def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
response = client.describe_vpc_endpoints(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from VPC Endpoints...", "HEADER")
for data in response["VpcEndpoints"]:
if data["VpcId"] == self.vpc_options.vpc_id:
endpoint_digest = ResourceDigest(
id=data["VpcEndpointId"], type="aws_vpc_endpoint_gateway")
if data["VpcEndpointType"] == "Gateway":
resources_found.append(
Resource(
digest=endpoint_digest,
name=data["VpcEndpointId"],
details="Vpc Endpoint Gateway RouteTable {}".
format(", ".join(data["RouteTableIds"])),
group="network",
tags=resource_tags(data),
))
self.relations_found.append(
ResourceEdge(
from_node=endpoint_digest,
to_node=self.vpc_options.vpc_digest(),
))
else:
resources_found.append(
Resource(
digest=endpoint_digest,
name=data["VpcEndpointId"],
details="Vpc Endpoint Service Subnet {}".format(
", ".join(data["SubnetIds"])),
group="network",
tags=resource_tags(data),
))
for subnet_id in data["SubnetIds"]:
self.relations_found.append(
ResourceEdge(
from_node=endpoint_digest,
to_node=ResourceDigest(id=subnet_id,
type="aws_subnet"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
client_vpn_endpoints = client.describe_client_vpn_endpoints()
resources: List[Resource] = []
for client_vpn_endpoint in client_vpn_endpoints["ClientVpnEndpoints"]:
if client_vpn_endpoint["VpcId"] == self.vpc_options.vpc_id:
digest = ResourceDigest(
id=client_vpn_endpoint["ClientVpnEndpointId"],
type="aws_vpn_client_endpoint",
)
nametag = get_name_tag(client_vpn_endpoint)
name = (client_vpn_endpoint["ClientVpnEndpointId"]
if nametag is None else nametag)
resources.append(
Resource(
digest=digest,
name=name,
group="network",
tags=resource_tags(client_vpn_endpoint),
))
self.relations_found.append(
ResourceEdge(from_node=digest,
to_node=self.vpc_options.vpc_digest()))
return resources
def analyze_restapi(self, data):
if "policy" in data:
documentpolicy = data["policy"]
else:
return False, None
document = json.dumps(documentpolicy, default=datetime_to_string)
# check either vpc_id or potential subnet ip are found
ipvpc_found = check_ipvpc_inpolicy(document=document,
vpc_options=self.vpc_options)
if ipvpc_found is not False:
digest = ResourceDigest(id=data["id"],
type="aws_api_gateway_rest_api")
self.relations_found.append(
ResourceEdge(from_node=digest,
to_node=self.vpc_options.vpc_digest()))
return (
True,
Resource(
digest=digest,
name=data["name"],
details="",
group="network",
tags=resource_tags(data),
),
)
return False, None
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
response = client.describe_route_tables(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from Route Tables...", "HEADER")
# Iterate to get all route table filtered
for route_table in response["RouteTables"]:
nametag = get_name_tag(route_table)
name = route_table["RouteTableId"] if nametag is None else nametag
table_digest = ResourceDigest(id=route_table["RouteTableId"],
type="aws_route_table")
is_main = False
for association in route_table["Associations"]:
if association["Main"] is True:
is_main = True
if is_main:
self.relations_found.append(
ResourceEdge(
from_node=table_digest,
to_node=self.vpc_options.vpc_digest(),
))
else:
for association in route_table["Associations"]:
if "SubnetId" in association:
self.relations_found.append(
ResourceEdge(
from_node=table_digest,
to_node=ResourceDigest(
id=association["SubnetId"],
type="aws_subnet"),
))
is_public = False
for route in route_table["Routes"]:
if ("DestinationCidrBlock" in route
and route["DestinationCidrBlock"] == "0.0.0.0/0"
and "GatewayId" in route
and route["GatewayId"].startswith("igw-")):
is_public = True
resources_found.append(
Resource(
digest=table_digest,
name=name,
details="default: {}, public: {}".format(
is_main, is_public),
group="network",
tags=resource_tags(route_table),
))
return resources_found
def analyze_bucket(self, client, data):
try:
documentpolicy = client.get_bucket_policy(Bucket=data["Name"])
except ClientError:
return False, None
document = json.dumps(documentpolicy, default=datetime_to_string)
# check either vpc_id or potential subnet ip are found
ipvpc_found = check_ipvpc_inpolicy(document=document,
vpc_options=self.vpc_options)
if ipvpc_found is True:
tags_response = client.get_bucket_tagging(Bucket=data["Name"])
digest = ResourceDigest(id=data["Name"],
type="aws_s3_bucket_policy")
self.relations_found.append(
ResourceEdge(from_node=digest,
to_node=self.vpc_options.vpc_digest()))
return (
True,
Resource(
digest=digest,
name=data["Name"],
details="",
group="storage",
tags=resource_tags(tags_response),
),
)
return False, None
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
response = client.describe_security_groups(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from Security Groups...",
"HEADER")
for data in response["SecurityGroups"]:
group_digest = ResourceDigest(id=data["GroupId"],
type="aws_security_group")
resources_found.append(
Resource(
digest=group_digest,
name=data["GroupName"],
details="",
group="network",
tags=resource_tags(data),
))
self.relations_found.append(
ResourceEdge(from_node=group_digest,
to_node=self.vpc_options.vpc_digest()))
return resources_found
def get_resources(self) -> List[Resource]:
if self.options.verbose:
message_handler("Collecting data from IAM Roles...", "HEADER")
paginator = self.client.get_paginator("list_roles")
pages = paginator.paginate()
resources_found = []
for roles in pages:
for data in roles["Roles"]:
resource_digest = ResourceDigest(
id=data["RoleName"], type="aws_iam_role"
)
tag_response = self.client.list_role_tags(RoleName=data["RoleName"],)
resources_found.append(
Resource(
digest=resource_digest,
name=data["RoleName"],
details="",
group="",
tags=resource_tags(tag_response),
)
)
if (
"AssumeRolePolicyDocument" in data
and "Statement" in data["AssumeRolePolicyDocument"]
):
for statement in data["AssumeRolePolicyDocument"]["Statement"]:
resources_found.extend(
self.analyze_assume_statement(resource_digest, statement)
)
self.resources_found = resources_found
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
response = client.describe_subnets(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from Subnets...", "HEADER")
for data in response["Subnets"]:
nametag = get_name_tag(data)
name = data["SubnetId"] if nametag is None else nametag
subnet_digest = ResourceDigest(id=data["SubnetId"],
type="aws_subnet")
resources_found.append(
Resource(
digest=subnet_digest,
name=name,
details="Subnet using CidrBlock {} and AZ {}".format(
data["CidrBlock"], data["AvailabilityZone"]),
group="network",
tags=resource_tags(data),
))
self.relations_found.append(
ResourceEdge(from_node=subnet_digest,
to_node=self.vpc_options.vpc_digest()))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("es")
resources_found = []
response = client.list_domain_names()
if self.vpc_options.verbose:
message_handler("Collecting data from Elasticsearch Domains...", "HEADER")
for data in response["DomainNames"]:
elasticsearch_domain = client.describe_elasticsearch_domain(
DomainName=data["DomainName"]
)
documentpolicy = elasticsearch_domain["DomainStatus"]["AccessPolicies"]
document = json.dumps(documentpolicy, default=datetime_to_string)
# check either vpc_id or potencial subnet ip are found
ipvpc_found = check_ipvpc_inpolicy(
document=document, vpc_options=self.vpc_options
)
# elasticsearch uses accesspolicies too, so check both situation
if (
elasticsearch_domain["DomainStatus"]["VPCOptions"]["VPCId"]
== self.vpc_options.vpc_id
or ipvpc_found is True
):
list_tags_response = client.list_tags(
ARN=elasticsearch_domain["DomainStatus"]["ARN"]
)
digest = ResourceDigest(
id=elasticsearch_domain["DomainStatus"]["DomainId"],
type="aws_elasticsearch_domain",
)
resources_found.append(
Resource(
digest=digest,
name=elasticsearch_domain["DomainStatus"]["DomainName"],
details="",
group="analytics",
tags=resource_tags(list_tags_response),
)
)
for subnet_id in elasticsearch_domain["DomainStatus"]["VPCOptions"][
"SubnetIds"
]:
self.relations_found.append(
ResourceEdge(
from_node=digest,
to_node=ResourceDigest(id=subnet_id, type="aws_subnet"),
)
)
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
vpc_response = client.describe_vpcs(VpcIds=[self.vpc_options.vpc_id])
return [
Resource(
digest=self.vpc_options.vpc_digest(),
name=self.vpc_options.vpc_id,
tags=resource_tags(vpc_response["Vpcs"][0]),
)
]
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("autoscaling")
resources_found = []
response = client.describe_auto_scaling_groups()
if self.vpc_options.verbose:
message_handler("Collecting data from Autoscaling Groups...", "HEADER")
for data in response["AutoScalingGroups"]:
asg_subnets = data["VPCZoneIdentifier"].split(",")
# Using subnet to check VPC
subnets = describe_subnet(
vpc_options=self.vpc_options, subnet_ids=asg_subnets
)
if subnets is not None:
# Iterate subnet to get VPC
for data_subnet in subnets["Subnets"]:
if data_subnet["VpcId"] == self.vpc_options.vpc_id:
asg_name = data["AutoScalingGroupName"]
digest = ResourceDigest(
id=asg_name, type="aws_autoscaling_group"
)
if "LaunchConfigurationName" in data:
details = "Using LaunchConfigurationName {0}".format(
data["LaunchConfigurationName"]
)
else:
details = "Using Launch Template"
resources_found.append(
Resource(
digest=digest,
name=asg_name,
details=details,
group="compute",
tags=resource_tags(data),
)
)
self.relations_found.append(
ResourceEdge(
from_node=digest,
to_node=ResourceDigest(
id=data_subnet["SubnetId"], type="aws_subnet"
),
)
)
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
response = client.describe_instances()
if self.vpc_options.verbose:
message_handler("Collecting data from EC2 Instances...", "HEADER")
for data in response["Reservations"]:
for instances in data["Instances"]:
if "VpcId" in instances:
if instances["VpcId"] == self.vpc_options.vpc_id:
nametag = get_name_tag(instances)
asg_name = get_tag(instances, "aws:autoscaling:groupName")
instance_name = (
instances["InstanceId"] if nametag is None else nametag
)
ec2_digest = ResourceDigest(
id=instances["InstanceId"], type="aws_instance"
)
resources_found.append(
Resource(
digest=ec2_digest,
name=instance_name,
details="",
group="compute",
tags=resource_tags(instances),
)
)
self.relations_found.append(
ResourceEdge(
from_node=ec2_digest,
to_node=ResourceDigest(
id=instances["SubnetId"], type="aws_subnet"
),
)
)
if asg_name is not None:
self.relations_found.append(
ResourceEdge(
from_node=ec2_digest,
to_node=ResourceDigest(
id=asg_name, type="aws_autoscaling_group"
),
)
)
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("mediaconnect")
resources_found = []
response = client.list_flows()
if self.vpc_options.verbose:
message_handler("Collecting data from Media Connect...", "HEADER")
for data in response["Flows"]:
tags_response = client.list_tags_for_resource(
ResourceArn=data["FlowArn"])
data_flow = client.describe_flow(FlowArn=data["FlowArn"])
if "VpcInterfaces" in data_flow["Flow"]:
for data_interfaces in data_flow["Flow"]["VpcInterfaces"]:
# Using subnet to check VPC
subnets = describe_subnet(
vpc_options=self.vpc_options,
subnet_ids=data_interfaces["SubnetId"],
)
if subnets is not None:
if subnets["Subnets"][0][
"VpcId"] == self.vpc_options.vpc_id:
digest = ResourceDigest(id=data["FlowArn"],
type="aws_media_connect")
resources_found.append(
Resource(
digest=digest,
name=data["Name"],
details=
"Flow using VPC {} in VPC Interface {}".
format(self.vpc_options.vpc_id,
data_interfaces["Name"]),
group="mediaservices",
tags=resource_tags(tags_response),
))
self.relations_found.append(
ResourceEdge(
from_node=digest,
to_node=ResourceDigest(
id=data_interfaces["SubnetId"],
type="aws_subnet",
),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("efs")
resources_found = []
# get filesystems available
response = client.describe_file_systems()
if self.vpc_options.verbose:
message_handler("Collecting data from EFS Mount Targets...",
"HEADER")
for data in response["FileSystems"]:
filesystem = client.describe_mount_targets(
FileSystemId=data["FileSystemId"])
nametag = get_name_tag(data)
filesystem_name = data[
"FileSystemId"] if nametag is None else nametag
# iterate filesystems to get mount targets
for datafilesystem in filesystem["MountTargets"]:
# Using subnet to check VPC
subnets = describe_subnet(
vpc_options=self.vpc_options,
subnet_ids=datafilesystem["SubnetId"])
if subnets is not None:
if subnets["Subnets"][0][
"VpcId"] == self.vpc_options.vpc_id:
digest = ResourceDigest(id=data["FileSystemId"],
type="aws_efs_file_system")
resources_found.append(
Resource(
digest=digest,
name=filesystem_name,
details="",
group="storage",
tags=resource_tags(data),
))
self.relations_found.append(
ResourceEdge(
from_node=digest,
to_node=ResourceDigest(
id=datafilesystem["SubnetId"],
type="aws_subnet"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("sagemaker")
resources_found = []
response = client.list_training_jobs()
if self.vpc_options.verbose:
message_handler("Collecting data from Sagemaker Training Job...",
"HEADER")
for data in response["TrainingJobSummaries"]:
tags_response = client.list_tags(
ResourceArn=data["TrainingJobArn"], )
training_job = client.describe_training_job(
TrainingJobName=data["TrainingJobName"])
if "VpcConfig" in training_job:
for subnets in training_job["VpcConfig"]["Subnets"]:
# Using subnet to check VPC
subnet = describe_subnet(vpc_options=self.vpc_options,
subnet_ids=subnets)
if subnet is not None:
if subnet["Subnets"][0][
"VpcId"] == self.vpc_options.vpc_id:
sagemaker_trainingjob_digest = ResourceDigest(
id=data["TrainingJobArn"],
type="aws_sagemaker_training_job",
)
resources_found.append(
Resource(
digest=sagemaker_trainingjob_digest,
name=data["TrainingJobName"],
details="",
group="ml",
tags=resource_tags(tags_response),
))
self.relations_found.append(
ResourceEdge(
from_node=sagemaker_trainingjob_digest,
to_node=ResourceDigest(id=subnets,
type="aws_subnet"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
response = client.describe_vpc_peering_connections()
if self.vpc_options.verbose:
message_handler("Collecting data from VPC Peering...", "HEADER")
for data in response["VpcPeeringConnections"]:
if (data["AccepterVpcInfo"]["VpcId"] == self.vpc_options.vpc_id
or data["RequesterVpcInfo"]["VpcId"]
== self.vpc_options.vpc_id):
nametag = get_name_tag(data)
name = data[
"VpcPeeringConnectionId"] if nametag is None else nametag
peering_digest = ResourceDigest(
id=data["VpcPeeringConnectionId"],
type="aws_vpc_peering_connection",
)
resources_found.append(
Resource(
digest=peering_digest,
name=name,
details=
"Vpc Peering Accepter OwnerId {}, Accepter Region {}, Accepter VpcId {} \
Requester OwnerId {}, Requester Region {}, \
Requester VpcId {}".
format(
data["AccepterVpcInfo"]["OwnerId"],
data["AccepterVpcInfo"]["Region"],
data["AccepterVpcInfo"]["VpcId"],
data["RequesterVpcInfo"]["OwnerId"],
data["RequesterVpcInfo"]["Region"],
data["RequesterVpcInfo"]["VpcId"],
),
group="network",
tags=resource_tags(data),
))
self.relations_found.append(
ResourceEdge(
from_node=peering_digest,
to_node=self.vpc_options.vpc_digest(),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("workspaces")
resources_found = []
response = client.describe_workspaces()
if self.vpc_options.verbose:
message_handler("Collecting data from Workspaces...", "HEADER")
for data in response["Workspaces"]:
# Get tag name
tags = client.describe_tags(ResourceId=data["WorkspaceId"])
nametag = get_name_tag(tags)
workspace_name = data["WorkspaceId"] if nametag is None else nametag
directory_service = self.vpc_options.client("ds")
directories = directory_service.describe_directories(
DirectoryIds=[data["DirectoryId"]])
for directorie in directories["DirectoryDescriptions"]:
if "VpcSettings" in directorie:
if directorie["VpcSettings"][
"VpcId"] == self.vpc_options.vpc_id:
workspace_digest = ResourceDigest(
id=data["WorkspaceId"], type="aws_workspaces")
resources_found.append(
Resource(
digest=workspace_digest,
name=workspace_name,
details="",
group="enduser",
tags=resource_tags(tags),
))
self.relations_found.append(
ResourceEdge(
from_node=workspace_digest,
to_node=ResourceDigest(
id=directorie["DirectoryId"],
type="aws_ds"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("kafka")
resources_found = []
# get all cache clusters
response = client.list_clusters()
if self.vpc_options.verbose:
message_handler("Collecting data from MSK Clusters...", "HEADER")
# iterate cache clusters to get subnet groups
for data in response["ClusterInfoList"]:
msk_subnets = ", ".join(data["BrokerNodeGroupInfo"]["ClientSubnets"])
ec2 = self.vpc_options.session.resource(
"ec2", region_name=self.vpc_options.region_name
)
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
subnets = ec2.subnets.filter(Filters=filters)
for subnet in list(subnets):
if subnet.id in msk_subnets:
digest = ResourceDigest(
id=data["ClusterArn"], type="aws_msk_cluster"
)
resources_found.append(
Resource(
digest=digest,
name=data["ClusterName"],
details="",
group="analytics",
tags=resource_tags(data),
)
)
self.relations_found.append(
ResourceEdge(
from_node=digest,
to_node=ResourceDigest(id=subnet.id, type="aws_subnet"),
)
)
break
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("sagemaker")
resources_found = []
response = client.list_notebook_instances()
if self.vpc_options.verbose:
message_handler(
"Collecting data from Sagemaker Notebook instances...",
"HEADER")
for data in response["NotebookInstances"]:
notebook_instance = client.describe_notebook_instance(
NotebookInstanceName=data["NotebookInstanceName"])
tags_response = client.list_tags(
ResourceArn=data["NotebookInstanceArn"], )
# Using subnet to check VPC
subnets = describe_subnet(vpc_options=self.vpc_options,
subnet_ids=notebook_instance["SubnetId"])
if subnets is not None:
if subnets["Subnets"][0]["VpcId"] == self.vpc_options.vpc_id:
sagemaker_notebook_digest = ResourceDigest(
id=data["NotebookInstanceArn"],
type="aws_sagemaker_notebook_instance",
)
resources_found.append(
Resource(
digest=sagemaker_notebook_digest,
name=data["NotebookInstanceName"],
details="",
group="ml",
tags=resource_tags(tags_response),
))
self.relations_found.append(
ResourceEdge(
from_node=sagemaker_notebook_digest,
to_node=ResourceDigest(
id=notebook_instance["SubnetId"],
type="aws_subnet"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.iot_options.client("iot")
resources_found = []
if self.iot_options.verbose:
message_handler("Collecting data from IoT Certificates...",
"HEADER")
for thing in self.iot_options.thing_name["things"]:
response = client.list_thing_principals(
thingName=thing["thingName"])
for data in response["principals"]:
if "cert/" in data:
lst_cert = data.split("/")
data_cert = client.describe_certificate(
certificateId=lst_cert[1])
tag_response = client.list_tags_for_resource(
resourceArn=data_cert["certificateDescription"]
["certificateArn"])
iot_cert_digest = ResourceDigest(
id=data_cert["certificateDescription"]
["certificateId"],
type="aws_iot_certificate",
)
resources_found.append(
Resource(
digest=iot_cert_digest,
name=data_cert["certificateDescription"]
["certificateId"],
details="",
group="iot",
tags=resource_tags(tag_response),
))
self.relations_found.append(
ResourceEdge(
from_node=iot_cert_digest,
to_node=ResourceDigest(id=thing["thingName"],
type="aws_iot_thing"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("emr")
resources_found = []
response = client.list_clusters()
if self.vpc_options.verbose:
message_handler("Collecting data from EMR Clusters...", "HEADER")
for data in response["Clusters"]:
cluster = client.describe_cluster(ClusterId=data["Id"])
# Using subnet to check VPC
subnets = describe_subnet(
vpc_options=self.vpc_options,
subnet_ids=cluster["Cluster"]["Ec2InstanceAttributes"]["Ec2SubnetId"],
)
if subnets is not None:
if subnets["Subnets"][0]["VpcId"] == self.vpc_options.vpc_id:
digest = ResourceDigest(id=data["Id"], type="aws_emr_cluster")
resources_found.append(
Resource(
digest=digest,
name=data["Name"],
details="",
group="compute",
tags=resource_tags(cluster["Cluster"]),
)
)
self.relations_found.append(
ResourceEdge(
from_node=digest,
to_node=ResourceDigest(
id=cluster["Cluster"]["Ec2InstanceAttributes"][
"Ec2SubnetId"
],
type="aws_subnet",
),
)
)
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("neptune")
resources_found = []
response = client.describe_db_instances(
Filters=[{"Name": "engine", "Values": ["neptune"]}]
)
if self.vpc_options.verbose:
message_handler("Collecting data from Neptune Instances...", "HEADER")
# iterate cache clusters to get subnet groups
for data in response["DBInstances"]:
if data["DBSubnetGroup"]["VpcId"] == self.vpc_options.vpc_id:
tags_response = client.list_tags_for_resource(
ResourceName=data["DBInstanceArn"]
)
neptune_digest = ResourceDigest(
id=data["DBInstanceArn"], type="aws_neptune_cluster"
)
subnet_ids = []
for subnet in data["DBSubnetGroup"]["Subnets"]:
subnet_ids.append(subnet["SubnetIdentifier"])
self.relations_found.append(
ResourceEdge(
from_node=neptune_digest,
to_node=ResourceDigest(
id=subnet["SubnetIdentifier"], type="aws_subnet"
),
)
)
resources_found.append(
Resource(
digest=neptune_digest,
name=data["DBInstanceIdentifier"],
details="Neptune using subnets {} and engine {}".format(
", ".join(subnet_ids), data["Engine"]
),
group="database",
tags=resource_tags(tags_response),
)
)
return resources_found
def get_resources(self) -> List[Resource]:
client = self.iot_options.client("iot")
resources_found = []
if self.iot_options.verbose:
message_handler("Collecting data from IoT Policies...", "HEADER")
for thing in self.iot_options.thing_name["things"]:
response = client.list_thing_principals(thingName=thing["thingName"])
for data in response["principals"]:
policies = client.list_principal_policies(principal=data)
for policy in policies["policies"]:
data_policy = client.get_policy(policyName=policy["policyName"])
tag_response = client.list_tags_for_resource(
resourceArn=data_policy["policyArn"]
)
iot_policy_digest = ResourceDigest(
id=data_policy["policyArn"], type="aws_iot_policy"
)
resources_found.append(
Resource(
digest=iot_policy_digest,
name=data_policy["policyName"],
details="",
group="iot",
tags=resource_tags(tag_response),
)
)
self.relations_found.append(
ResourceEdge(
from_node=iot_policy_digest,
to_node=ResourceDigest(
id=thing["thingName"], type="aws_iot_thing"
),
)
)
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
response = client.describe_nat_gateways(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from NAT Gateways...", "HEADER")
for data in response["NatGateways"]:
if data["VpcId"] == self.vpc_options.vpc_id and data[
"State"] != "deleted":
nametag = get_name_tag(data)
name = data["NatGatewayId"] if nametag is None else nametag
nat_digest = ResourceDigest(id=data["NatGatewayId"],
type="aws_nat_gateway")
resources_found.append(
Resource(
digest=nat_digest,
name=name,
details=
"NAT Gateway Private IP {}, Public IP {}, Subnet id {}"
.format(
data["NatGatewayAddresses"][0]["PrivateIp"],
data["NatGatewayAddresses"][0]["PublicIp"],
data["SubnetId"],
),
group="network",
tags=resource_tags(data),
))
self.relations_found.append(
ResourceEdge(
from_node=nat_digest,
to_node=ResourceDigest(id=data["SubnetId"],
type="aws_subnet"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.iot_options.client("iot")
resources_found = []
if self.iot_options.verbose:
message_handler("Collecting data from IoT Billing Group...",
"HEADER")
for thing in self.iot_options.thing_name["things"]:
response = client.describe_thing(thingName=thing["thingName"])
billing_groups = client.list_billing_groups()
for billing_group in billing_groups["billingGroups"]:
# billingGroupName is not mandatory in IoT Thing
if "billingGroupName" in response:
if billing_group["groupName"] == response[
"billingGroupName"]:
iot_billing_group_digest = ResourceDigest(
id=billing_group["groupArn"],
type="aws_iot_billing_group")
tag_response = client.list_tags_for_resource(
resourceArn=billing_group["groupArn"])
resources_found.append(
Resource(
digest=iot_billing_group_digest,
name=billing_group["groupName"],
details="",
group="iot",
tags=resource_tags(tag_response),
))
self.relations_found.append(
ResourceEdge(
from_node=iot_billing_group_digest,
to_node=ResourceDigest(id=thing["thingName"],
type="aws_iot_thing"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.iot_options.client("iot")
resources_found = []
if self.iot_options.verbose:
message_handler("Collecting data from IoT Jobs...", "HEADER")
for thing in self.iot_options.thing_name["things"]:
client.describe_thing(thingName=thing["thingName"])
jobs = client.list_jobs()
for job in jobs["jobs"]:
data_job = client.describe_job(jobId=job["jobId"])
# Find THING name in targets things
for target in data_job["job"]["targets"]:
if thing["thingName"] in target:
iot_job_digest = ResourceDigest(id=job["jobId"],
type="aws_iot_job")
tag_response = client.list_tags_for_resource(
resourceArn=job["jobArn"])
resources_found.append(
Resource(
digest=iot_job_digest,
name=job["jobId"],
details="",
group="iot",
tags=resource_tags(tag_response),
))
self.relations_found.append(
ResourceEdge(
from_node=iot_job_digest,
to_node=ResourceDigest(id=thing["thingName"],
type="aws_iot_thing"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("medialive")
resources_found = []
response = client.list_inputs()
if self.vpc_options.verbose:
message_handler("Collecting data from Media Live Inputs...",
"HEADER")
for data in response["Inputs"]:
tags_response = client.list_tags_for_resource(
ResourceArn=data["Arn"])
for destinations in data["Destinations"]:
if "Vpc" in destinations:
# describe networkinterface to get VpcId
ec2 = self.vpc_options.client("ec2")
eni = ec2.describe_network_interfaces(NetworkInterfaceIds=[
destinations["Vpc"]["NetworkInterfaceId"]
])
if eni["NetworkInterfaces"][0][
"VpcId"] == self.vpc_options.vpc_id:
digest = ResourceDigest(id=data["Arn"],
type="aws_media_live")
resources_found.append(
Resource(
digest=digest,
name="Input " + destinations["Ip"],
details="",
group="mediaservices",
tags=resource_tags(tags_response),
))
self.relations_found.append(
ResourceEdge(
from_node=digest,
to_node=self.vpc_options.vpc_digest(),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("elbv2")
resources_found = []
response = client.describe_load_balancers()
if self.vpc_options.verbose:
message_handler(
"Collecting data from Application Load Balancers...", "HEADER")
for data in response["LoadBalancers"]:
if data["VpcId"] == self.vpc_options.vpc_id:
tags_response = client.describe_tags(
ResourceArns=[data["LoadBalancerArn"]])
elb_digest = ResourceDigest(id=data["LoadBalancerName"],
type="aws_elb")
subnet_ids = []
for availabilityZone in data["AvailabilityZones"]:
subnet_ids.append(availabilityZone["SubnetId"])
self.relations_found.append(
ResourceEdge(
from_node=elb_digest,
to_node=ResourceDigest(
id=availabilityZone["SubnetId"],
type="aws_subnet"),
))
resources_found.append(
Resource(
digest=elb_digest,
name=data["LoadBalancerName"],
details="",
group="network",
tags=resource_tags(
tags_response["TagDescriptions"][0]),
))
return resources_found
def add_customer_gateway(self, client, connection_digest, resources,
vpn_connection):
customer_gateway_id = vpn_connection["CustomerGatewayId"]
vcw_gateway_response = client.describe_customer_gateways(
CustomerGatewayIds=[customer_gateway_id])
vcw_gateway_digest = ResourceDigest(id=customer_gateway_id,
type="aws_customer_gateway")
vcw_nametag = get_name_tag(vcw_gateway_response["CustomerGateways"][0])
vcw_name = customer_gateway_id if vcw_nametag is None else vcw_nametag
resources.append(
Resource(
digest=vcw_gateway_digest,
name=vcw_name,
group="network",
tags=resource_tags(
vcw_gateway_response["CustomerGateways"][0]),
))
self.relations_found.append(
ResourceEdge(from_node=connection_digest,
to_node=vcw_gateway_digest))
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
response = client.describe_network_acls(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from NACLs...", "HEADER")
for data in response["NetworkAcls"]:
nacl_digest = ResourceDigest(id=data["NetworkAclId"],
type="aws_network_acl")
subnet_ids = []
for subnet in data["Associations"]:
subnet_ids.append(subnet["SubnetId"])
self.relations_found.append(
ResourceEdge(
from_node=nacl_digest,
to_node=ResourceDigest(id=subnet["SubnetId"],
type="aws_subnet"),
))
nametag = get_name_tag(data)
name = data["NetworkAclId"] if nametag is None else nametag
resources_found.append(
Resource(
digest=nacl_digest,
name=name,
details="NACL using Subnets {}".format(
", ".join(subnet_ids)),
group="network",
tags=resource_tags(data),
))
return resources_found
