2.proxy_port,
         proxy_user=ec2.proxy_user, proxy_pass=ec2.proxy_pass,
         debug=ec2.debug, region=region,
         security_token=ec2.provider.security_token,
         validate_certs=ec2.https_validate_certificates 
     )
Beispiel #4
0
    def slurp(self):
        """
        :returns: item_list - list of ELB's.
        :returns: exception_map - A dict where the keys are a tuple containing the
            location of the exception and the value is the actual exception

        """
        from security_monkey.common.sts_connect import connect
        item_list = []
        exception_map = {}
        for account in self.accounts:
            for region in regions():
                app.logger.debug("Checking {}/{}/{}".format(self.index, account, region.name))
                elb_conn = connect(account, 'elb', region=region.name)
                try:
                    all_elbs = elb_conn.get_all_load_balancers()
                except Exception as e:
                    if region.name not in TROUBLE_REGIONS:
                        exc = BotoConnectionIssue(str(e), self.index, account, region.name)
                        self.slurp_exception((self.index, account, region.name), exc, exception_map)
                    continue

                app.logger.debug("Found {} {}".format(len(all_elbs), self.i_am_plural))
                for elb in all_elbs:
                    
                    ### Check if this ELB is on the Ignore List ###
                    ignore_item = False
                    for ignore_item_name in IGNORE_PREFIX[self.index]:
                        if elb.name.lower().startswith(ignore_item_name.lower()):
                            ignore_item = True
                            break
          
                    if ignore_item:
                      continue                    

                    elb_map = {}
                    elb_map['availability_zones'] = list(elb.availability_zones)
                    elb_map['canonical_hosted_zone_name'] = elb.canonical_hosted_zone_name
                    elb_map['canonical_hosted_zone_name_id'] = elb.canonical_hosted_zone_name_id
                    elb_map['dns_name'] = elb.dns_name
                    elb_map['health_check'] = {'target': elb.health_check.target, 'interval': elb.health_check.interval}
                    elb_map['is_cross_zone_load_balancing'] = elb.is_cross_zone_load_balancing()
                    elb_map['scheme'] = elb.scheme
                    elb_map['security_groups'] = list(elb.security_groups)
                    elb_map['source_security_group'] = elb.source_security_group.name
                    elb_map['subnets'] = list(elb.subnets)
                    elb_map['vpc_id'] = elb.vpc_id

                    backends = []
                    for be in elb.backends:
                        backend = {}
                        backend['instance_port'] = be.instance_port
                        policies = []
                        for bepol in be.policies:
                            policies.append(bepol.policy_name)
                        backend['policies'] = policies
                        backends.append(backend)
                    elb_map['backends'] = backends

                    listeners = []
                    for li in elb.listeners:
                        listener = {}
                        listener['load_balancer_port'] = li.load_balancer_port
                        listener['instance_port'] = li.instance_port
                        listener['protocol'] = li.protocol
                        listener['instance_protocol'] = li.instance_protocol
                        listener['ssl_certificate_id'] = li.ssl_certificate_id
                        policies = []
                        for lipol in li.policy_names:
                            policies.append(lipol)
                        listener['policy_names'] = policies
                        listeners.append(listener)
                    elb_map['listeners'] = listeners

                    policies = {}
                    app_cookie_stickiness_policies = []
                    for policy in elb.policies.app_cookie_stickiness_policies:
                        app_cookie_stickiness_policy = {}
                        app_cookie_stickiness_policy['policy_name'] = policy.policy_name
                        app_cookie_stickiness_policy['cookie_name'] = policy.cookie_name
                        app_cookie_stickiness_policies.append(app_cookie_stickiness_policy)
                    policies['app_cookie_stickiness_policies'] = app_cookie_stickiness_policies

                    lb_cookie_stickiness_policies = []
                    for policy in elb.policies.lb_cookie_stickiness_policies:
                        lb_cookie_stickiness_policy = {}
                        lb_cookie_stickiness_policy['policy_name'] = policy.policy_name
                        lb_cookie_stickiness_policy['cookie_expiration_period'] = policy.cookie_expiration_period
                        lb_cookie_stickiness_policies.append(lb_cookie_stickiness_policy)
                    policies['lb_cookie_stickiness_policies'] = lb_cookie_stickiness_policies

                    policies['other_policies'] = []
                    for opol in elb.policies.other_policies:
                        policies['other_policies'].append(opol.policy_name)
                    elb_map['policies'] = policies

                    item = ELBItem(region=region.name, account=account, name=elb.name, config=elb_map)
                    item_list.append(item)
                    
        return item_list, exception_map
Beispiel #5
0
    def slurp(self):
        """
        :returns: item_list - list of ELB's.
        :returns: exception_map - A dict where the keys are a tuple containing the
            location of the exception and the value is the actual exception

        """
        self.prep_for_slurp()
        from security_monkey.common.sts_connect import connect
        item_list = []
        exception_map = {}
        for account in self.accounts:
            self._setup_botocore(account)
            for region in regions():
                app.logger.debug("Checking {}/{}/{}".format(self.index, account, region.name))
                elb_conn = connect(account, 'ec2.elb', region=region.name)

                botocore_client = self.botocore_session.create_client('elb', region_name=region.name)
                botocore_operation = botocore_client.describe_load_balancer_policies

                try:
                    all_elbs = []
                    marker = None

                    while True:
                        response = self.wrap_aws_rate_limited_call(
                            elb_conn.get_all_load_balancers,
                            marker=marker
                        )

                        # build our elb list
                        all_elbs.extend(response)

                        # ensure that we get every elb
                        if response.next_marker:
                            marker = response.next_marker
                        else:
                            break

                except Exception as e:
                    if region.name not in TROUBLE_REGIONS:
                        exc = BotoConnectionIssue(str(e), self.index, account, region.name)
                        self.slurp_exception((self.index, account, region.name), exc, exception_map)
                    continue

                app.logger.debug("Found {} {}".format(len(all_elbs), self.i_am_plural))
                for elb in all_elbs:

                    if self.check_ignore_list(elb.name):
                        continue

                    try:
                        elb_map = {}
                        elb_map['availability_zones'] = list(elb.availability_zones)
                        elb_map['canonical_hosted_zone_name'] = elb.canonical_hosted_zone_name
                        elb_map['canonical_hosted_zone_name_id'] = elb.canonical_hosted_zone_name_id
                        elb_map['dns_name'] = elb.dns_name
                        elb_map['health_check'] = {'target': elb.health_check.target, 'interval': elb.health_check.interval}
                        elb_map['is_cross_zone_load_balancing'] = self.wrap_aws_rate_limited_call(
                            elb.is_cross_zone_load_balancing
                        )
                        elb_map['scheme'] = elb.scheme
                        elb_map['security_groups'] = list(elb.security_groups)
                        elb_map['source_security_group'] = elb.source_security_group.name
                        elb_map['subnets'] = list(elb.subnets)
                        elb_map['vpc_id'] = elb.vpc_id
                        elb_map['is_logging'] = self.wrap_aws_rate_limited_call(
                            lambda: elb.get_attributes().access_log.enabled
                        )

                        backends = []
                        for be in elb.backends:
                            backend = {}
                            backend['instance_port'] = be.instance_port
                            policies = []
                            for bepol in be.policies:
                                policies.append(bepol.policy_name)
                            backend['policies'] = policies
                            backends.append(backend)
                        elb_map['backends'] = backends

                        elb_policies = self._get_listener_policies(botocore_operation, elb)
                        listeners = []
                        for li in elb.listeners:
                            listener = {
                                'load_balancer_port': li.load_balancer_port,
                                'instance_port': li.instance_port,
                                'protocol': li.protocol,
                                'instance_protocol': li.instance_protocol,
                                'ssl_certificate_id': li.ssl_certificate_id,
                                'policies': [elb_policies.get(policy_name, {"name": policy_name}) for policy_name in li.policy_names]
                            }
                            listeners.append(listener)
                        elb_map['listeners'] = listeners

                        policies = {}
                        app_cookie_stickiness_policies = []
                        for policy in elb.policies.app_cookie_stickiness_policies:
                            app_cookie_stickiness_policy = {}
                            app_cookie_stickiness_policy['policy_name'] = policy.policy_name
                            app_cookie_stickiness_policy['cookie_name'] = policy.cookie_name
                            app_cookie_stickiness_policies.append(app_cookie_stickiness_policy)
                        policies['app_cookie_stickiness_policies'] = app_cookie_stickiness_policies

                        lb_cookie_stickiness_policies = []
                        for policy in elb.policies.lb_cookie_stickiness_policies:
                            lb_cookie_stickiness_policy = {}
                            lb_cookie_stickiness_policy['policy_name'] = policy.policy_name
                            lb_cookie_stickiness_policy['cookie_expiration_period'] = policy.cookie_expiration_period
                            lb_cookie_stickiness_policies.append(lb_cookie_stickiness_policy)
                        policies['lb_cookie_stickiness_policies'] = lb_cookie_stickiness_policies

                        policies['other_policies'] = []
                        for opol in elb.policies.other_policies:
                            policies['other_policies'].append(opol.policy_name)
                        elb_map['policies'] = policies

                        item = ELBItem(region=region.name, account=account, name=elb.name, config=elb_map)
                        item_list.append(item)
                    except Exception as e:
                        self.slurp_exception((self.index, account, region.name, elb.name), e, exception_map)
                        continue

        return item_list, exception_map
Beispiel #6
0
 def regions(self, *args, **kwargs):
     return elb.regions(*args, **kwargs)
Beispiel #7
0
    def slurp(self):
        """
        :returns: item_list - list of ELB's.
        :returns: exception_map - A dict where the keys are a tuple containing the
            location of the exception and the value is the actual exception

        """
        from security_monkey.common.sts_connect import connect
        item_list = []
        exception_map = {}
        for account in self.accounts:
            for region in regions():
                app.logger.debug("Checking {}/{}/{}".format(
                    self.index, account, region.name))
                elb_conn = connect(account, 'elb', region=region.name)
                try:
                    all_elbs = []
                    marker = None

                    while True:
                        response = self.wrap_aws_rate_limited_call(
                            elb_conn.get_all_load_balancers, marker=marker)

                        # build our elb list
                        all_elbs.extend(response)

                        # ensure that we get every elb
                        if response.next_marker:
                            marker = response.next_marker
                        else:
                            break

                except Exception as e:
                    if region.name not in TROUBLE_REGIONS:
                        exc = BotoConnectionIssue(str(e), self.index, account,
                                                  region.name)
                        self.slurp_exception(
                            (self.index, account, region.name), exc,
                            exception_map)
                    continue

                app.logger.debug("Found {} {}".format(len(all_elbs),
                                                      self.i_am_plural))
                for elb in all_elbs:

                    ### Check if this ELB is on the Ignore List ###
                    ignore_item = False
                    for ignore_item_name in IGNORE_PREFIX[self.index]:
                        if elb.name.lower().startswith(
                                ignore_item_name.lower()):
                            ignore_item = True
                            break

                    if ignore_item:
                        continue

                    elb_map = {}
                    elb_map['availability_zones'] = list(
                        elb.availability_zones)
                    elb_map[
                        'canonical_hosted_zone_name'] = elb.canonical_hosted_zone_name
                    elb_map[
                        'canonical_hosted_zone_name_id'] = elb.canonical_hosted_zone_name_id
                    elb_map['dns_name'] = elb.dns_name
                    elb_map['health_check'] = {
                        'target': elb.health_check.target,
                        'interval': elb.health_check.interval
                    }
                    elb_map[
                        'is_cross_zone_load_balancing'] = self.wrap_aws_rate_limited_call(
                            elb.is_cross_zone_load_balancing)
                    elb_map['scheme'] = elb.scheme
                    elb_map['security_groups'] = list(elb.security_groups)
                    elb_map[
                        'source_security_group'] = elb.source_security_group.name
                    elb_map['subnets'] = list(elb.subnets)
                    elb_map['vpc_id'] = elb.vpc_id

                    backends = []
                    for be in elb.backends:
                        backend = {}
                        backend['instance_port'] = be.instance_port
                        policies = []
                        for bepol in be.policies:
                            policies.append(bepol.policy_name)
                        backend['policies'] = policies
                        backends.append(backend)
                    elb_map['backends'] = backends

                    listeners = []
                    for li in elb.listeners:
                        listener = {}
                        listener['load_balancer_port'] = li.load_balancer_port
                        listener['instance_port'] = li.instance_port
                        listener['protocol'] = li.protocol
                        listener['instance_protocol'] = li.instance_protocol
                        listener['ssl_certificate_id'] = li.ssl_certificate_id
                        policies = []
                        for lipol in li.policy_names:
                            policies.append(lipol)
                        listener['policy_names'] = policies
                        listeners.append(listener)
                    elb_map['listeners'] = listeners

                    policies = {}
                    app_cookie_stickiness_policies = []
                    for policy in elb.policies.app_cookie_stickiness_policies:
                        app_cookie_stickiness_policy = {}
                        app_cookie_stickiness_policy[
                            'policy_name'] = policy.policy_name
                        app_cookie_stickiness_policy[
                            'cookie_name'] = policy.cookie_name
                        app_cookie_stickiness_policies.append(
                            app_cookie_stickiness_policy)
                    policies[
                        'app_cookie_stickiness_policies'] = app_cookie_stickiness_policies

                    lb_cookie_stickiness_policies = []
                    for policy in elb.policies.lb_cookie_stickiness_policies:
                        lb_cookie_stickiness_policy = {}
                        lb_cookie_stickiness_policy[
                            'policy_name'] = policy.policy_name
                        lb_cookie_stickiness_policy[
                            'cookie_expiration_period'] = policy.cookie_expiration_period
                        lb_cookie_stickiness_policies.append(
                            lb_cookie_stickiness_policy)
                    policies[
                        'lb_cookie_stickiness_policies'] = lb_cookie_stickiness_policies

                    policies['other_policies'] = []
                    for opol in elb.policies.other_policies:
                        policies['other_policies'].append(opol.policy_name)
                    elb_map['policies'] = policies

                    item = ELBItem(region=region.name,
                                   account=account,
                                   name=elb.name,
                                   config=elb_map)
                    item_list.append(item)

        return item_list, exception_map
Beispiel #8
0
Datei: elb.py Projekt: eofs/aws
 def regions(self, *args, **kwargs):
     return elb.regions(*args, **kwargs)
Beispiel #9
0
def get_elb_regions():
    region_objects = elb.regions()
    regions = [region_object.name for region_object in region_objects]
    return regions
Beispiel #10
0
    def slurp(self):
        """
        :returns: item_list - list of ELB's.
        :returns: exception_map - A dict where the keys are a tuple containing the
            location of the exception and the value is the actual exception

        """
        self.prep_for_slurp()
        from security_monkey.common.sts_connect import connect

        item_list = []
        exception_map = {}
        for account in self.accounts:
            self._setup_botocore(account)
            for region in regions():
                app.logger.debug("Checking {}/{}/{}".format(self.index, account, region.name))
                elb_conn = connect(account, "elb", region=region.name)
                botocore_endpoint = self.botocore_elb.get_endpoint(region.name)

                try:
                    all_elbs = []
                    marker = None

                    while True:
                        response = self.wrap_aws_rate_limited_call(elb_conn.get_all_load_balancers, marker=marker)

                        # build our elb list
                        all_elbs.extend(response)

                        # ensure that we get every elb
                        if response.next_marker:
                            marker = response.next_marker
                        else:
                            break

                except Exception as e:
                    if region.name not in TROUBLE_REGIONS:
                        exc = BotoConnectionIssue(str(e), self.index, account, region.name)
                        self.slurp_exception((self.index, account, region.name), exc, exception_map)
                    continue

                app.logger.debug("Found {} {}".format(len(all_elbs), self.i_am_plural))
                for elb in all_elbs:

                    if self.check_ignore_list(elb.name):
                        continue

                    elb_map = {}
                    elb_map["availability_zones"] = list(elb.availability_zones)
                    elb_map["canonical_hosted_zone_name"] = elb.canonical_hosted_zone_name
                    elb_map["canonical_hosted_zone_name_id"] = elb.canonical_hosted_zone_name_id
                    elb_map["dns_name"] = elb.dns_name
                    elb_map["health_check"] = {"target": elb.health_check.target, "interval": elb.health_check.interval}
                    elb_map["is_cross_zone_load_balancing"] = self.wrap_aws_rate_limited_call(
                        elb.is_cross_zone_load_balancing
                    )
                    elb_map["scheme"] = elb.scheme
                    elb_map["security_groups"] = list(elb.security_groups)
                    elb_map["source_security_group"] = elb.source_security_group.name
                    elb_map["subnets"] = list(elb.subnets)
                    elb_map["vpc_id"] = elb.vpc_id

                    backends = []
                    for be in elb.backends:
                        backend = {}
                        backend["instance_port"] = be.instance_port
                        policies = []
                        for bepol in be.policies:
                            policies.append(bepol.policy_name)
                        backend["policies"] = policies
                        backends.append(backend)
                    elb_map["backends"] = backends

                    elb_policies = self._get_listener_policies(elb, botocore_endpoint)
                    listeners = []
                    for li in elb.listeners:
                        listener = {
                            "load_balancer_port": li.load_balancer_port,
                            "instance_port": li.instance_port,
                            "protocol": li.protocol,
                            "instance_protocol": li.instance_protocol,
                            "ssl_certificate_id": li.ssl_certificate_id,
                            "policies": [
                                elb_policies.get(policy_name, {"name": policy_name}) for policy_name in li.policy_names
                            ],
                        }
                        listeners.append(listener)
                    elb_map["listeners"] = listeners

                    policies = {}
                    app_cookie_stickiness_policies = []
                    for policy in elb.policies.app_cookie_stickiness_policies:
                        app_cookie_stickiness_policy = {}
                        app_cookie_stickiness_policy["policy_name"] = policy.policy_name
                        app_cookie_stickiness_policy["cookie_name"] = policy.cookie_name
                        app_cookie_stickiness_policies.append(app_cookie_stickiness_policy)
                    policies["app_cookie_stickiness_policies"] = app_cookie_stickiness_policies

                    lb_cookie_stickiness_policies = []
                    for policy in elb.policies.lb_cookie_stickiness_policies:
                        lb_cookie_stickiness_policy = {}
                        lb_cookie_stickiness_policy["policy_name"] = policy.policy_name
                        lb_cookie_stickiness_policy["cookie_expiration_period"] = policy.cookie_expiration_period
                        lb_cookie_stickiness_policies.append(lb_cookie_stickiness_policy)
                    policies["lb_cookie_stickiness_policies"] = lb_cookie_stickiness_policies

                    policies["other_policies"] = []
                    for opol in elb.policies.other_policies:
                        policies["other_policies"].append(opol.policy_name)
                    elb_map["policies"] = policies

                    item = ELBItem(region=region.name, account=account, name=elb.name, config=elb_map)
                    item_list.append(item)

        return item_list, exception_map