def get_lambda_inventory(oId, profile): """ Returns lambda inventory. :param oId: ownerId (AWS account) :type oId: string :param profile: configuration profile name used for session :type profile: string :return: lambda inventory :rtype: json .. note:: http://boto3.readthedocs.io/en/latest/reference/services/lambda.html """ return glob.get_inventory(ownerId=oId, profile=profile, aws_service="lambda", aws_region="all", function_name="list_functions", key_get="Functions", pagination=True)
def get_es_inventory(oId): """ Returns Elasticsearch details :param oId: ownerId (AWS account) :type oId: string :return: Elasticsearch inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/es.html """ return glob.get_inventory(ownerId=oId, aws_service="es", aws_region="all", function_name="list_domain_names", key_get="DomainNames", join_key="DomainName", detail_join_key="DomainName", detail_function="describe_elasticsearch_domain", detail_get_key="DomainStatus")
def get_ec2_inventory(oId, profile): """ Returns ec2 inventory, without any analysis or any formatting :param oId: ownerId (AWS account) :type oId: string :param profile: configuration profile name used for session :type profile: string :return: ec2 inventory :rtype: json .. note:: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html """ return glob.get_inventory(ownerId=oId, profile=profile, aws_service="ec2", aws_region="all", function_name="describe_instances", key_get="Reservations", pagination=True)
def get_apigateway_inventory(oId, profile): """ Returns API Gateway inventory :param oId: ownerId (AWS account) :type oId: string :param profile: configuration profile name used for session :type profile: string :return: API Gateway inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/apigateway.html ..todo:: add --> plans, api keys, custom domain names, client certificates, vpc links """ return glob.get_inventory(ownerId=oId, profile=profile, aws_service="apigateway", aws_region="all", function_name="get_rest_apis", key_get="items", pagination=True)
def get_elbv2_inventory(oId, profile): """ Returns ELBv2 inventory :param oId: ownerId (AWS account) :type oId: string :param profile: configuration profile name used for session :type profile: string :return: ELBv2 inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html """ return glob.get_inventory(ownerId=oId, profile=profile, aws_service="elbv2", aws_region="all", function_name="describe_load_balancers", key_get="LoadBalancers", pagination=True)
def get_cloudfront_inventory(oId): """ Returns cloudfront inventory :param oId: ownerId (AWS account) :type oId: string :return: Cloudfront inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/cloudfront.html """ return glob.get_inventory( ownerId = oId, aws_service = "cloudfront", aws_region = "all", function_name = "list_distributions", key_get = "Items", pagination = True )
def get_rds_inventory(oId, profile): """ Returns RDS inventory :param oId: ownerId (AWS account) :type oId: string :param profile: configuration profile name used for session :type profile: string :return: RDS inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/rds.html """ return glob.get_inventory(ownerId=oId, profile=profile, aws_service="rds", aws_region="all", function_name="describe_db_instances", key_get="DBInstances", pagination=True)
def get_datapipeline_inventory(oId): """ Returns datapipeline details :param oId: ownerId (AWS account) :type oId: string :return: datapipeline inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/datapipeline.html """ return glob.get_inventory(ownerId=oId, aws_service="datapipeline", aws_region="all", function_name="list_pipelines", key_get="pipelineIdList", pagination=True, join_key="id", detail_join_key="pipelineId", detail_function="get_pipeline_definition", detail_get_key="")
def get_kms_inventory(oId): """ Returns keys managed by KMS (global) :param oId: ownerId (AWS account) :type oId: string :return: KMS inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/kms.html """ return glob.get_inventory(ownerId=oId, aws_service="kms", aws_region="all", function_name="list_keys", key_get="Keys", detail_function="describe_key", join_key="KeyId", detail_join_key="KeyId", detail_get_key="KeyMetadata", pagination=True)
def get_cloudformation_inventory(oId): """ Returns cloudformation inventory (if the region is avalaible) :param oId: ownerId (AWS account) :type oId: string :return: cloudformation inventory :rtype: json .. note:: https://boto3.readthedocs.io/en/latest/reference/services/cloudformation.html """ return glob.get_inventory(ownerId=oId, aws_service="cloudformation", aws_region="all", function_name="describe_stacks", key_get="Stacks", detail_function="describe_stack_resources", join_key="StackName", detail_join_key="StackName", detail_get_key="", pagination=True)
def get_elb_inventory(oId): """ Returns ELB inventory :param oId: ownerId (AWS account) :type oId: string :return: ELB inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/elb.html """ return glob.get_inventory( ownerId = oId, aws_service = "elb", aws_region = "all", function_name = "describe_load_balancers", key_get = "LoadBalancerDescriptions", pagination = True )
def get_storagegateway_inventory(oId): """ Returns Storage gateway inventory :param oId: ownerId (AWS account) :type oId: string :return: Storage gateway inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/storagegateway.html """ return glob.get_inventory(ownerId=oId, aws_service="storagegateway", aws_region="all", function_name="list_gateways", key_get="Gateways", detail_function="describe_gateway_information", detail_get_key="", join_key="GatewayARN", detail_join_key="GatewayARN", pagination=True)
def get_neptune_inventory(oId): """ Returns neptune inventory (instances & clusters). Instances are listed in RDS inventory. :param oId: ownerId (AWS account) :type oId: string :return: neptune inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/neptune.html """ neptune_inventory = {} neptune_inventory['clusters'] = glob.get_inventory( ownerId=oId, aws_service="neptune", aws_region="all", function_name="describe_db_clusters", key_get="DBClusters") return neptune_inventory
def get_cloudsearch_inventory(oId, profile): """ Returns cloudsearch details :param oId: ownerId (AWS account) :type oId: string :param profile: configuration profile name used for session :type profile: string :return: cloudsearch inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/cloudsearch.html """ return glob.get_inventory( ownerId = oId, profile = profile, aws_service = "cloudsearch", aws_region = "all", function_name = "describe_domains", key_get = "DomainStatusList" )
def get_cloudtrail_inventory(oId, profile): """ Returns cloudtrail inventory (if the region is avalaible) :param oId: ownerId (AWS account) :type oId: string :param profile: configuration profile name used for session :type profile: string :return: cloudtrail inventory :rtype: json .. note:: https://boto3.readthedocs.io/en/latest/reference/services/cloudtrail.html """ return glob.get_inventory( ownerId = oId, profile = profile, aws_service = "cloudtrail", aws_region = "all", function_name = "describe_trails", key_get = "trailList" )
def get_dynamodb_inventory(oId): """ Returns dynamoDB inventory :param oId: ownerId (AWS account) :type oId: string :return: dynamoDB inventory :rtype: json ..note:: http://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html """ return glob.get_inventory(ownerId=oId, aws_service="dynamodb", aws_region="all", function_name="list_tables", key_get="TableNames", detail_function="describe_table", join_key="TableName", detail_join_key="TableName", detail_get_key="Table", pagination=True)
def get_s3_inventory(oId, profile): """ Returns S3 quick inventory :param oId: ownerId (AWS account) :type oId: string :param profile: configuration profile name used for session :type profile: string :return: S3 inventory :rtype: json ..note:: #http://boto3.readthedocs.io/en/latest/reference/services/s3.html#client """ inventory = [] bucket_list = glob.get_inventory( ownerId = oId, profile = profile, aws_service = "s3", aws_region = "global", function_name = "list_buckets", key_get = "Buckets" ) # S3 needs some analysis (website, size) session = boto3.Session(profile_name=profile) s3 = session.client("s3") if len(bucket_list) > 0: for bucket in bucket_list: bucket_name = bucket['Name'] # Check if a website if configured; if yes, it could lead to a DLP issue try: has_website = 'unknown' has_website = s3.get_bucket_website(Bucket = bucket_name) del has_website['ResponseMetadata'] except ClientError as ce: if 'NoSuchWebsiteConfiguration' in ce.args[0]: has_website = 'no' bucket['website'] = has_website # Tags try: bucket['tags'] = s3.get_bucket_tagging(Bucket = bucket_name).get('TagSet') except: pass # ACL try: acl = s3.get_bucket_acl(Bucket = bucket_name) del acl['ResponseMetadata'] bucket['acl'] = acl except: pass # Policy try: policy = "no" policy = json.JSONDecoder().decode(s3.get_bucket_policy(Bucket = bucket_name).get('Policy')) del policy['ResponseMetadata'] except: pass bucket['policy'] = policy # Encryption try: encrypt = "no" encrypt = s3.get_bucket_encryption(Bucket = bucket_name) del encrypt['ResponseMetadata'] except: pass bucket['encryption'] = encrypt # Other bucket['location'] = s3.get_bucket_location(Bucket = bucket_name).get('LocationConstraint') # Summarize nb of objets and total size (for the current bucket) paginator = s3.get_paginator('list_objects_v2') nbobj = 0 size = 0 #page_objects = paginator.paginate(Bucket=bucketname,PaginationConfig={'MaxItems': 10}) page_objects = paginator.paginate(Bucket = bucket_name) for objects in page_objects: try: nbobj += len(objects['Contents']) for obj in objects['Contents']: size += obj['Size'] except: pass bucket['number_of_objects'] = nbobj bucket['total_size'] = size inventory.append(bucket) return inventory