def list_from_aws(cls: Type["IAMPolicyResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'role_1_arn': {role_1_dict},
'role_2_arn': {role_2_dict},
...}
Where the dicts represent results from list_policies and additional info per role from
list_targets_by_role."""
policies = {}
paginator = client.get_paginator("list_policies")
for resp in paginator.paginate(Scope="Local"):
for policy in resp.get("Policies", []):
resource_arn = policy["Arn"]
default_policy_version = policy["DefaultVersionId"]
policy_version_resp = client.get_policy_version(
PolicyArn=resource_arn, VersionId=default_policy_version)
default_policy_version_document_text = policy_version_resp[
"PolicyVersion"]["Document"]
policy[
"DefaultVersionPolicyDocumentText"] = policy_doc_dict_to_sorted_str(
default_policy_version_document_text)
policies[resource_arn] = policy
return ListFromAWSResult(resources=policies)
def list_from_aws(cls: Type["EventsRuleResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'rule_1_arn': {rule_1_dict},
'rule_2_arn': {rule_2_dict},
...}
Where the dicts represent results from list_rules and additional info per rule from
list_targets_by_rule."""
rules = {}
paginator = client.get_paginator("list_rules")
for resp in paginator.paginate():
for rule in resp.get("Rules", []):
resource_arn = rule["Arn"]
try:
rule["Targets"] = list_targets_by_rule(
client=client, rule_name=rule["Name"])
rules[resource_arn] = rule
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code != "ResourceNotFoundException":
raise c_e
return ListFromAWSResult(resources=rules)
def list_from_aws(cls: Type["IAMPolicyResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'role_1_arn': {role_1_dict},
'role_2_arn': {role_2_dict},
...}
Where the dicts represent results from list_policies and additional info per role from
list_targets_by_role."""
policies = {}
paginator = client.get_paginator("list_policies")
for resp in paginator.paginate(Scope="Local"):
for policy in resp.get("Policies", []):
resource_arn = policy["Arn"]
default_policy_version = policy["DefaultVersionId"]
try:
default_policy_version_document_text = cls.get_policy_version_document_text(
client=client,
policy_arn=resource_arn,
policy_version=default_policy_version,
)
policy[
"DefaultVersionPolicyDocumentText"] = policy_doc_dict_to_sorted_str(
default_policy_version_document_text)
policies[resource_arn] = policy
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code != "NoSuchEntity":
raise c_e
return ListFromAWSResult(resources=policies)
def list_from_aws(cls: Type["DetectorResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'detector_1_arn': {detector_1_dict},
'detector_2_arn': {detector_2_dict},
...}
Where the dicts represent results from list_detectors and list_members, get_detector for
each listed detector."""
list_detectors_paginator = client.get_paginator("list_detectors")
detectors: Dict[str, Dict[str, Any]] = {}
for list_detectors_resp in list_detectors_paginator.paginate():
detector_ids = list_detectors_resp["DetectorIds"]
for detector_id in detector_ids:
resource_arn = cls.generate_arn(account_id=account_id,
region=region,
resource_id=detector_id)
try:
detectors[resource_arn] = cls.get_detector(
client, detector_id, region)
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code != "BadRequestException":
raise c_e
return ListFromAWSResult(resources=detectors)
def list_from_aws(
cls: Type["TransitGatewayResourceSpec"], client: BaseClient, account_id: str, region: str
) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'tgw_1_arn': {tgw_1_dict},
'tgw_2_arn': {tgw_2_dict},
...}
Where the dicts represent results from describe_transit_gateways."""
tgws = {}
paginator = client.get_paginator("describe_transit_gateways")
tgw_filters = [{"Name": "owner-id", "Values": [account_id]}]
for resp in paginator.paginate(Filters=tgw_filters):
for tgw in resp["TransitGateways"]:
resource_arn = tgw["TransitGatewayArn"]
vpc_attachments: List[Dict[str, Any]] = []
vpc_attachments_paginator = client.get_paginator(
"describe_transit_gateway_attachments"
)
vpc_filters = [
{"Name": "transit-gateway-id", "Values": [tgw["TransitGatewayId"]]},
{"Name": "resource-type", "Values": ["vpc"]},
]
for vpc_attachments_resp in vpc_attachments_paginator.paginate(Filters=vpc_filters):
vpc_attachments += vpc_attachments_resp["TransitGatewayAttachments"]
tgw["VPCAttachments"] = vpc_attachments
tgws[resource_arn] = tgw
return ListFromAWSResult(resources=tgws)
def list_from_aws(
cls: Type["ClassicLoadBalancerResourceSpec"],
client: BaseClient,
account_id: str,
region: str,
) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'lb_1_arn': {lb_1_dict},
'lb_2_arn': {lb_2_dict},
...}
Where the dicts represent results from describe_load_balancers."""
paginator = client.get_paginator("describe_load_balancers")
load_balancers = {}
for resp in paginator.paginate():
for lb in resp["LoadBalancerDescriptions"]:
lb_name = lb["LoadBalancerName"]
resource_arn = cls.generate_arn(account_id=account_id,
region=region,
resource_id=lb_name)
try:
lb_attrs = cls.get_lb_attrs(client, lb_name)
lb.update(lb_attrs)
lb["Type"] = "classic"
load_balancers[resource_arn] = lb
except ClientError as c_e:
if (getattr(c_e, "response", {}).get("Error", {}).get(
"Code", {}) != "LoadBalancerNotFound"):
raise c_e
return ListFromAWSResult(resources=load_balancers)
def list_from_aws(cls: Type["EKSClusterResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'cluster_1_arn': {cluster_1_dict},
'cluster_2_arn': {cluster_2_dict},
...}
Where the dicts represent results from list_clusters."""
clusters = {}
try:
paginator = client.get_paginator("list_clusters")
for resp in paginator.paginate():
for cluster_name in resp.get("clusters", []):
resource_arn = cls.generate_arn(account_id=account_id,
region=region,
resource_id=cluster_name)
clusters[resource_arn] = {"Name": cluster_name}
except ClientError as c_e:
response_error = getattr(c_e, "response", {}).get("Error", {})
error_code = response_error.get("Code", "")
if error_code != "AccessDeniedException":
raise c_e
error_msg = response_error.get("Message", "")
if error_msg != f"Account {account_id} is not authorized to use this service":
raise c_e
return ListFromAWSResult(resources=clusters)
def list_from_aws(
cls: Type["OrgsAccountResourceSpec"], client: BaseClient, account_id: str, region: str
) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'ou_1_arn': {org_1_dict},
'ou_2_arn': {org_2_dict},
...}
Where the dicts represent results from list_accounts_for_parent."""
org_resp = client.describe_organization()
org_arn = org_resp["Organization"]["Arn"]
# get all ou ids and arns as a dict
ou_ids_arns = get_ou_ids_arns(client)
# now look up accounts for each ou
orgs_accounts = {}
accounts_paginator = client.get_paginator("list_accounts_for_parent")
for parent_id, parent_arn in ou_ids_arns.items():
for accounts_resp in accounts_paginator.paginate(ParentId=parent_id):
for account in accounts_resp["Accounts"]:
account_id = account["Id"]
account_arn = f"arn:aws::::account/{account_id}"
account["OrganizationArn"] = org_arn
account["OUArn"] = parent_arn
orgs_accounts[account_arn] = account
return ListFromAWSResult(resources=orgs_accounts)
def list_from_aws(cls: Type["IAMSAMLProviderResourceSpec"],
client: BaseClient, account_id: str,
region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'saml_provider_1_arn': {saml_provider_1_dict},
'saml_provider_2_arn': {saml_provider_2_dict},
...}
Where the dicts represent results from list_saml_providers and additional info per
saml_provider list_saml_providers. An additional 'Name' key is added."""
saml_providers = {}
resp = client.list_saml_providers()
for saml_provider in resp.get("SAMLProviderList", []):
resource_arn = saml_provider["Arn"]
saml_provider["Name"] = "/".join(resource_arn.split("/")[1:])
try:
saml_metadata_document = cls.get_saml_provider_metadata_doc(
client=client, arn=resource_arn)
hash_object = hashlib.sha256(saml_metadata_document.encode())
saml_provider[
"MetadataDocumentChecksum"] = hash_object.hexdigest()
saml_providers[resource_arn] = saml_provider
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code != "NoSuchEntity":
raise c_e
return ListFromAWSResult(resources=saml_providers)
def list_from_aws(cls: Type["IAMRoleResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'role_1_arn': {role_1_dict},
'role_2_arn': {role_2_dict},
...}
Where the dicts represent results from list_roles and additional info per role from
list_targets_by_role."""
roles = {}
paginator = client.get_paginator("list_roles")
for resp in paginator.paginate():
for role in resp.get("Roles", []):
role_name = role["RoleName"]
assume_role_policy_document = copy.deepcopy(
role["AssumeRolePolicyDocument"])
assume_role_policy_document_text = policy_doc_dict_to_sorted_str(
assume_role_policy_document)
role[
"AssumeRolePolicyDocumentText"] = assume_role_policy_document_text
for statement in assume_role_policy_document.get(
"Statement", []):
for obj in statement.get("Condition", {}).values():
for obj_key in obj.keys():
if obj_key.lower() == "sts:externalid":
obj[obj_key] = "REMOVED"
policies_result = get_attached_role_policies(client, role_name)
policies = policies_result
role["PolicyAttachments"] = policies
resource_arn = role["Arn"]
roles[resource_arn] = role
return ListFromAWSResult(resources=roles)
def list_from_aws(cls: Type["TargetGroupResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'target_group_1_arn': {target_group_1_dict},
'target_group_2_arn': {target_group_2_dict},
...}
Where the dicts represent results from describe_target_groups."""
paginator = client.get_paginator("describe_target_groups")
resources = {}
for resp in paginator.paginate():
for resource in resp.get("TargetGroups", []):
resource_arn = resource["TargetGroupArn"]
try:
resource[
"TargetHealthDescriptions"] = get_target_group_health(
client, resource_arn)
resources[resource_arn] = resource
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code != "TargetGroupNotFound":
raise c_e
return ListFromAWSResult(resources=resources)
def list_from_aws(cls: Type["OUResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'ou_1_arn': {ou_1_dict},
'ou_2_arn': {ou_2_dict},
...}
Where the dicts represent results from list_organizational_units_for_parent
with some additional info 'Path') tagged on."""
org_resp = client.describe_organization()
org_arn = org_resp["Organization"]["Arn"]
ous = {}
paginator = client.get_paginator("list_roots")
for resp in paginator.paginate():
for root in resp["Roots"]:
root_id, root_arn = root["Id"], root["Arn"]
root_path = f"/{root['Name']}"
ous[root_arn] = root
ous[root_arn]["OrganizationArn"] = org_arn
ous[root_arn]["Path"] = root_path
ou_details = cls._recursively_get_ou_details_for_parent(
client=client, parent_id=root_id, parent_path=root_path)
for ou_detail in ou_details:
arn = ou_detail["Arn"]
ou_detail["OrganizationArn"] = org_arn
ous[arn] = ou_detail
return ListFromAWSResult(resources=ous)
def list_from_aws(cls: Type["ACMCertificateResourceSpec"],
client: BaseClient, account_id: str,
region: str) -> ListFromAWSResult:
cert_arns: List[str] = []
paginator = client.get_paginator("list_certificates")
for resp in paginator.paginate(
Includes={
"keyTypes": [
"RSA_1024",
"RSA_2048",
"RSA_3072",
"RSA_4096",
"EC_prime256v1",
"EC_secp384r1",
"EC_secp521r1",
]
}):
cert_arns.extend([
cert_dict["CertificateArn"]
for cert_dict in resp.get("CertificateSummaryList", [])
])
certs: Dict[str, Dict[str, Any]] = {}
for cert_arn in cert_arns:
try:
cert_data = get_cert_data(client=client, cert_arn=cert_arn)
certs[cert_arn] = cert_data
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code not in ("ResourceNotFoundException", ):
raise c_e
return ListFromAWSResult(resources=certs)
def list_from_aws(cls: Type["RDSInstanceResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
logger = Logger()
dbinstances = {}
paginator = client.get_paginator("describe_db_instances")
for resp in paginator.paginate():
for db in resp.get("DBInstances", []):
resource_arn = db["DBInstanceArn"]
db["Tags"] = client.list_tags_for_resource(
ResourceName=resource_arn).get("TagList", [])
db["Backup"] = []
dbinstances[resource_arn] = db
backup_paginator = client.get_paginator(
"describe_db_instance_automated_backups")
for resp in backup_paginator.paginate():
for backup in resp.get("DBInstanceAutomatedBackups", []):
if backup["DBInstanceArn"] in dbinstances:
dbinstances[backup["DBInstanceArn"]]["Backup"].append(
backup)
else:
logger.info(
event=AWSLogEvents.ScanAWSResourcesNonFatalError,
msg=
(f'Unable to find matching DB Instance {backup["DBInstanceArn"]} '
"(Possible Deletion)"),
)
return ListFromAWSResult(resources=dbinstances)
def list_from_aws(
cls: Type["IAMAccountPasswordPolicyResourceSpec"],
client: BaseClient,
account_id: str,
region: str,
) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'account_password_policy_1_arn': {account_password_policy_1_dict}}
Where the dicts represent results from get_account_password_policy."""
password_policies = {}
try:
resp = client.get_account_password_policy()
except client.exceptions.NoSuchEntityException:
resp = {} # Indicates no policy is set for the account
policy = resp.get("PasswordPolicy", {})
if policy:
resource_arn = cls.generate_arn(
account_id=account_id,
resource_id=cls.DEFAULT_PASSWORD_POLICY_NAME)
password_policies[resource_arn] = policy
return ListFromAWSResult(resources=password_policies)
def list_from_aws(cls: Type["IAMOIDCProviderResourceSpec"],
client: BaseClient, account_id: str,
region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'oidc_provider_1_arn': {oidc_provider_1_dict},
'oidc_provider_2_arn': {oidc_provider_2_dict},
...}
Where the dicts represent results from list_oidc_providers and additional info per
oidc_provider list_oidc_providers. An additional 'Name' key is added."""
oidc_providers = {}
resp = client.list_open_id_connect_providers()
for oidc_provider in resp.get("OpenIDConnectProviderList", []):
resource_arn = oidc_provider["Arn"]
try:
oidc_provider_details = cls.get_oidc_provider_details(
client=client, arn=resource_arn)
oidc_provider.update(oidc_provider_details)
oidc_providers[resource_arn] = oidc_provider
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code != "NoSuchEntity":
raise c_e
return ListFromAWSResult(resources=oidc_providers)
def list_from_aws(
cls: Type["AccountResourceSpec"], client: BaseClient, account_id: str, region: str
) -> ListFromAWSResult:
"""This resource is somewhat synthetic, this method simply returns a dict of form
{'account_arn': {account_dict}"""
sts_account_id = client.get_caller_identity()["Account"]
if sts_account_id != account_id:
raise ValueError(f"BUG: sts detected account_id {sts_account_id} != {account_id}")
accounts = {f"arn:aws::::account/{sts_account_id}": {"account_id": sts_account_id}}
return ListFromAWSResult(resources=accounts)
def list_from_aws(
cls: Type["EC2RouteTableResourceSpec"], client: BaseClient, account_id: str, region: str
) -> ListFromAWSResult:
paginator = client.get_paginator("describe_route_tables")
route_tables = {}
for resp in paginator.paginate():
for attachment in resp.get("RouteTables", []):
resource_arn = cls.generate_arn(account_id, region, attachment["RouteTableId"])
route_tables[resource_arn] = attachment
return ListFromAWSResult(resources=route_tables)
def list_from_aws(cls: Type["SecurityGroupResourceSpec"],
client: BaseClient, account_id: str,
region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'security_group_1_arn': {security_group_1_dict},
'security_group_2_arn': {security_group_2_dict},
...}
Where the dicts represent results from describe_subnets."""
security_groups = {}
paginator = client.get_paginator("describe_security_groups")
for resp in paginator.paginate():
for security_group in resp.get("SecurityGroups", []):
resource_arn = cls.generate_arn(
account_id=account_id,
region=region,
resource_id=security_group["GroupId"])
for ingress_rule in security_group.get("IpPermissions", []):
for ip_range in ingress_rule.get("IpRanges", []):
cidr = ip_range["CidrIp"]
ipv4_network = ipaddress.IPv4Network(cidr,
strict=False)
first_ip, last_ip = int(ipv4_network[0]), int(
ipv4_network[-1])
ip_range["FirstIp"] = first_ip
ip_range["LastIp"] = last_ip
for ip_range in ingress_rule.get("Ipv6Ranges", []):
cidr = ip_range["CidrIpv6"]
ipv6_network = ipaddress.IPv6Network(cidr,
strict=False)
first_ip, last_ip = int(ipv6_network[0]), int(
ipv6_network[-1])
ip_range["FirstIp"] = first_ip
ip_range["LastIp"] = last_ip
for egress_rule in security_group.get("IpPermissionsEgress",
[]):
for ip_range in egress_rule.get("IpRanges", []):
cidr = ip_range["CidrIp"]
ipv4_network = ipaddress.IPv4Network(cidr,
strict=False)
first_ip, last_ip = int(ipv4_network[0]), int(
ipv4_network[-1])
ip_range["FirstIp"] = first_ip
ip_range["LastIp"] = last_ip
for ip_range in egress_rule.get("Ipv6Ranges", []):
cidr = ip_range["CidrIpv6"]
ipv6_network = ipaddress.IPv6Network(cidr,
strict=False)
first_ip, last_ip = int(ipv6_network[0]), int(
ipv6_network[-1])
ip_range["FirstIp"] = first_ip
ip_range["LastIp"] = last_ip
security_groups[resource_arn] = security_group
return ListFromAWSResult(resources=security_groups)
def list_from_aws(cls: Type["RDSSnapshotResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
dbinstances = {}
paginator = client.get_paginator("describe_db_snapshots")
for resp in paginator.paginate():
for db in resp.get("DBSnapshots", []):
resource_arn = db["DBSnapshotArn"]
db["DBInstanceArn"] = cls.generate_instance_arn(
account_id, region, db["DBInstanceIdentifier"])
dbinstances[resource_arn] = db
return ListFromAWSResult(resources=dbinstances)
def list_from_aws(cls: Type["S3BucketResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'bucket_1_arn': {bucket_1_dict},
'bucket_2_arn': {bucket_2_dict},
...}
Where the dicts represent results from list_buckets."""
logger = Logger()
buckets = {}
buckets_resp = client.list_buckets()
for bucket in buckets_resp.get("Buckets", []):
bucket_name = bucket["Name"]
try:
try:
bucket_region = get_s3_bucket_region(client, bucket_name)
except S3BucketAccessDeniedException as s3ade:
logger.warn(
event=AWSLogEvents.ScanAWSResourcesNonFatalError,
msg=
f"Unable to determine region for {bucket_name}: {s3ade}",
)
continue
try:
bucket["Tags"] = get_s3_bucket_tags(client, bucket_name)
except S3BucketAccessDeniedException as s3ade:
bucket["Tags"] = []
logger.warn(
event=AWSLogEvents.ScanAWSResourcesNonFatalError,
msg=
f"Unable to determine tags for {bucket_name}: {s3ade}",
)
try:
bucket["ServerSideEncryption"] = get_s3_bucket_encryption(
client, bucket_name)
except S3BucketAccessDeniedException as s3ade:
bucket["ServerSideEncryption"] = {"Rules": []}
logger.warn(
event=AWSLogEvents.ScanAWSResourcesNonFatalError,
msg=
f"Unable to determine encryption status for {bucket_name}: {s3ade}",
)
resource_arn = cls.generate_arn(account_id=account_id,
region=bucket_region,
resource_id=bucket_name)
buckets[resource_arn] = bucket
except S3BucketDoesNotExistException as s3bdnee:
logger.warn(
event=AWSLogEvents.ScanAWSResourcesNonFatalError,
msg=f"{bucket_name}: No longer exists: {s3bdnee}",
)
return ListFromAWSResult(resources=buckets)
def list_from_aws(cls: Type["OrgResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'org_1_arn': {org_1_dict},
'org_2_arn': {org_2_dict},
...}
Where the dicts represent results from describe_organization."""
resp = client.describe_organization()
org = resp["Organization"]
orgs = {org["Arn"]: org}
return ListFromAWSResult(resources=orgs)
def list_from_aws(cls: Type["EventBusResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'event_bus_1_arn': {event_bus_1_dict},
'event_bus_2_arn': {event_bus_2_dict},
...}
Where the dicts represent results from describe_event_bus."""
resp = client.describe_event_bus()
arn = resp["Arn"]
event_busses = {arn: resp}
return ListFromAWSResult(resources=event_busses)
def list_from_aws(
cls: Type["SubnetResourceSpec"], client: BaseClient, account_id: str, region: str
) -> ListFromAWSResult:
subnets = {}
resp = client.describe_subnets()
for subnet in resp.get("Subnets", []):
resource_arn = cls.generate_arn(
account_id=account_id, region=region, resource_id=subnet["SubnetId"]
)
cidr = subnet["CidrBlock"]
ipv4_network = ipaddress.IPv4Network(cidr, strict=False)
first_ip, last_ip = int(ipv4_network[0]), int(ipv4_network[-1])
subnet["FirstIp"] = first_ip
subnet["LastIp"] = last_ip
subnets[resource_arn] = subnet
return ListFromAWSResult(resources=subnets)
def list_from_aws(
cls: Type["TransitGatewayVpcAttachmentResourceSpec"],
client: BaseClient,
account_id: str,
region: str,
) -> ListFromAWSResult:
paginator = client.get_paginator(
"describe_transit_gateway_vpc_attachments")
attachments = {}
for resp in paginator.paginate():
for attachment in resp.get("TransitGatewayVpcAttachments", []):
resource_arn = cls.generate_arn(
account_id, region,
attachment["TransitGatewayAttachmentId"])
attachments[resource_arn] = attachment
return ListFromAWSResult(resources=attachments)
def list_from_aws(cls: Type["RegionResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'region_1_arn': {region_1_dict},
'region_2_arn': {region_2_dict},
...}
Where the dicts represent results from describe_regions."""
regions = {}
resp = client.describe_regions(AllRegions=True)
for region_resp in resp["Regions"]:
region_name = region_resp["RegionName"]
region_arn = f"arn:aws:::{account_id}:region/{region_name}"
regions[region_arn] = region_resp
return ListFromAWSResult(resources=regions)
def list_from_aws(
cls: Type["VPCPeeringConnectionResourceSpec"],
client: BaseClient,
account_id: str,
region: str,
) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'vpc_peering_connection_1_arn': {vpc_peering_connection_1_dict},
'vpc_peering_connection_2_arn': {vpc_peering_connection_2_dict},
...}
Where the dicts represent results from describe_vpc_peering_connections."""
vpc_peering_connections = {}
paginator = client.get_paginator("describe_vpc_peering_connections")
for resp in paginator.paginate():
for vpc_pc in resp["VpcPeeringConnections"]:
resource_arn = cls.generate_arn(
resource_id=vpc_pc["VpcPeeringConnectionId"],
account_id=account_id,
region=region,
)
accepter_info = vpc_pc["AccepterVpcInfo"]
accepter_account_id = accepter_info["OwnerId"]
accepter_vpc_id = accepter_info["VpcId"]
accepter_region = accepter_info["Region"]
accepter_vpc_arn = VPCResourceSpec.generate_arn(
resource_id=accepter_vpc_id,
account_id=accepter_account_id,
region=accepter_region,
)
requester_info = vpc_pc["RequesterVpcInfo"]
requester_account_id = requester_info["OwnerId"]
requester_vpc_id = requester_info["VpcId"]
requester_region = requester_info["Region"]
requester_vpc_arn = VPCResourceSpec.generate_arn(
resource_id=requester_vpc_id,
account_id=requester_account_id,
region=requester_region,
)
vpc_peering_connection = {
"AccepterVpc": accepter_vpc_arn,
"RequesterVpc": requester_vpc_arn,
"Status": vpc_pc["Status"]["Code"],
}
vpc_peering_connections[resource_arn] = vpc_peering_connection
return ListFromAWSResult(resources=vpc_peering_connections)
def list_from_aws(cls: Type["IAMUserResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'user_1_arn': {user_1_dict},
'user_2_arn': {user_2_dict},
...}
Where the dicts represent results from list_users and additional info per user from
list_targets_by_user."""
users = {}
paginator = client.get_paginator("list_users")
for resp in paginator.paginate():
for user in resp.get("Users", []):
resource_arn = user["Arn"]
user_name = user["UserName"]
access_keys_paginator = client.get_paginator(
"list_access_keys")
access_keys: List[Dict[str, Any]] = []
for access_keys_resp in access_keys_paginator.paginate(
UserName=user_name):
for resp_access_key in access_keys_resp[
"AccessKeyMetadata"]:
access_key = copy.deepcopy(resp_access_key)
access_key_id = access_key["AccessKeyId"]
last_used_resp = client.get_access_key_last_used(
AccessKeyId=access_key_id)
access_key["AccessKeyLastUsed"] = last_used_resp[
"AccessKeyLastUsed"]
access_keys.append(access_key)
user["AccessKeys"] = access_keys
mfa_devices_paginator = client.get_paginator(
"list_mfa_devices")
mfa_devices: List[Dict[str, Any]] = []
for mfa_devices_resp in mfa_devices_paginator.paginate(
UserName=user_name):
mfa_devices += mfa_devices_resp["MFADevices"]
user["MfaDevices"] = mfa_devices
try:
login_profile_resp = client.get_login_profile(
UserName=user_name)
user["LoginProfile"] = login_profile_resp["LoginProfile"]
except ClientError as c_e:
if "NoSuchEntity" not in str(c_e):
raise c_e
users[resource_arn] = user
return ListFromAWSResult(resources=users)
def list_from_aws(cls: Type["LambdaFunctionResourceSpec"],
client: BaseClient, account_id: str,
region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'function_1_arn': {function_1_dict},
'function_2_arn': {function_2_dict},
...}
Where the dicts represent results from list_functions."""
functions = {}
paginator = client.get_paginator("list_functions")
for resp in paginator.paginate():
for function in resp.get("Functions", []):
resource_arn = function["FunctionArn"]
functions[resource_arn] = function
return ListFromAWSResult(resources=functions)
def list_from_aws(cls: Type["InstanceProfileResourceSpec"],
client: BaseClient, account_id: str,
region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'instance_profile_1_arn': {instance_profile_1_dict},
'instance_profile_2_arn': {instance_profile_2_dict},
...}
Where the dicts represent results from list_instance_profiles."""
paginator = client.get_paginator("list_instance_profiles")
instance_profiles = {}
for resp in paginator.paginate():
for instance_profile in resp.get("InstanceProfiles", []):
resource_arn = instance_profile["Arn"]
instance_profiles[resource_arn] = instance_profile
return ListFromAWSResult(resources=instance_profiles)