Python ResourceDigest Beispiele

Beispiel #1

    def get_resources(self) -> List[Resource]:
        client = self.vpc_options.client("ec2")

        resources_found = []

        filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]

        response = client.describe_security_groups(Filters=filters)

        if self.vpc_options.verbose:
            message_handler("Collecting data from Security Groups...",
                            "HEADER")

        for data in response["SecurityGroups"]:
            group_digest = ResourceDigest(id=data["GroupId"],
                                          type="aws_security_group")
            resources_found.append(
                Resource(
                    digest=group_digest,
                    name=data["GroupName"],
                    details="",
                    group="network",
                    tags=resource_tags(data),
                ))
            self.relations_found.append(
                ResourceEdge(from_node=group_digest,
                             to_node=self.vpc_options.vpc_digest()))

        return resources_found

Beispiel #2

Datei: DYNAMODB.py Projekt: requix/cloudiscovery

    def imdsv2_check(self, imdsv2_check):

        client = self.options.client("ec2")

        instances = client.describe_instances()["Reservations"]

        resources_found = []

        for instance in instances:
            for instance_detail in instance["Instances"]:
                if (instance_detail["MetadataOptions"]["HttpEndpoint"]
                        == "enabled"
                        and instance_detail["MetadataOptions"]["HttpTokens"]
                        == "optional"):
                    resources_found.append(
                        Resource(
                            digest=ResourceDigest(
                                id=instance_detail["InstanceId"],
                                type="imdsv2_check"),
                            details="IMDSv2 tokens not enforced",
                            name=instance_detail["InstanceId"],
                            group="ddb_security",
                            security=SecurityValues(
                                status="CRITICAL",
                                parameter="imdsv2_check",
                                value="False",
                            ),
                        ))

        return resources_found

Beispiel #3

    def get_resources(self) -> List[Resource]:
        client = self.vpc_options.client("ec2")

        resources_found = []

        filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]

        response = client.describe_subnets(Filters=filters)

        if self.vpc_options.verbose:
            message_handler("Collecting data from Subnets...", "HEADER")

        for data in response["Subnets"]:
            nametag = get_name_tag(data)

            name = data["SubnetId"] if nametag is None else nametag

            subnet_digest = ResourceDigest(id=data["SubnetId"],
                                           type="aws_subnet")
            resources_found.append(
                Resource(
                    digest=subnet_digest,
                    name=name,
                    details="Subnet using CidrBlock {} and AZ {}".format(
                        data["CidrBlock"], data["AvailabilityZone"]),
                    group="network",
                    tags=resource_tags(data),
                ))

            self.relations_found.append(
                ResourceEdge(from_node=subnet_digest,
                             to_node=self.vpc_options.vpc_digest()))

        return resources_found

Beispiel #4

    def analyze_bucket(self, client, data):
        try:
            documentpolicy = client.get_bucket_policy(Bucket=data["Name"])
        except ClientError:
            return False, None

        document = json.dumps(documentpolicy, default=datetime_to_string)

        # check either vpc_id or potential subnet ip are found
        ipvpc_found = check_ipvpc_inpolicy(document=document,
                                           vpc_options=self.vpc_options)

        if ipvpc_found is True:
            tags_response = client.get_bucket_tagging(Bucket=data["Name"])
            digest = ResourceDigest(id=data["Name"],
                                    type="aws_s3_bucket_policy")
            self.relations_found.append(
                ResourceEdge(from_node=digest,
                             to_node=self.vpc_options.vpc_digest()))
            return (
                True,
                Resource(
                    digest=digest,
                    name=data["Name"],
                    details="",
                    group="storage",
                    tags=resource_tags(tags_response),
                ),
            )
        return False, None

Beispiel #5

Datei: DYNAMODB.py Projekt: requix/cloudiscovery

    def pitr_enabled(self, pitr_enabled):

        client = self.options.client("dynamodb")

        tables = client.list_tables()["TableNames"]

        resources_found = []

        for table in tables:
            if (client.describe_continuous_backups(
                    TableName=table)["ContinuousBackupsDescription"]
                ["PointInTimeRecoveryDescription"]["PointInTimeRecoveryStatus"]
                    == "DISABLED"):
                resources_found.append(
                    Resource(
                        digest=ResourceDigest(id=table, type="pitr_enabled"),
                        details="PITR disabled",
                        name=table,
                        group="ddb_security",
                        security=SecurityValues(
                            status="CRITICAL",
                            parameter="pitr_enabled",
                            value="False",
                        ),
                    ))

        return resources_found

Beispiel #6

    def ebs_encryption(self, ebs_encryption):

        client = self.options.client("ec2")

        volumes = client.describe_volumes()["Volumes"]

        resources_found = []

        for volume in volumes:
            if volume["Encrypted"] is False:
                resources_found.append(
                    Resource(
                        digest=ResourceDigest(id=volume["VolumeId"],
                                              type="ebs_encryption"),
                        details="This volume is not encypted.",
                        name=volume["VolumeId"],
                        group="ec2_security",
                        security=SecurityValues(
                            status="CRITICAL",
                            parameter="ebs_encryption",
                            value="False",
                        ),
                    ))

        return resources_found

Beispiel #7

Datei: security.py Projekt: requix/cloudiscovery

    def analyze_policy(self, client, data):

        documentpolicy = client.get_policy_version(
            PolicyArn=data["Arn"], VersionId=data["DefaultVersionId"])

        document = json.dumps(documentpolicy, default=datetime_to_string)

        # check either vpc_id or potential subnet ip are found
        ipvpc_found = check_ipvpc_inpolicy(document=document,
                                           vpc_options=self.vpc_options)

        if ipvpc_found is True:
            digest = ResourceDigest(id=data["Arn"], type="aws_iam_policy")
            self.relations_found.append(
                ResourceEdge(from_node=digest,
                             to_node=self.vpc_options.vpc_digest()))
            return (
                True,
                Resource(
                    digest=digest,
                    name=data["PolicyName"],
                    details="IAM Policy version {}".format(
                        data["DefaultVersionId"]),
                    group="security",
                ),
            )

        return False, None

Beispiel #8

    def analyze_restapi(self, data):

        if "policy" in data:
            documentpolicy = data["policy"]
        else:
            return False, None

        document = json.dumps(documentpolicy, default=datetime_to_string)

        # check either vpc_id or potential subnet ip are found
        ipvpc_found = check_ipvpc_inpolicy(document=document,
                                           vpc_options=self.vpc_options)

        if ipvpc_found is not False:
            digest = ResourceDigest(id=data["id"],
                                    type="aws_api_gateway_rest_api")
            self.relations_found.append(
                ResourceEdge(from_node=digest,
                             to_node=self.vpc_options.vpc_digest()))
            return (
                True,
                Resource(
                    digest=digest,
                    name=data["name"],
                    details="",
                    group="network",
                    tags=resource_tags(data),
                ),
            )
        return False, None

Beispiel #9

Datei: compute.py Projekt: requix/cloudiscovery

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("emr")

        resources_found = []

        response = client.list_clusters()

        if self.vpc_options.verbose:
            message_handler("Collecting data from EMR Clusters...", "HEADER")

        for data in response["Clusters"]:

            cluster = client.describe_cluster(ClusterId=data["Id"])

            # Using subnet to check VPC
            subnets = describe_subnet(
                vpc_options=self.vpc_options,
                subnet_ids=cluster["Cluster"]["Ec2InstanceAttributes"]["Ec2SubnetId"],
            )

            if subnets is not None:

                if subnets["Subnets"][0]["VpcId"] == self.vpc_options.vpc_id:
                    digest = ResourceDigest(id=data["Id"], type="aws_emr_cluster")
                    resources_found.append(
                        Resource(
                            digest=digest,
                            name=data["Name"],
                            details="",
                            group="compute",
                            tags=resource_tags(cluster["Cluster"]),
                        )
                    )
                    self.relations_found.append(
                        ResourceEdge(
                            from_node=digest,
                            to_node=ResourceDigest(
                                id=cluster["Cluster"]["Ec2InstanceAttributes"][
                                    "Ec2SubnetId"
                                ],
                                type="aws_subnet",
                            ),
                        )
                    )

        return resources_found

Beispiel #10

Datei: database.py Projekt: requix/cloudiscovery

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("elasticache")

        resources_found = []

        # get all cache clusters
        response = client.describe_cache_clusters()

        if self.vpc_options.verbose:
            message_handler("Collecting data from Elasticache Clusters...", "HEADER")

        # iterate cache clusters to get subnet groups
        for data in response["CacheClusters"]:

            cachesubnet = client.describe_cache_subnet_groups(
                CacheSubnetGroupName=data["CacheSubnetGroupName"]
            )

            if cachesubnet["CacheSubnetGroups"][0]["VpcId"] == self.vpc_options.vpc_id:
                ec_digest = ResourceDigest(
                    id=data["CacheClusterId"], type="aws_elasticache_cluster"
                )
                subnet_ids = []
                for subnet in cachesubnet["CacheSubnetGroups"][0]["Subnets"]:
                    subnet_ids.append(subnet["SubnetIdentifier"])
                    self.relations_found.append(
                        ResourceEdge(
                            from_node=ec_digest,
                            to_node=ResourceDigest(
                                id=subnet["SubnetIdentifier"], type="aws_subnet"
                            ),
                        )
                    )

                resources_found.append(
                    Resource(
                        digest=ec_digest,
                        name=data["CacheSubnetGroupName"],
                        details="Elasticache Cluster using subnets {} and engine {}".format(
                            ", ".join(subnet_ids), data["Engine"]
                        ),
                        group="database",
                    )
                )

        return resources_found

Beispiel #11

Datei: database.py Projekt: requix/cloudiscovery

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("neptune")

        resources_found = []

        response = client.describe_db_instances(
            Filters=[{"Name": "engine", "Values": ["neptune"]}]
        )

        if self.vpc_options.verbose:
            message_handler("Collecting data from Neptune Instances...", "HEADER")

        # iterate cache clusters to get subnet groups
        for data in response["DBInstances"]:

            if data["DBSubnetGroup"]["VpcId"] == self.vpc_options.vpc_id:
                tags_response = client.list_tags_for_resource(
                    ResourceName=data["DBInstanceArn"]
                )
                neptune_digest = ResourceDigest(
                    id=data["DBInstanceArn"], type="aws_neptune_cluster"
                )
                subnet_ids = []
                for subnet in data["DBSubnetGroup"]["Subnets"]:
                    subnet_ids.append(subnet["SubnetIdentifier"])
                    self.relations_found.append(
                        ResourceEdge(
                            from_node=neptune_digest,
                            to_node=ResourceDigest(
                                id=subnet["SubnetIdentifier"], type="aws_subnet"
                            ),
                        )
                    )
                resources_found.append(
                    Resource(
                        digest=neptune_digest,
                        name=data["DBInstanceIdentifier"],
                        details="Neptune using subnets {} and engine {}".format(
                            ", ".join(subnet_ids), data["Engine"]
                        ),
                        group="database",
                        tags=resource_tags(tags_response),
                    )
                )

        return resources_found

Beispiel #12

Datei: analytics.py Projekt: requix/cloudiscovery

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("kafka")

        resources_found = []

        # get all cache clusters
        response = client.list_clusters()

        if self.vpc_options.verbose:
            message_handler("Collecting data from MSK Clusters...", "HEADER")

        # iterate cache clusters to get subnet groups
        for data in response["ClusterInfoList"]:

            msk_subnets = ", ".join(
                data["BrokerNodeGroupInfo"]["ClientSubnets"])

            ec2 = self.vpc_options.session.resource(
                "ec2", region_name=self.vpc_options.region_name)

            filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]

            subnets = ec2.subnets.filter(Filters=filters)

            for subnet in list(subnets):

                if subnet.id in msk_subnets:
                    digest = ResourceDigest(id=data["ClusterArn"],
                                            type="aws_msk_cluster")
                    resources_found.append(
                        Resource(
                            digest=digest,
                            name=data["ClusterName"],
                            details="",
                            group="analytics",
                            tags=resource_tags(data),
                        ))
                    self.relations_found.append(
                        ResourceEdge(
                            from_node=digest,
                            to_node=ResourceDigest(id=subnet.id,
                                                   type="aws_subnet"),
                        ))

                    break
        return resources_found

Beispiel #13

Datei: compute.py Projekt: nathanaelassis/cloudiscovery

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("autoscaling")

        resources_found = []

        response = client.describe_auto_scaling_groups()

        if self.vpc_options.verbose:
            message_handler("Collecting data from Autoscaling Groups...",
                            "HEADER")

        for data in response["AutoScalingGroups"]:

            asg_subnets = data["VPCZoneIdentifier"].split(",")

            # Using subnet to check VPC
            subnets = describe_subnet(vpc_options=self.vpc_options,
                                      subnet_ids=asg_subnets)

            if subnets is not None:
                # Iterate subnet to get VPC
                for data_subnet in subnets["Subnets"]:

                    if data_subnet["VpcId"] == self.vpc_options.vpc_id:
                        asg_name = data["AutoScalingGroupName"]
                        digest = ResourceDigest(id=asg_name,
                                                type="aws_autoscaling_group")
                        resources_found.append(
                            Resource(
                                digest=digest,
                                name=asg_name,
                                details="Using LaunchConfigurationName {0}".
                                format(data["LaunchConfigurationName"]),
                                group="compute",
                                tags=resource_tags(data),
                            ))
                        self.relations_found.append(
                            ResourceEdge(
                                from_node=digest,
                                to_node=ResourceDigest(
                                    id=data_subnet["SubnetId"],
                                    type="aws_subnet"),
                            ))

        return resources_found

Beispiel #14

    def get_resources(self) -> List[Resource]:

        client = self.iot_options.client("iot")

        resources_found = []

        if self.iot_options.verbose:
            message_handler("Collecting data from IoT Policies...", "HEADER")

        for thing in self.iot_options.thing_name["things"]:

            response = client.list_thing_principals(thingName=thing["thingName"])

            for data in response["principals"]:

                policies = client.list_principal_policies(principal=data)

                for policy in policies["policies"]:
                    data_policy = client.get_policy(policyName=policy["policyName"])
                    tag_response = client.list_tags_for_resource(
                        resourceArn=data_policy["policyArn"]
                    )

                    iot_policy_digest = ResourceDigest(
                        id=data_policy["policyArn"], type="aws_iot_policy"
                    )
                    resources_found.append(
                        Resource(
                            digest=iot_policy_digest,
                            name=data_policy["policyName"],
                            details="",
                            group="iot",
                            tags=resource_tags(tag_response),
                        )
                    )

                    self.relations_found.append(
                        ResourceEdge(
                            from_node=iot_policy_digest,
                            to_node=ResourceDigest(
                                id=thing["thingName"], type="aws_iot_thing"
                            ),
                        )
                    )

        return resources_found

Beispiel #15

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("ec2")

        resources_found = []

        filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]

        response = client.describe_nat_gateways(Filters=filters)

        if self.vpc_options.verbose:
            message_handler("Collecting data from NAT Gateways...", "HEADER")

        for data in response["NatGateways"]:

            if data["VpcId"] == self.vpc_options.vpc_id and data[
                    "State"] != "deleted":
                nametag = get_name_tag(data)

                name = data["NatGatewayId"] if nametag is None else nametag

                nat_digest = ResourceDigest(id=data["NatGatewayId"],
                                            type="aws_nat_gateway")
                resources_found.append(
                    Resource(
                        digest=nat_digest,
                        name=name,
                        details=
                        "NAT Gateway Private IP {}, Public IP {}, Subnet id {}"
                        .format(
                            data["NatGatewayAddresses"][0]["PrivateIp"],
                            data["NatGatewayAddresses"][0]["PublicIp"],
                            data["SubnetId"],
                        ),
                        group="network",
                        tags=resource_tags(data),
                    ))
                self.relations_found.append(
                    ResourceEdge(
                        from_node=nat_digest,
                        to_node=ResourceDigest(id=data["SubnetId"],
                                               type="aws_subnet"),
                    ))

        return resources_found

Beispiel #16

    def get_resources(self) -> List[Resource]:

        client = self.iot_options.client("iot")

        resources_found = []

        if self.iot_options.verbose:
            message_handler("Collecting data from IoT Jobs...", "HEADER")

        for thing in self.iot_options.thing_name["things"]:

            client.describe_thing(thingName=thing["thingName"])

            jobs = client.list_jobs()

            for job in jobs["jobs"]:

                data_job = client.describe_job(jobId=job["jobId"])

                # Find THING name in targets things
                for target in data_job["job"]["targets"]:

                    if thing["thingName"] in target:
                        iot_job_digest = ResourceDigest(id=job["jobId"],
                                                        type="aws_iot_job")
                        tag_response = client.list_tags_for_resource(
                            resourceArn=job["jobArn"])
                        resources_found.append(
                            Resource(
                                digest=iot_job_digest,
                                name=job["jobId"],
                                details="",
                                group="iot",
                                tags=resource_tags(tag_response),
                            ))

                        self.relations_found.append(
                            ResourceEdge(
                                from_node=iot_job_digest,
                                to_node=ResourceDigest(id=thing["thingName"],
                                                       type="aws_iot_thing"),
                            ))

        return resources_found

Beispiel #17

    def get_resources(self) -> List[Resource]:

        client = self.iot_options.client("iot")

        resources_found = []

        if self.iot_options.verbose:
            message_handler("Collecting data from IoT Billing Group...",
                            "HEADER")

        for thing in self.iot_options.thing_name["things"]:

            response = client.describe_thing(thingName=thing["thingName"])

            billing_groups = client.list_billing_groups()

            for billing_group in billing_groups["billingGroups"]:

                # billingGroupName is not mandatory in IoT Thing
                if "billingGroupName" in response:

                    if billing_group["groupName"] == response[
                            "billingGroupName"]:
                        iot_billing_group_digest = ResourceDigest(
                            id=billing_group["groupArn"],
                            type="aws_iot_billing_group")
                        tag_response = client.list_tags_for_resource(
                            resourceArn=billing_group["groupArn"])
                        resources_found.append(
                            Resource(
                                digest=iot_billing_group_digest,
                                name=billing_group["groupName"],
                                details="",
                                group="iot",
                                tags=resource_tags(tag_response),
                            ))

                        self.relations_found.append(
                            ResourceEdge(
                                from_node=iot_billing_group_digest,
                                to_node=ResourceDigest(id=thing["thingName"],
                                                       type="aws_iot_thing"),
                            ))
        return resources_found

Beispiel #18

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("elbv2")

        resources_found = []

        response = client.describe_load_balancers()

        if self.vpc_options.verbose:
            message_handler(
                "Collecting data from Application Load Balancers...", "HEADER")

        for data in response["LoadBalancers"]:

            if data["VpcId"] == self.vpc_options.vpc_id:
                tags_response = client.describe_tags(
                    ResourceArns=[data["LoadBalancerArn"]])
                elb_digest = ResourceDigest(id=data["LoadBalancerName"],
                                            type="aws_elb")

                subnet_ids = []
                for availabilityZone in data["AvailabilityZones"]:
                    subnet_ids.append(availabilityZone["SubnetId"])
                    self.relations_found.append(
                        ResourceEdge(
                            from_node=elb_digest,
                            to_node=ResourceDigest(
                                id=availabilityZone["SubnetId"],
                                type="aws_subnet"),
                        ))

                resources_found.append(
                    Resource(
                        digest=elb_digest,
                        name=data["LoadBalancerName"],
                        details="",
                        group="network",
                        tags=resource_tags(
                            tags_response["TagDescriptions"][0]),
                    ))

        return resources_found

Beispiel #19

Datei: test_shared_command.py Projekt: requix/cloudiscovery

    def test_one_type_filter_resource(self):
        resources = filter_resources(
            [
                Resource(
                    digest=ResourceDigest(id="1", type="type1"),
                    name="name",
                    tags=[ResourceTag(key="key", value="value")],
                ),
                Resource(
                    digest=ResourceDigest(id="2", type="type2"),
                    name="name",
                    tags=[ResourceTag(key="key", value="wrong")],
                ),
            ],
            [ResourceType(type="type1")],
        )

        assert_that(resources).is_length(1)
        assert_that(resources[0].digest).is_equal_to(
            ResourceDigest(id="1", type="type1"))

Beispiel #20

def aggregate_subnets(groups, group_type, group_name):
    if group_type in groups:
        subnet_ids = []
        for subnet in groups[group_type]:
            subnet_ids.append(subnet.digest.id)
        groups[""].append(
            Resource(
                digest=ResourceDigest(id=group_type, type="aws_subnet"),
                name=group_name + ", ".join(subnet_ids),
                details=", ".join(subnet_ids),
            ))

Beispiel #21

Datei: security.py Projekt: requix/cloudiscovery

 def analyze_relations(self, resource):
     relations_found = []
     response = self.client.list_attached_group_policies(
         GroupName=resource.name)
     for policy in response["AttachedPolicies"]:
         relations_found.append(
             ResourceEdge(
                 from_node=resource.digest,
                 to_node=ResourceDigest(id=policy["PolicyArn"],
                                        type="aws_iam_policy"),
             ))
     return relations_found

Beispiel #22

 def test_file_generation(self):
     general_resources = [
         Resource(
             digest=ResourceDigest(id="123", type="aws_vpc"),
             name="name",
             details="details",
         )
     ]
     grouped_resources = {"": general_resources}
     relations = []
     result = self.sut.build_diagram(grouped_resources, relations)
     assert_that(result).starts_with(MX_FILE[:200])

Beispiel #23

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("ec2")

        resources_found = []

        filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]

        response = client.describe_network_acls(Filters=filters)

        if self.vpc_options.verbose:
            message_handler("Collecting data from NACLs...", "HEADER")

        for data in response["NetworkAcls"]:
            nacl_digest = ResourceDigest(id=data["NetworkAclId"],
                                         type="aws_network_acl")

            subnet_ids = []
            for subnet in data["Associations"]:
                subnet_ids.append(subnet["SubnetId"])
                self.relations_found.append(
                    ResourceEdge(
                        from_node=nacl_digest,
                        to_node=ResourceDigest(id=subnet["SubnetId"],
                                               type="aws_subnet"),
                    ))

            nametag = get_name_tag(data)
            name = data["NetworkAclId"] if nametag is None else nametag
            resources_found.append(
                Resource(
                    digest=nacl_digest,
                    name=name,
                    details="NACL using Subnets {}".format(
                        ", ".join(subnet_ids)),
                    group="network",
                    tags=resource_tags(data),
                ))

        return resources_found

Beispiel #24

Datei: compute.py Projekt: requix/cloudiscovery

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("eks")

        resources_found = []

        response = client.list_clusters()

        if self.vpc_options.verbose:
            message_handler("Collecting data from EKS Clusters...", "HEADER")

        for data in response["clusters"]:

            cluster = client.describe_cluster(name=data)

            if (
                cluster["cluster"]["resourcesVpcConfig"]["vpcId"]
                == self.vpc_options.vpc_id
            ):
                digest = ResourceDigest(
                    id=cluster["cluster"]["arn"], type="aws_eks_cluster"
                )
                resources_found.append(
                    Resource(
                        digest=digest,
                        name=cluster["cluster"]["name"],
                        details="",
                        group="compute",
                        tags=resource_tags(data),
                    )
                )
                for subnet_id in cluster["cluster"]["resourcesVpcConfig"]["subnetIds"]:
                    self.relations_found.append(
                        ResourceEdge(
                            from_node=digest,
                            to_node=ResourceDigest(id=subnet_id, type="aws_subnet"),
                        )
                    )

        return resources_found

Beispiel #25

Datei: compute.py Projekt: requix/cloudiscovery

    def get_resources(self) -> List[Resource]:
        client = self.vpc_options.client("lambda")

        if self.vpc_options.verbose:
            message_handler("Collecting data from Lambda Functions...", "HEADER")

        paginator = client.get_paginator("list_functions")
        pages = paginator.paginate()

        resources_found = []
        for response in pages:
            for data in response["Functions"]:
                if (
                    "VpcConfig" in data
                    and data["VpcConfig"]["VpcId"] == self.vpc_options.vpc_id
                ):
                    lambda_digest = ResourceDigest(
                        id=data["FunctionArn"], type="aws_lambda_function"
                    )
                    for subnet_id in data["VpcConfig"]["SubnetIds"]:
                        self.relations_found.append(
                            ResourceEdge(
                                from_node=lambda_digest,
                                to_node=ResourceDigest(id=subnet_id, type="aws_subnet"),
                            )
                        )
                    list_tags_response = client.list_tags(Resource=data["FunctionArn"])

                    resources_found.append(
                        Resource(
                            digest=lambda_digest,
                            name=data["FunctionName"],
                            details="",
                            group="compute",
                            tags=resource_tags(list_tags_response),
                        )
                    )

        return resources_found

Beispiel #26

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("ec2")

        resources_found = []

        response = client.describe_vpc_peering_connections()

        if self.vpc_options.verbose:
            message_handler("Collecting data from VPC Peering...", "HEADER")

        for data in response["VpcPeeringConnections"]:

            if (data["AccepterVpcInfo"]["VpcId"] == self.vpc_options.vpc_id
                    or data["RequesterVpcInfo"]["VpcId"]
                    == self.vpc_options.vpc_id):
                nametag = get_name_tag(data)

                name = data[
                    "VpcPeeringConnectionId"] if nametag is None else nametag

                peering_digest = ResourceDigest(
                    id=data["VpcPeeringConnectionId"],
                    type="aws_vpc_peering_connection",
                )
                resources_found.append(
                    Resource(
                        digest=peering_digest,
                        name=name,
                        details=
                        "Vpc Peering Accepter OwnerId {}, Accepter Region {}, Accepter VpcId {} \
                                                         Requester OwnerId {}, Requester Region {}, \
                                                         Requester VpcId {}".
                        format(
                            data["AccepterVpcInfo"]["OwnerId"],
                            data["AccepterVpcInfo"]["Region"],
                            data["AccepterVpcInfo"]["VpcId"],
                            data["RequesterVpcInfo"]["OwnerId"],
                            data["RequesterVpcInfo"]["Region"],
                            data["RequesterVpcInfo"]["VpcId"],
                        ),
                        group="network",
                        tags=resource_tags(data),
                    ))
                self.relations_found.append(
                    ResourceEdge(
                        from_node=peering_digest,
                        to_node=self.vpc_options.vpc_digest(),
                    ))
        return resources_found

Beispiel #27

Datei: general.py Projekt: requix/cloudiscovery

    def get_relations(self) -> List[ResourceEdge]:
        resources_found = []
        for user in self.users_found:
            response = self.client.list_groups_for_user(UserName=user.name)
            for group in response["Groups"]:
                resources_found.append(
                    ResourceEdge(
                        from_node=user.digest,
                        to_node=ResourceDigest(id=group["GroupName"],
                                               type="aws_iam_group"),
                    ))

            response = self.client.list_attached_user_policies(
                UserName=user.name)
            for policy in response["AttachedPolicies"]:
                resources_found.append(
                    ResourceEdge(
                        from_node=user.digest,
                        to_node=ResourceDigest(id=policy["PolicyArn"],
                                               type="aws_iam_policy"),
                    ))

        return resources_found

Beispiel #28

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("synthetics")

        resources_found = []

        response = client.describe_canaries()

        if self.vpc_options.verbose:
            message_handler("Collecting data from Synthetic Canaries...",
                            "HEADER")

        for data in response["Canaries"]:

            # Check if VpcConfig is in dict
            if "VpcConfig" in data:

                if data["VpcConfig"]["VpcId"] == self.vpc_options.vpc_id:
                    digest = ResourceDigest(id=data["Id"],
                                            type="aws_canaries_function")
                    resources_found.append(
                        Resource(
                            digest=digest,
                            name=data["Name"],
                            details="",
                            group="management",
                            tags=resource_tags(data),
                        ))
                    for subnet_id in data["VpcConfig"]["SubnetIds"]:
                        self.relations_found.append(
                            ResourceEdge(
                                from_node=digest,
                                to_node=ResourceDigest(id=subnet_id,
                                                       type="aws_subnet"),
                            ))

        return resources_found

Beispiel #29

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("cloudhsmv2")

        resources_found = []

        response = client.describe_clusters()

        if self.vpc_options.verbose:
            message_handler("Collecting data from CloudHSM clusters...", "HEADER")

        for data in response["Clusters"]:

            if data["VpcId"] == self.vpc_options.vpc_id:
                cloudhsm_digest = ResourceDigest(
                    id=data["ClusterId"], type="aws_cloudhsm"
                )
                resources_found.append(
                    Resource(
                        digest=cloudhsm_digest,
                        name=data["ClusterId"],
                        details="",
                        group="security",
                        tags=resource_tags(data),
                    )
                )

                for subnet in data["SubnetMapping"]:
                    subnet_id = data["SubnetMapping"][subnet]
                    self.relations_found.append(
                        ResourceEdge(
                            from_node=cloudhsm_digest,
                            to_node=ResourceDigest(id=subnet_id, type="aws_subnet"),
                        )
                    )

        return resources_found

Beispiel #30

    def get_resources(self) -> List[Resource]:

        client = self.vpc_options.client("ds")

        resources_found = []

        response = client.describe_directories()

        if self.vpc_options.verbose:
            message_handler("Collecting data from Directory Services...",
                            "HEADER")

        for data in response["DirectoryDescriptions"]:

            if "VpcSettings" in data:

                if data["VpcSettings"]["VpcId"] == self.vpc_options.vpc_id:
                    directory_service_digest = ResourceDigest(
                        id=data["DirectoryId"], type="aws_ds")
                    resources_found.append(
                        Resource(
                            digest=directory_service_digest,
                            name=data["Name"],
                            details="",
                            group="identity",
                            tags=resource_tags(data),
                        ))

                    for subnet in data["VpcSettings"]["SubnetIds"]:
                        self.relations_found.append(
                            ResourceEdge(
                                from_node=directory_service_digest,
                                to_node=ResourceDigest(id=subnet,
                                                       type="aws_subnet"),
                            ))

        return resources_found