def list_from_aws(cls: Type["RDSInstanceResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
logger = Logger()
dbinstances = {}
paginator = client.get_paginator("describe_db_instances")
for resp in paginator.paginate():
for db in resp.get("DBInstances", []):
resource_arn = db["DBInstanceArn"]
db["Tags"] = client.list_tags_for_resource(
ResourceName=resource_arn).get("TagList", [])
db["Backup"] = []
dbinstances[resource_arn] = db
backup_paginator = client.get_paginator(
"describe_db_instance_automated_backups")
for resp in backup_paginator.paginate():
for backup in resp.get("DBInstanceAutomatedBackups", []):
if backup["DBInstanceArn"] in dbinstances:
dbinstances[backup["DBInstanceArn"]]["Backup"].append(
backup)
else:
logger.info(
event=AWSLogEvents.ScanAWSResourcesNonFatalError,
msg=
(f'Unable to find matching DB Instance {backup["DBInstanceArn"]} '
"(Possible Deletion)"),
)
return ListFromAWSResult(resources=dbinstances)
def list_from_aws(
cls: Type["TransitGatewayResourceSpec"], client: BaseClient, account_id: str, region: str
) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'tgw_1_arn': {tgw_1_dict},
'tgw_2_arn': {tgw_2_dict},
...}
Where the dicts represent results from describe_transit_gateways."""
tgws = {}
paginator = client.get_paginator("describe_transit_gateways")
tgw_filters = [{"Name": "owner-id", "Values": [account_id]}]
for resp in paginator.paginate(Filters=tgw_filters):
for tgw in resp["TransitGateways"]:
resource_arn = tgw["TransitGatewayArn"]
vpc_attachments: List[Dict[str, Any]] = []
vpc_attachments_paginator = client.get_paginator(
"describe_transit_gateway_attachments"
)
vpc_filters = [
{"Name": "transit-gateway-id", "Values": [tgw["TransitGatewayId"]]},
{"Name": "resource-type", "Values": ["vpc"]},
]
for vpc_attachments_resp in vpc_attachments_paginator.paginate(Filters=vpc_filters):
vpc_attachments += vpc_attachments_resp["TransitGatewayAttachments"]
tgw["VPCAttachments"] = vpc_attachments
tgws[resource_arn] = tgw
return ListFromAWSResult(resources=tgws)
def list_from_aws(
cls: Type["ClassicLoadBalancerResourceSpec"],
client: BaseClient,
account_id: str,
region: str,
) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'lb_1_arn': {lb_1_dict},
'lb_2_arn': {lb_2_dict},
...}
Where the dicts represent results from describe_load_balancers."""
paginator = client.get_paginator("describe_load_balancers")
load_balancers = {}
for resp in paginator.paginate():
for lb in resp["LoadBalancerDescriptions"]:
lb_name = lb["LoadBalancerName"]
resource_arn = cls.generate_arn(account_id=account_id,
region=region,
resource_id=lb_name)
try:
lb_attrs = cls.get_lb_attrs(client, lb_name)
lb.update(lb_attrs)
lb["Type"] = "classic"
load_balancers[resource_arn] = lb
except ClientError as c_e:
if (getattr(c_e, "response", {}).get("Error", {}).get(
"Code", {}) != "LoadBalancerNotFound"):
raise c_e
return ListFromAWSResult(resources=load_balancers)
def list_from_aws(cls: Type["OUResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'ou_1_arn': {ou_1_dict},
'ou_2_arn': {ou_2_dict},
...}
Where the dicts represent results from list_organizational_units_for_parent
with some additional info 'Path') tagged on."""
org_resp = client.describe_organization()
org_arn = org_resp["Organization"]["Arn"]
ous = {}
paginator = client.get_paginator("list_roots")
for resp in paginator.paginate():
for root in resp["Roots"]:
root_id, root_arn = root["Id"], root["Arn"]
root_path = f"/{root['Name']}"
ous[root_arn] = root
ous[root_arn]["OrganizationArn"] = org_arn
ous[root_arn]["Path"] = root_path
ou_details = cls._recursively_get_ou_details_for_parent(
client=client, parent_id=root_id, parent_path=root_path)
for ou_detail in ou_details:
arn = ou_detail["Arn"]
ou_detail["OrganizationArn"] = org_arn
ous[arn] = ou_detail
return ListFromAWSResult(resources=ous)
def list_from_aws(
cls: Type["OrgsAccountResourceSpec"], client: BaseClient, account_id: str, region: str
) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'ou_1_arn': {org_1_dict},
'ou_2_arn': {org_2_dict},
...}
Where the dicts represent results from list_accounts_for_parent."""
org_resp = client.describe_organization()
org_arn = org_resp["Organization"]["Arn"]
# get all ou ids and arns as a dict
ou_ids_arns = get_ou_ids_arns(client)
# now look up accounts for each ou
orgs_accounts = {}
accounts_paginator = client.get_paginator("list_accounts_for_parent")
for parent_id, parent_arn in ou_ids_arns.items():
for accounts_resp in accounts_paginator.paginate(ParentId=parent_id):
for account in accounts_resp["Accounts"]:
account_id = account["Id"]
account_arn = f"arn:aws::::account/{account_id}"
account["OrganizationArn"] = org_arn
account["OUArn"] = parent_arn
orgs_accounts[account_arn] = account
return ListFromAWSResult(resources=orgs_accounts)
def list_from_aws(cls: Type["TargetGroupResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'target_group_1_arn': {target_group_1_dict},
'target_group_2_arn': {target_group_2_dict},
...}
Where the dicts represent results from describe_target_groups."""
paginator = client.get_paginator("describe_target_groups")
resources = {}
for resp in paginator.paginate():
for resource in resp.get("TargetGroups", []):
resource_arn = resource["TargetGroupArn"]
try:
resource[
"TargetHealthDescriptions"] = get_target_group_health(
client, resource_arn)
resources[resource_arn] = resource
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code != "TargetGroupNotFound":
raise c_e
return ListFromAWSResult(resources=resources)
def list_from_aws(cls: Type["EKSClusterResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'cluster_1_arn': {cluster_1_dict},
'cluster_2_arn': {cluster_2_dict},
...}
Where the dicts represent results from list_clusters."""
clusters = {}
try:
paginator = client.get_paginator("list_clusters")
for resp in paginator.paginate():
for cluster_name in resp.get("clusters", []):
resource_arn = cls.generate_arn(account_id=account_id,
region=region,
resource_id=cluster_name)
clusters[resource_arn] = {"Name": cluster_name}
except ClientError as c_e:
response_error = getattr(c_e, "response", {}).get("Error", {})
error_code = response_error.get("Code", "")
if error_code != "AccessDeniedException":
raise c_e
error_msg = response_error.get("Message", "")
if error_msg != f"Account {account_id} is not authorized to use this service":
raise c_e
return ListFromAWSResult(resources=clusters)
def list_from_aws(cls: Type["IAMRoleResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'role_1_arn': {role_1_dict},
'role_2_arn': {role_2_dict},
...}
Where the dicts represent results from list_roles and additional info per role from
list_targets_by_role."""
roles = {}
paginator = client.get_paginator("list_roles")
for resp in paginator.paginate():
for role in resp.get("Roles", []):
role_name = role["RoleName"]
assume_role_policy_document = copy.deepcopy(
role["AssumeRolePolicyDocument"])
assume_role_policy_document_text = policy_doc_dict_to_sorted_str(
assume_role_policy_document)
role[
"AssumeRolePolicyDocumentText"] = assume_role_policy_document_text
for statement in assume_role_policy_document.get(
"Statement", []):
for obj in statement.get("Condition", {}).values():
for obj_key in obj.keys():
if obj_key.lower() == "sts:externalid":
obj[obj_key] = "REMOVED"
policies_result = get_attached_role_policies(client, role_name)
policies = policies_result
role["PolicyAttachments"] = policies
resource_arn = role["Arn"]
roles[resource_arn] = role
return ListFromAWSResult(resources=roles)
def list_from_aws(cls: Type["IAMPolicyResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'role_1_arn': {role_1_dict},
'role_2_arn': {role_2_dict},
...}
Where the dicts represent results from list_policies and additional info per role from
list_targets_by_role."""
policies = {}
paginator = client.get_paginator("list_policies")
for resp in paginator.paginate(Scope="Local"):
for policy in resp.get("Policies", []):
resource_arn = policy["Arn"]
default_policy_version = policy["DefaultVersionId"]
policy_version_resp = client.get_policy_version(
PolicyArn=resource_arn, VersionId=default_policy_version)
default_policy_version_document_text = policy_version_resp[
"PolicyVersion"]["Document"]
policy[
"DefaultVersionPolicyDocumentText"] = policy_doc_dict_to_sorted_str(
default_policy_version_document_text)
policies[resource_arn] = policy
return ListFromAWSResult(resources=policies)
def list_from_aws(cls: Type["IAMPolicyResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'role_1_arn': {role_1_dict},
'role_2_arn': {role_2_dict},
...}
Where the dicts represent results from list_policies and additional info per role from
list_targets_by_role."""
policies = {}
paginator = client.get_paginator("list_policies")
for resp in paginator.paginate(Scope="Local"):
for policy in resp.get("Policies", []):
resource_arn = policy["Arn"]
default_policy_version = policy["DefaultVersionId"]
try:
default_policy_version_document_text = cls.get_policy_version_document_text(
client=client,
policy_arn=resource_arn,
policy_version=default_policy_version,
)
policy[
"DefaultVersionPolicyDocumentText"] = policy_doc_dict_to_sorted_str(
default_policy_version_document_text)
policies[resource_arn] = policy
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code != "NoSuchEntity":
raise c_e
return ListFromAWSResult(resources=policies)
def list_from_aws(cls: Type["EventsRuleResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'rule_1_arn': {rule_1_dict},
'rule_2_arn': {rule_2_dict},
...}
Where the dicts represent results from list_rules and additional info per rule from
list_targets_by_rule."""
rules = {}
paginator = client.get_paginator("list_rules")
for resp in paginator.paginate():
for rule in resp.get("Rules", []):
resource_arn = rule["Arn"]
try:
rule["Targets"] = list_targets_by_rule(
client=client, rule_name=rule["Name"])
rules[resource_arn] = rule
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code != "ResourceNotFoundException":
raise c_e
return ListFromAWSResult(resources=rules)
def list_from_aws(cls: Type["ACMCertificateResourceSpec"],
client: BaseClient, account_id: str,
region: str) -> ListFromAWSResult:
cert_arns: List[str] = []
paginator = client.get_paginator("list_certificates")
for resp in paginator.paginate(
Includes={
"keyTypes": [
"RSA_1024",
"RSA_2048",
"RSA_3072",
"RSA_4096",
"EC_prime256v1",
"EC_secp384r1",
"EC_secp521r1",
]
}):
cert_arns.extend([
cert_dict["CertificateArn"]
for cert_dict in resp.get("CertificateSummaryList", [])
])
certs: Dict[str, Dict[str, Any]] = {}
for cert_arn in cert_arns:
try:
cert_data = get_cert_data(client=client, cert_arn=cert_arn)
certs[cert_arn] = cert_data
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code not in ("ResourceNotFoundException", ):
raise c_e
return ListFromAWSResult(resources=certs)
def get_detector_members(cls: Type["DetectorResourceSpec"],
client: BaseClient, detector_id: str,
region: str) -> List[Dict[str, Any]]:
member_resps: List[Dict[str, Any]] = []
list_members_paginator = client.get_paginator("list_members")
for list_members_resp in list_members_paginator.paginate(
DetectorId=detector_id):
member_resps += list_members_resp.get("Members", [])
members = []
if member_resps:
for member_resp in member_resps:
member_account_id = member_resp["AccountId"]
member_detector_id = member_resp["DetectorId"]
# member_email = member_resp["Email"]
member_email = member_resp.get("Email", "[NONE]")
member_relationship_status = member_resp["RelationshipStatus"]
# member_invited_at = member_resp["InvitedAt"]
member_invited_at = member_resp.get("InvitedAt", "[NONE]")
member_updated_at = member_resp["UpdatedAt"]
member_detector_arn = cls.generate_arn(
account_id=member_account_id,
region=region,
resource_id=member_detector_id,
)
member = {
"DetectorArn": member_detector_arn,
"Email": member_email,
"RelationshipStatus": member_relationship_status,
"InvitedAt": member_invited_at,
"UpdatedAt": member_updated_at,
}
members.append(member)
return members
def list_from_aws(cls: Type["DetectorResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'detector_1_arn': {detector_1_dict},
'detector_2_arn': {detector_2_dict},
...}
Where the dicts represent results from list_detectors and list_members, get_detector for
each listed detector."""
list_detectors_paginator = client.get_paginator("list_detectors")
detectors: Dict[str, Dict[str, Any]] = {}
for list_detectors_resp in list_detectors_paginator.paginate():
detector_ids = list_detectors_resp["DetectorIds"]
for detector_id in detector_ids:
resource_arn = cls.generate_arn(account_id=account_id,
region=region,
resource_id=detector_id)
try:
detectors[resource_arn] = cls.get_detector(
client, detector_id, region)
except ClientError as c_e:
error_code = getattr(c_e, "response",
{}).get("Error", {}).get("Code", {})
if error_code != "BadRequestException":
raise c_e
return ListFromAWSResult(resources=detectors)
def list_from_aws(cls: Type["IAMUserResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'user_1_arn': {user_1_dict},
'user_2_arn': {user_2_dict},
...}
Where the dicts represent results from list_users and additional info per user from
list_targets_by_user."""
users = {}
paginator = client.get_paginator("list_users")
for resp in paginator.paginate():
for user in resp.get("Users", []):
resource_arn = user["Arn"]
user_name = user["UserName"]
access_keys_paginator = client.get_paginator(
"list_access_keys")
access_keys: List[Dict[str, Any]] = []
for access_keys_resp in access_keys_paginator.paginate(
UserName=user_name):
for resp_access_key in access_keys_resp[
"AccessKeyMetadata"]:
access_key = copy.deepcopy(resp_access_key)
access_key_id = access_key["AccessKeyId"]
last_used_resp = client.get_access_key_last_used(
AccessKeyId=access_key_id)
access_key["AccessKeyLastUsed"] = last_used_resp[
"AccessKeyLastUsed"]
access_keys.append(access_key)
user["AccessKeys"] = access_keys
mfa_devices_paginator = client.get_paginator(
"list_mfa_devices")
mfa_devices: List[Dict[str, Any]] = []
for mfa_devices_resp in mfa_devices_paginator.paginate(
UserName=user_name):
mfa_devices += mfa_devices_resp["MFADevices"]
user["MfaDevices"] = mfa_devices
try:
login_profile_resp = client.get_login_profile(
UserName=user_name)
user["LoginProfile"] = login_profile_resp["LoginProfile"]
except ClientError as c_e:
if "NoSuchEntity" not in str(c_e):
raise c_e
users[resource_arn] = user
return ListFromAWSResult(resources=users)
def list_targets_by_rule(client: BaseClient,
rule_name: str) -> List[Dict[str, Any]]:
"""Return a list of target dicts for a given rule name"""
targets = []
targets_paginator = client.get_paginator("list_targets_by_rule")
for targets_resp in targets_paginator.paginate(Rule=rule_name):
targets += targets_resp.get("Targets", [])
return targets
def get_attached_role_policies(client: BaseClient, role_name: str) -> List[Dict[str, Any]]:
"""Get attached role policies"""
policies = []
paginator = client.get_paginator("list_attached_role_policies")
for resp in paginator.paginate(RoleName=role_name):
for policy in resp.get("AttachedPolicies", []):
policies.append(policy)
return policies
def parse_paginators(
client: BaseClient, service_paginator_model: PaginatorModel
) -> Generator[Paginator, None, None]:
for paginator_name in sorted(service_paginator_model._paginator_config):
paginator = client.get_paginator(xform_name(paginator_name))
yield Paginator(
paginator._model.name,
list(parse_methods(get_instance_public_methods(paginator))))
def get_embedded_role_policies(client: BaseClient, role_name: str) -> List[Dict[str, Any]]:
"""Get attached embedded policies"""
policies = []
paginator = client.get_paginator("list_role_policies")
for resp in paginator.paginate(RoleName=role_name):
for policy_name in resp.get("PolicyNames", []):
policy = get_embedded_role_policy(client, role_name, policy_name)
policies.append(policy)
return policies
def list_from_aws(
cls: Type["EC2RouteTableResourceSpec"], client: BaseClient, account_id: str, region: str
) -> ListFromAWSResult:
paginator = client.get_paginator("describe_route_tables")
route_tables = {}
for resp in paginator.paginate():
for attachment in resp.get("RouteTables", []):
resource_arn = cls.generate_arn(account_id, region, attachment["RouteTableId"])
route_tables[resource_arn] = attachment
return ListFromAWSResult(resources=route_tables)
def list_from_aws(cls: Type["SecurityGroupResourceSpec"],
client: BaseClient, account_id: str,
region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'security_group_1_arn': {security_group_1_dict},
'security_group_2_arn': {security_group_2_dict},
...}
Where the dicts represent results from describe_subnets."""
security_groups = {}
paginator = client.get_paginator("describe_security_groups")
for resp in paginator.paginate():
for security_group in resp.get("SecurityGroups", []):
resource_arn = cls.generate_arn(
account_id=account_id,
region=region,
resource_id=security_group["GroupId"])
for ingress_rule in security_group.get("IpPermissions", []):
for ip_range in ingress_rule.get("IpRanges", []):
cidr = ip_range["CidrIp"]
ipv4_network = ipaddress.IPv4Network(cidr,
strict=False)
first_ip, last_ip = int(ipv4_network[0]), int(
ipv4_network[-1])
ip_range["FirstIp"] = first_ip
ip_range["LastIp"] = last_ip
for ip_range in ingress_rule.get("Ipv6Ranges", []):
cidr = ip_range["CidrIpv6"]
ipv6_network = ipaddress.IPv6Network(cidr,
strict=False)
first_ip, last_ip = int(ipv6_network[0]), int(
ipv6_network[-1])
ip_range["FirstIp"] = first_ip
ip_range["LastIp"] = last_ip
for egress_rule in security_group.get("IpPermissionsEgress",
[]):
for ip_range in egress_rule.get("IpRanges", []):
cidr = ip_range["CidrIp"]
ipv4_network = ipaddress.IPv4Network(cidr,
strict=False)
first_ip, last_ip = int(ipv4_network[0]), int(
ipv4_network[-1])
ip_range["FirstIp"] = first_ip
ip_range["LastIp"] = last_ip
for ip_range in egress_rule.get("Ipv6Ranges", []):
cidr = ip_range["CidrIpv6"]
ipv6_network = ipaddress.IPv6Network(cidr,
strict=False)
first_ip, last_ip = int(ipv6_network[0]), int(
ipv6_network[-1])
ip_range["FirstIp"] = first_ip
ip_range["LastIp"] = last_ip
security_groups[resource_arn] = security_group
return ListFromAWSResult(resources=security_groups)
def list_from_aws(cls: Type["RDSSnapshotResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
dbinstances = {}
paginator = client.get_paginator("describe_db_snapshots")
for resp in paginator.paginate():
for db in resp.get("DBSnapshots", []):
resource_arn = db["DBSnapshotArn"]
db["DBInstanceArn"] = cls.generate_instance_arn(
account_id, region, db["DBInstanceIdentifier"])
dbinstances[resource_arn] = db
return ListFromAWSResult(resources=dbinstances)
def list_from_aws(
cls: Type["HostedZoneResourceSpec"], client: BaseClient, account_id: str, region: str
) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'hosted_zone_1_arn': {hosted_zone_1_dict},
'hosted_zone_2_arn': {hosted_zone_2_dict},
...}
Where the dicts represent results from list_hosted_zones."""
hosted_zones = {}
paginator = client.get_paginator("list_hosted_zones")
for resp in paginator.paginate():
for hosted_zone in resp.get("HostedZones", []):
hosted_zone_id = hosted_zone["Id"].split("/")[-1]
resource_arn = cls.generate_arn(resource_id=hosted_zone_id, account_id=account_id)
record_sets_paginator = client.get_paginator("list_resource_record_sets")
zone_resource_record_sets = []
for record_sets_resp in record_sets_paginator.paginate(HostedZoneId=hosted_zone_id):
zone_resource_record_sets += record_sets_resp.get("ResourceRecordSets", [])
hosted_zone["ResourceRecordSets"] = zone_resource_record_sets
hosted_zones[resource_arn] = hosted_zone
return ListFromAWSResult(resources=hosted_zones)
def list_from_aws(cls: Type["EventsRuleResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'rule_1_arn': {rule_1_dict},
'rule_2_arn': {rule_2_dict},
...}
Where the dicts represent results from list_rules and additional info per rule from
list_targets_by_rule."""
rules = {}
paginator = client.get_paginator("list_rules")
for resp in paginator.paginate():
for rule in resp.get("Rules", []):
resource_arn = rule["Arn"]
rules[resource_arn] = rule
targets_paginator = client.get_paginator(
"list_targets_by_rule")
rule["Targets"] = []
for targets_resp in targets_paginator.paginate(
Rule=rule["Name"]):
rule["Targets"] += targets_resp.get("Targets", [])
return ListFromAWSResult(resources=rules)
def list_from_aws(cls: Type["OrgsAccountResourceSpec"], client: BaseClient,
account_id: str, region: str) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'ou_1_arn': {org_1_dict},
'ou_2_arn': {org_2_dict},
...}
Where the dicts represent results from list_accounts_for_parent."""
org_resp = client.describe_organization()
org_arn = org_resp["Organization"]["Arn"]
# get all parents. parents include roots and ous.
parent_ids_arns = {}
paginator = client.get_paginator("list_roots")
for resp in paginator.paginate():
for root in resp["Roots"]:
root_id, root_arn = root["Id"], root["Arn"]
parent_ids_arns[root_id] = root_arn
root_path = f"/{root['Name']}"
ou_details = cls._recursively_get_ou_details_for_parent(
client=client, parent_id=root_id, parent_path=root_path)
for ou_detail in ou_details:
ou_id, ou_arn = ou_detail["Id"], ou_detail["Arn"]
parent_ids_arns[ou_id] = ou_arn
# now look up accounts for each ou
orgs_accounts = {}
accounts_paginator = client.get_paginator("list_accounts_for_parent")
for parent_id, parent_arn in parent_ids_arns.items():
for accounts_resp in accounts_paginator.paginate(
ParentId=parent_id):
for account in accounts_resp["Accounts"]:
account_id = account["Id"]
account_arn = f"arn:aws::::account/{account_id}"
account["OrganizationArn"] = org_arn
account["OUArn"] = parent_arn
orgs_accounts[account_arn] = account
return ListFromAWSResult(resources=orgs_accounts)
def _recursively_get_ou_details_for_parent(
cls: Type["OUResourceSpec"], client: BaseClient, parent_id: str,
parent_path: str) -> List[Dict[str, Any]]:
ous = []
paginator = client.get_paginator(
"list_organizational_units_for_parent")
for resp in paginator.paginate(ParentId=parent_id):
for ou in resp["OrganizationalUnits"]:
ou_id = ou["Id"]
path = f"{parent_path}/{ou['Name']}"
ou["Path"] = path
ous.append(ou)
ous += cls._recursively_get_ou_details_for_parent(
client=client, parent_id=ou_id, parent_path=path)
return ous
def parse_paginators(
client: BaseClient, service_paginator_model: PaginatorModel
) -> Generator[Paginator, None, None]:
paginator_config = (
service_paginator_model._paginator_config # pylint: disable=protected-access
)
for paginator_name in sorted(paginator_config):
paginator = client.get_paginator(xform_name(paginator_name))
paginator_model = paginator._model # pylint: disable=protected-access
yield Paginator(
name=paginator_model.name,
docstring=clean_doc(getdoc(paginator)),
methods=list(parse_methods(
get_instance_public_methods(paginator))),
)
def get_ou_ids_arns(client: BaseClient) -> Dict[str, str]:
"""Build and return a dict of OU ids to arns"""
ou_ids_arns = {}
paginator = client.get_paginator("list_roots")
for resp in paginator.paginate():
for root in resp["Roots"]:
root_id, root_arn = root["Id"], root["Arn"]
ou_ids_arns[root_id] = root_arn
root_path = f"/{root['Name']}"
ou_details = recursively_get_ou_details_for_parent(
client=client, parent_id=root_id, parent_path=root_path
)
for ou_detail in ou_details:
ou_id, ou_arn = ou_detail["Id"], ou_detail["Arn"]
ou_ids_arns[ou_id] = ou_arn
return ou_ids_arns
def list_from_aws(
cls: Type["TransitGatewayVpcAttachmentResourceSpec"],
client: BaseClient,
account_id: str,
region: str,
) -> ListFromAWSResult:
paginator = client.get_paginator(
"describe_transit_gateway_vpc_attachments")
attachments = {}
for resp in paginator.paginate():
for attachment in resp.get("TransitGatewayVpcAttachments", []):
resource_arn = cls.generate_arn(
account_id, region,
attachment["TransitGatewayAttachmentId"])
attachments[resource_arn] = attachment
return ListFromAWSResult(resources=attachments)
def list_from_aws(
cls: Type["VPCPeeringConnectionResourceSpec"],
client: BaseClient,
account_id: str,
region: str,
) -> ListFromAWSResult:
"""Return a dict of dicts of the format:
{'vpc_peering_connection_1_arn': {vpc_peering_connection_1_dict},
'vpc_peering_connection_2_arn': {vpc_peering_connection_2_dict},
...}
Where the dicts represent results from describe_vpc_peering_connections."""
vpc_peering_connections = {}
paginator = client.get_paginator("describe_vpc_peering_connections")
for resp in paginator.paginate():
for vpc_pc in resp["VpcPeeringConnections"]:
resource_arn = cls.generate_arn(
resource_id=vpc_pc["VpcPeeringConnectionId"],
account_id=account_id,
region=region,
)
accepter_info = vpc_pc["AccepterVpcInfo"]
accepter_account_id = accepter_info["OwnerId"]
accepter_vpc_id = accepter_info["VpcId"]
accepter_region = accepter_info["Region"]
accepter_vpc_arn = VPCResourceSpec.generate_arn(
resource_id=accepter_vpc_id,
account_id=accepter_account_id,
region=accepter_region,
)
requester_info = vpc_pc["RequesterVpcInfo"]
requester_account_id = requester_info["OwnerId"]
requester_vpc_id = requester_info["VpcId"]
requester_region = requester_info["Region"]
requester_vpc_arn = VPCResourceSpec.generate_arn(
resource_id=requester_vpc_id,
account_id=requester_account_id,
region=requester_region,
)
vpc_peering_connection = {
"AccepterVpc": accepter_vpc_arn,
"RequesterVpc": requester_vpc_arn,
"Status": vpc_pc["Status"]["Code"],
}
vpc_peering_connections[resource_arn] = vpc_peering_connection
return ListFromAWSResult(resources=vpc_peering_connections)
