def lambda_handler(event: Dict[str, Any], context: Any) -> None:
"""Entrypoint"""
root = logging.getLogger()
if root.handlers:
for handler in root.handlers:
root.removeHandler(handler)
account_scan_plan_dict = get_required_lambda_event_var(
event, "account_scan_plan")
account_scan_plan = AccountScanPlan.from_dict(account_scan_plan_dict)
scan_id = get_required_lambda_event_var(event, "scan_id")
artifact_path = get_required_lambda_event_var(event, "artifact_path")
max_svc_scan_threads = get_required_lambda_event_var(
event, "max_svc_scan_threads")
preferred_account_scan_regions = get_required_lambda_event_var(
event, "preferred_account_scan_regions")
scan_sub_accounts = get_required_lambda_event_var(event,
"scan_sub_accounts")
artifact_writer = ArtifactWriter.from_artifact_path(
artifact_path=artifact_path, scan_id=scan_id)
account_scanner = AccountScanner(
account_scan_plan=account_scan_plan,
artifact_writer=artifact_writer,
max_svc_scan_threads=max_svc_scan_threads,
preferred_account_scan_regions=preferred_account_scan_regions,
scan_sub_accounts=scan_sub_accounts,
)
scan_results_dict = account_scanner.scan()
scan_results_str = json.dumps(scan_results_dict, default=json_encoder)
json_results = json.loads(scan_results_str)
return json_results
def local_account_scan(
account_scan_plan_dict: Dict[str, Any], scan_sub_accounts: bool, output_dir: Path
) -> Dict[str, Any]:
"""Scan an account.
Args:
account_scan_plan_dict: AccountScanPlan data defining the scan
scan_sub_accounts: if True, scan subaccounts of any org master accounts
output_dir: output artifats to this Path
"""
artifact_writer = FileArtifactWriter(output_dir=output_dir)
account_scan_plan = AccountScanPlan.from_dict(account_scan_plan_dict=account_scan_plan_dict)
account_scanner = AccountScanner(
account_id=account_scan_plan.account_id,
regions=account_scan_plan.regions,
get_session=account_scan_plan.get_session,
artifact_writer=artifact_writer,
scan_sub_accounts=scan_sub_accounts,
max_svc_threads=DEFAULT_MAX_SVC_THREADS,
)
return account_scanner.scan()
def lambda_handler(event, context):
account_scan_plan_dict = get_required_lambda_event_var(
event, "account_scan_plan")
account_scan_plan = AccountScanPlan.from_dict(account_scan_plan_dict)
json_bucket = get_required_lambda_event_var(event, "json_bucket")
key_prefix = get_required_lambda_event_var(event, "key_prefix")
scan_sub_accounts = get_required_lambda_event_var(event,
"scan_sub_accounts")
artifact_writer = S3ArtifactWriter(bucket=json_bucket,
key_prefix=key_prefix)
account_scanner = AccountScanner(
account_id=account_scan_plan.account_id,
regions=account_scan_plan.regions,
get_session=account_scan_plan.get_session,
artifact_writer=artifact_writer,
scan_sub_accounts=scan_sub_accounts,
max_svc_threads=DEFAULT_MAX_SVC_THREADS,
)
scan_results_dict = account_scanner.scan()
scan_results_str = json.dumps(scan_results_dict, default=json_encoder)
json_results = json.loads(scan_results_str)
return json_results
def local_account_scan(
scan_id: str,
account_scan_plan_dict: Dict[str, Any],
config: Config,
) -> List[Dict[str, Any]]:
"""Scan a set of accounts.
Args:
account_scan_plan_dict: AccountScanPlan defining the scan
config: Config object
"""
artifact_writer = ArtifactWriter.from_artifact_path(
artifact_path=config.artifact_path, scan_id=scan_id)
account_scan_plan = AccountScanPlan.from_dict(
account_scan_plan_dict=account_scan_plan_dict)
account_scanner = AccountScanner(
account_scan_plan=account_scan_plan,
artifact_writer=artifact_writer,
max_svc_scan_threads=config.concurrency.max_svc_scan_threads,
preferred_account_scan_regions=config.scan.
preferred_account_scan_regions,
scan_sub_accounts=config.scan.scan_sub_accounts,
)
return account_scanner.scan()