def monitor(event, context): """ This method looks for iam data and reports 4 different kinds of data into 4 different JSON files stored in s3 """ arns = parseArnsString(READER_ROLE_ARNS) # gather iamData iamData = getAllIAMData() for arn in arns: additionalIamData = getAllIAMData(arn) iamData['users'] += additionalIamData['users'] iamData['groups'] += additionalIamData['groups'] iamData['roles'] += additionalIamData['roles'] iamData['policies'] += additionalIamData['policies'] # report each type of data s3Client = getSession().resource("s3") reportName = datetime.datetime.utcnow().isoformat( ) + '.json' # same report name for each data type for typeOfIamData in iamData: # get s3 key and body key = S3_MONITORING_PATH + f"/{typeOfIamData}/" + reportName body = json.dumps(iamData[typeOfIamData], default=datetimeSerializer).encode("utf-8") # save to s3 logger.info( f"creating new monitoring report at s3://{S3_BUCKET_NAME}/{key}") s3Client.Bucket(S3_BUCKET_NAME).put_object(Key=key, Body=body) return "finished monitoring."
def monitor(event, context): """ This method looks for security groups and reports any found groups to a json file in s3. """ arns = parseArnsString(READER_ROLE_ARNS) # get groups groups = getAllSecurityGroups() # defaults to current account for arn in arns: groups += getAllSecurityGroups(arn) if len(groups) is 0: logger.warning("no security groups found") return # get s3 key and body key = S3_MONITORING_PATH + '/' + datetime.datetime.utcnow().isoformat( ) + '.json' body = json.dumps(groups, default=datetimeSerializer).encode("utf-8") # save to s3 logger.info( f"creating new monitoring report at s3://{S3_BUCKET_NAME}/{key}") s3 = getSession().resource("s3") s3.Bucket(S3_BUCKET_NAME).put_object(Key=key, Body=body) return "finished monitoring."
def monitor(event, context): """ This method looks for elastic load balancers and reports any found elbs to a json file in s3. """ arns = parseArnsString(READER_ROLE_ARNS) # get elbs v1ELBs = getAllV1ELBs() v2ELBs = getAllV2ELBs() elbs = [] + v1ELBs + v2ELBs for arn in arns: elbs += getAllV1ELBs(arn) + getAllV2ELBs(arn) if len(elbs) is 0: logger.warning("no elastic load balancers found") return # get s3 key and body key = S3_MONITORING_PATH + '/' + datetime.datetime.utcnow().isoformat( ) + '.json' body = json.dumps(elbs, default=datetimeSerializer).encode("utf-8") # save to s3 logger.info( f"creating new monitoring report at s3://{S3_BUCKET_NAME}/{key}") s3 = getSession().resource("s3") s3.Bucket(S3_BUCKET_NAME).put_object(Key=key, Body=body) return "finished monitoring."
def monitor(event, context): """ This method looks for iam data and reports 4 different kinds of data into 4 different JSON files stored in s3 """ arns = parseArnsString(READER_ROLE_ARNS) # gather iamData iamData = getAllIAMData() for arn in arns: additionalIamData = getAllIAMData(arn) iamData['users'] += additionalIamData['users'] iamData['groups'] += additionalIamData['groups'] iamData['roles'] += additionalIamData['roles'] iamData['policies'] += additionalIamData['policies'] # convert to valid json strings userJsonStrings = [ json.dumps(user, default=datetimeSerializer).encode("utf-8") for user in iamData['users'] ] groupJsonStrings = [ json.dumps(group, default=datetimeSerializer).encode("utf-8") for group in iamData['groups'] ] roleJsonStrings = [ json.dumps(role, default=datetimeSerializer).encode("utf-8") for role in iamData['roles'] ] policyJsonStrings = [ json.dumps(policy, default=datetimeSerializer).encode("utf-8") for policy in iamData['policies'] ] # create valid insert data for fivetran response monitored_time = datetime.datetime.utcnow().isoformat() iamInsertData = { 'IAM_USERS': [{ 'RAW_DATA': json.loads(jsonString), 'SNOWWATCH_MONITORED_TIME_UTC': monitored_time } for jsonString in userJsonStrings], 'IAM_GROUPS': [{ 'RAW_DATA': json.loads(jsonString), 'SNOWWATCH_MONITORED_TIME_UTC': monitored_time } for jsonString in groupJsonStrings], 'IAM_ROLES': [{ 'RAW_DATA': json.loads(jsonString), 'SNOWWATCH_MONITORED_TIME_UTC': monitored_time } for jsonString in roleJsonStrings], 'IAM_POLICIES': [{ 'RAW_DATA': json.loads(jsonString), 'SNOWWATCH_MONITORED_TIME_UTC': monitored_time } for jsonString in policyJsonStrings] } # return monitoring results to fivetran response = {'state': 0, 'hasMore': False, 'insert': iamInsertData} return response
def monitor(event, context): """ This method looks for elastic load balancers and reports any found elbs to a json file in s3. """ arns = parseArnsString(READER_ROLE_ARNS) # get elbs v1ELBs = getAllV1ELBs() v2ELBs = getAllV2ELBs() elbs = [] + v1ELBs + v2ELBs for arn in arns: elbs += getAllV1ELBs(arn) + getAllV2ELBs(arn) # convert to valid json strings jsonStrings = [ json.dumps(elb, default=datetimeSerializer).encode("utf-8") for elb in elbs ] # create valid insert data for fivetran response monitored_time = datetime.datetime.utcnow().isoformat() fivetranInserts = [{ 'RAW_DATA': json.loads(jsonString), 'SNOWWATCH_MONITORED_TIME_UTC': monitored_time } for jsonString in jsonStrings] # return monitoring results to fivetran response = { 'state': 0, 'hasMore': False, 'insert': { 'elastic_load_balancers': fivetranInserts } } return response
def monitor(event, context): """ This method looks for ec2 instances in each AWS account to be monitored and reports any found instances to a json file in s3. """ arns = parseArnsString(READER_ROLE_ARNS) instances = getAllInstances( ) # monitor for current account with no role arn for arn in arns: instances += getAllInstances(arn) # convert to valid json strings jsonStrings = [ json.dumps(instance, default=datetimeSerializer).encode("utf-8") for instance in instances ] # create valid insert data for fivetran response monitored_time = datetime.datetime.utcnow().isoformat() fivetranInserts = [{ 'RAW_DATA': json.loads(jsonString), 'SNOWWATCH_MONITORED_TIME_UTC': monitored_time } for jsonString in jsonStrings] # return monitoring results to fivetran response = { 'state': 0, 'hasMore': False, 'insert': { 'ec2_instances': fivetranInserts } } return response
def monitor(event, context): """ This method looks for security groups and reports any found groups to a json file in s3. """ arns = parseArnsString(READER_ROLE_ARNS) # get groups groups = getAllSecurityGroups() # defaults to current account for arn in arns: groups += getAllSecurityGroups(arn) # convert to valid json strings jsonStrings = [ json.dumps(group, default=datetimeSerializer).encode("utf-8") for group in groups ] # create valid insert data for fivetran response monitored_time = datetime.datetime.utcnow().isoformat() fivetranInserts = [ { 'RAW_DATA': json.loads(jsonString), 'SNOWWATCH_MONITORED_TIME_UTC': monitored_time } for jsonString in jsonStrings ] # return monitoring results to fivetran response = { 'state': 0, 'hasMore': False, 'insert': { 'security_groups': fivetranInserts } } return response