def setup_subscriptions(account_id, environment_id, trails_configuration, sourceAccountSession, targetAccountSession): prefix = "Setting up CloudTrails subscriptions for environment %s:" % environment_id regions = trails_configuration.keys() if not len(regions): return trails_configuration progress = Progress( len(regions), prefix + "\t\t") for region in regions: trail = trails_configuration.pop(region) try: trails_configuration[region] = aws_setup_subscription( account_id, environment_id, trail, sourceAccountSession, targetAccountSession, progress) except Exception as e: print "Error: %s" % (e) # details = e.args[0] # trails_configuration[u'invalid_trails'][region] = details['reason'] progress.report() progress.done() return trails_configuration
def main(): args = get_user_input() targetAccountSession = args.profile and boto3.session.Session(profile_name = args.profile) or None sourceAccountSession = args.source_profile and boto3.session.Session(profile_name = args.source_profile) or None # # Connect to CloudInsight # ci = CI_API(args.user, args.password, account_id = args.account, locality = args.locality) print "Successfully logged in into CloudInsight. Account: %s(%s), User: %s" % \ (ci.auth_account_name, ci.auth_account_id, ci.auth_user_name) # # Load configuration file # config = {} environments = [] with open(args.config) as data_file: config = json.load(data_file) if u'role' not in config: raise Exception("Missing 'role' attribute in '%s' configuration file" % (args.config)) if u'external_id' not in config: raise Exception("Missing 'external_id' attribute in '%s' configuration file" % (args.config)) if u'trails' not in config and u'regions' not in config : raise Exception("Missing 'trails' and 'regions' configuration in '%s' configuration file" % (args.config)) role_arn = config[u'role'] external_id = config[u'external_id'] if u'environments' in config: environments = config[u'environments'] elif u'aws_account_id' in config: environments = ci.get_environments(config[u'aws_account_id']) # # Get CloudInsight Credential ID for the specified role # credential_id = get_credential(ci, role_arn, external_id)[u'credential'][u'id'] print "Obtained credential id for '%s' role" % (role_arn) # # Get sources for environments specified in the configuration file # sources = [] trails = {} progress = Progress( len(config[u'regions']), "Validating configuration.\t\t\t\t\t\t\t\t\t\t") for region_name, region_config in config[u'regions'].iteritems(): progress.report() if region_config[u'type'] == u'queue': if not u'queue' in region_config: raise Exception("Invalid config file. 'queue' property is missing for '%s' region" % region_name) if targetAccountSession and not validate_queue(region_name, region_config[u'queue'], targetAccountSession): raise Exception("Invalid config file. '%s' queue doesn't exist in '%s' region in '%s' AWS Account." %\ (region_config[u'queue'], region_name, get_account_id(targetAccountSession) ) ) bucket_region = u'bucket_region' in region_config and region_config[u'bucket_region'] or u'us-east-1' for environment_id in environments: result = ci.get_sources(environment_id = environment_id, region = region_name) sources.append(update_source_config( len(result) and result[0] or None, ci.account_id, environment_id, region_name, credential_id = credential_id, bucket_region = bucket_region, queue = get_queue_name(region_config[u'queue']))) elif region_config[u'type'] == u'trail': if u'trail' not in region_config or not region_config[u'trail']: raise Exception("Invalid config file. 'trail' property is missing '%s' region" % region_name) trail = get_cloud_trail_configuration( region_name, region_config[u'trail'], sourceAccountSession, targetAccountSession) if trail: trails[region_name] = trail progress.done() # # Setup CloudTrail subscriptions # for environment_id in environments: trails_configuration = setup_subscriptions( args.account, environment_id, trails, sourceAccountSession, targetAccountSession) for region_name, trail_configuration in trails_configuration.iteritems(): result = ci.get_sources(environment = environment_id, region = region_name) sources.append(update_source_config( len(result) and result[0] or None, ci.account_id, environment_id, region_name, credential_id = credential_id, bucket_region = trail_configuration[u'bucket_region'], queue = trail_configuration[u'sqs_queue_name'])) # # Create CloudInsight sources # for source in sources: print "Updating '%s' source in '%s' environment." %\ (source[u'source'][u'name'], source[u'source'][u'environment']) ci.create_source(source) print "Successfully updated CloudInsight configuration." print_instructions(role_arn)