def list_bucket_policies(s3, account, output_bucket, encode):
"""continue from multithread call
Args:
s3 (object): s3 client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
s3_bucket_list = s3.list_buckets().get('Buckets')
for s3_obj in s3_bucket_list:
bucket_policy = []
"""get bucket policy if defined """
try:
bucket_policy = s3.get_bucket_policy(
Bucket=s3_obj.get('Name')).get('Policy')
except Exception, e:
error_code = e
if bucket_policy:
if encode == 'on':
output_bucket.append(
misc.format_line(
(misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(s3_obj.get('Name'))),
misc.check_if(base64.b64encode('s3:bucket_policy')),
misc.check_if(
base64.b64encode('<pre>' + misc.json_pretty_print(
json.loads(bucket_policy)) + '</pre>')))))
else:
output_bucket.append(
misc.format_line((misc.check_if(account.get('name')),
misc.check_if(s3_obj.get('Name')),
misc.check_if(str('s3:bucket_policy')),
misc.check_if(
misc.json_pretty_print(
json.loads(bucket_policy))))))
def list_bucket_policies(s3, account, output_bucket, encode):
"""continue from multithread call
Args:
s3 (object): s3 client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
s3_bucket_list = s3.list_buckets().get('Buckets')
for s3_obj in s3_bucket_list:
bucket_policy = []
"""get bucket policy if defined """
try:
bucket_policy = s3.get_bucket_policy(Bucket=s3_obj.get('Name')).get('Policy')
except Exception, e:
error_code = e
if bucket_policy:
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(s3_obj.get('Name'))),
misc.check_if(base64.b64encode('s3:bucket_policy')),
misc.check_if(base64.b64encode(
'<pre>' +
misc.json_pretty_print(json.loads(bucket_policy)) +
'</pre>'))
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(s3_obj.get('Name')),
misc.check_if(str('s3:bucket_policy')),
misc.check_if(
misc.json_pretty_print(json.loads(bucket_policy)))
)))
def inventory_group_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
group_list = iam.list_groups().get('Groups')
for group in group_list:
"""pull out inline group policies"""
policies = iam.list_group_policies(
GroupName=group.get('GroupName')).get('PolicyNames')
for policy_name in policies:
policy = misc.json_pretty_print(
iam.get_group_policy(
GroupName=group.get('GroupName'),
PolicyName=policy_name).get('PolicyDocument'))
"""inline group policy entry"""
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(
group.get('GroupName'))),
misc.check_if(base64.b64encode(str(policy_name))),
misc.check_if(
base64.b64encode(str('<pre>' + policy +
'</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(group.get('GroupName')),
misc.check_if(str(policy_name)),
misc.check_if(str(policy)),
)))
def inventory_user_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
user_list = iam.list_users().get('Users')
for user in user_list:
"""pull out inline user policies"""
policies = iam.list_user_policies(
UserName=user.get('UserName')).get('PolicyNames')
for policy_name in policies:
policy = misc.json_pretty_print(
iam.get_user_policy(
UserName=user.get('UserName'),
PolicyName=policy_name
).get('PolicyDocument')
)
"""inline user policy entry"""
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(user.get('UserName'))),
misc.check_if(base64.b64encode(str(policy_name))),
misc.check_if(base64.b64encode(str('<pre>' + policy + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(user.get('UserName')),
misc.check_if(str(policy_name)),
misc.check_if(str(policy)),
)))
search_logGroup = cwl.filter_log_events(
logGroupName = log_group,
filterPattern = search_filter,
startTime = int(time.mktime(startTime.timetuple()))
)
except Exception, e:
error_code = e
#print e
if search_logGroup:
for message in search_logGroup.get('events'):
event_name = (json.loads(message.get('message'))).get('eventName')
event_time = (json.loads(message.get('message'))).get('eventTime')
arn = (json.loads(message.get('message'))).get('userIdentity').get('arn')
source_address = (json.loads(message.get('message'))).get('sourceIPAddress')
request_param = misc.json_pretty_print((json.loads(message.get('message'))).get('requestParameters'))
response_elem = misc.json_pretty_print((json.loads(message.get('message'))).get('responseElements'))
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(region.get('RegionName'))),
misc.check_if(base64.b64encode(event_name)),
misc.check_if(base64.b64encode(str(event_time))),
misc.check_if(base64.b64encode(misc.check_if(arn))),
misc.check_if(base64.b64encode(str(source_address))),
misc.check_if(base64.b64encode(str('<pre>' + request_param + '</pre>'))),
misc.check_if(base64.b64encode(str('<pre>' + response_elem + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
def inventory_role_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
role_list = iam.list_roles().get('Roles')
for role in role_list:
assume_role_policy = misc.json_pretty_print(role.get('AssumeRolePolicyDocument'))
"""trust relationship policy"""
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('iam:trust_policy'))),
misc.check_if(base64.b64encode(role.get('RoleName'))),
misc.check_if(base64.b64encode(role.get('Arn'))),
misc.check_if(base64.b64encode(str('<pre>' + assume_role_policy + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('iam:trust_policy')),
misc.check_if(role.get('RoleName')),
misc.check_if(role.get('Arn')),
misc.check_if(str(assume_role_policy)),
)))
"""pull out inline role policies"""
policies = iam.list_role_policies(
RoleName=role.get('RoleName')).get('PolicyNames')
for policy_name in policies:
policy = misc.json_pretty_print(
iam.get_role_policy(
RoleName=role.get('RoleName'),
PolicyName=policy_name
).get('PolicyDocument')
)
"""inline role policy entry"""
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('iam:inline_policy'))),
misc.check_if(base64.b64encode(role.get('RoleName'))),
misc.check_if(base64.b64encode(str(policy_name))),
misc.check_if(base64.b64encode(str('<pre>' + policy + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('iam:inline_policy')),
misc.check_if(role.get('RoleName')),
misc.check_if(str(policy_name)),
misc.check_if(str(policy)),
)))
def inventory_managed_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
policy_list = iam.list_policies(
OnlyAttached=True).get('Policies')
for policy in policy_list:
policy_body = iam.get_policy_version(
PolicyArn=policy.get('Arn'),
VersionId=policy.get('DefaultVersionId')
).get('PolicyVersion').get('Document')
policy_body = misc.json_pretty_print(policy_body)
"""get list of groups using this policy"""
policy_groups = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyGroups')
"""get list of roles using this policy"""
policy_roles = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyRoles')
"""get list of users using this policy"""
policy_users = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyUsers')
if policy_groups:
for group_entity in policy_groups:
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('group_policy'))),
misc.check_if(base64.b64encode(group_entity.get('GroupName'))),
misc.check_if(base64.b64encode(policy.get('PolicyName'))),
misc.check_if(base64.b64encode(str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('group_policy')),
misc.check_if(group_entity.get('GroupName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
if policy_roles:
for role_entity in policy_roles:
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('role_policy'))),
misc.check_if(base64.b64encode(role_entity.get('RoleName'))),
misc.check_if(base64.b64encode(policy.get('PolicyName'))),
misc.check_if(base64.b64encode(str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('role_policy')),
misc.check_if(role_entity.get('RoleName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
if policy_users:
for user_entity in policy_users:
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('user_policy'))),
misc.check_if(base64.b64encode(user_entity.get('UserName'))),
misc.check_if(base64.b64encode(policy.get('PolicyName'))),
misc.check_if(base64.b64encode(str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('user_policy')),
misc.check_if(user_entity.get('UserName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
def inventory_role_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
role_list = iam.list_roles().get('Roles')
for role in role_list:
assume_role_policy = misc.json_pretty_print(
role.get('AssumeRolePolicyDocument'))
"""trust relationship policy"""
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('iam:trust_policy'))),
misc.check_if(base64.b64encode(role.get('RoleName'))),
misc.check_if(base64.b64encode(role.get('Arn'))),
misc.check_if(
base64.b64encode(
str('<pre>' + assume_role_policy + '</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('iam:trust_policy')),
misc.check_if(role.get('RoleName')),
misc.check_if(role.get('Arn')),
misc.check_if(str(assume_role_policy)),
)))
"""pull out inline role policies"""
policies = iam.list_role_policies(
RoleName=role.get('RoleName')).get('PolicyNames')
for policy_name in policies:
policy = misc.json_pretty_print(
iam.get_role_policy(
RoleName=role.get('RoleName'),
PolicyName=policy_name).get('PolicyDocument'))
"""inline role policy entry"""
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(
base64.b64encode(str('iam:inline_policy'))),
misc.check_if(base64.b64encode(role.get('RoleName'))),
misc.check_if(base64.b64encode(str(policy_name))),
misc.check_if(
base64.b64encode(str('<pre>' + policy +
'</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('iam:inline_policy')),
misc.check_if(role.get('RoleName')),
misc.check_if(str(policy_name)),
misc.check_if(str(policy)),
)))
def inventory_managed_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
policy_list = iam.list_policies(OnlyAttached=True).get('Policies')
for policy in policy_list:
policy_body = iam.get_policy_version(
PolicyArn=policy.get('Arn'),
VersionId=policy.get('DefaultVersionId')).get('PolicyVersion').get(
'Document')
policy_body = misc.json_pretty_print(policy_body)
"""get list of groups using this policy"""
policy_groups = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyGroups')
"""get list of roles using this policy"""
policy_roles = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyRoles')
"""get list of users using this policy"""
policy_users = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyUsers')
if policy_groups:
for group_entity in policy_groups:
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(
account.get('name'))),
misc.check_if(base64.b64encode(
str('group_policy'))),
misc.check_if(
base64.b64encode(
group_entity.get('GroupName'))),
misc.check_if(
base64.b64encode(policy.get('PolicyName'))),
misc.check_if(
base64.b64encode(
str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('group_policy')),
misc.check_if(group_entity.get('GroupName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
if policy_roles:
for role_entity in policy_roles:
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(
account.get('name'))),
misc.check_if(base64.b64encode(
str('role_policy'))),
misc.check_if(
base64.b64encode(role_entity.get('RoleName'))),
misc.check_if(
base64.b64encode(policy.get('PolicyName'))),
misc.check_if(
base64.b64encode(
str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('role_policy')),
misc.check_if(role_entity.get('RoleName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
if policy_users:
for user_entity in policy_users:
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(
account.get('name'))),
misc.check_if(base64.b64encode(
str('user_policy'))),
misc.check_if(
base64.b64encode(user_entity.get('UserName'))),
misc.check_if(
base64.b64encode(policy.get('PolicyName'))),
misc.check_if(
base64.b64encode(
str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('user_policy')),
misc.check_if(user_entity.get('UserName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
logGroupName=log_group,
filterPattern=search_filter,
startTime=int(time.mktime(startTime.timetuple())))
except Exception, e:
error_code = e
#print e
if search_logGroup:
for message in search_logGroup.get('events'):
event_name = (json.loads(message.get('message'))).get('eventName')
event_time = (json.loads(message.get('message'))).get('eventTime')
arn = (json.loads(
message.get('message'))).get('userIdentity').get('arn')
source_address = (json.loads(
message.get('message'))).get('sourceIPAddress')
request_param = misc.json_pretty_print(
(json.loads(message.get('message'))).get('requestParameters'))
response_elem = misc.json_pretty_print(
(json.loads(message.get('message'))).get('responseElements'))
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(
base64.b64encode(region.get('RegionName'))),
misc.check_if(base64.b64encode(event_name)),
misc.check_if(base64.b64encode(str(event_time))),
misc.check_if(base64.b64encode(misc.check_if(arn))),
misc.check_if(base64.b64encode(str(source_address))),
misc.check_if(
base64.b64encode(
