コード例 #1
0
ファイル: cloudwatch.py プロジェクト: nplutt/overprivileged
def fetch_query_results(query_id: str,
                        timeout: datetime) -> Tuple[List[dict], Decimal]:
    """
    Waits for and returns the results from a given cloudwatch insights
    query
    Args:
        query_id: the query id to fetch results for
        timeout: the time at which the query should be canceled/timed out
    """
    client = fetch_boto3_client("logs")

    results = None
    while datetime.utcnow() < timeout:
        sleep(2)
        results = client.get_query_results(queryId=query_id)
        if results["status"] in [
                QueryStatus.COMPLETE.value,
                QueryStatus.FAILED.value,
        ]:
            break

    query_price = calculate_query_price(results["statistics"]["bytesScanned"])
    results = [{r["field"]: r["value"]
                for r in records} for records in results["results"]]
    return results, query_price
コード例 #2
0
ファイル: policy.py プロジェクト: nplutt/overprivileged
def fetch_inline_policies_for_role(role_name: str) -> dict:
    client = fetch_boto3_client("iam")

    policy_documents = {}
    inline_role_policies = client.list_role_policies(RoleName=role_name)
    for policy_name in inline_role_policies["PolicyNames"]:
        policy = client.get_role_policy(RoleName=role_name,
                                        PolicyName=policy_name)
        policy_documents[policy_name] = policy["PolicyDocument"]

    return policy_documents
コード例 #3
0
def fetch_roles(path_prefix: str = "/", max_items: int = 200) -> List[dict]:
    """
    Fetches all of the iam roles for a given account
    Args:
        path_prefix: The path prefix for filtering the results
        max_items: The max number of roles to return
    """
    client = fetch_boto3_client("iam")

    res = client.list_roles(PathPrefix=path_prefix, MaxItems=max_items)
    return [{
        "name": r.get("RoleName"),
        "description": r.get("Description")
    } for r in res["Roles"]]
コード例 #4
0
ファイル: policy.py プロジェクト: nplutt/overprivileged
def fetch_attached_policies_for_role(role_name: str) -> dict:
    client = fetch_boto3_client("iam")

    policy_documents = {}
    attached_role_policies = client.list_attached_role_policies(
        RoleName=role_name)
    for policy_info in attached_role_policies["AttachedPolicies"]:
        policy_arn = policy_info["PolicyArn"]
        policy = client.get_policy_version(
            PolicyArn=policy_arn,
            VersionId=fetch_version_for_policy(policy_arn),
        )
        policy_documents[
            policy_info["PolicyName"]] = policy["PolicyVersion"]["Document"]

    return policy_documents
コード例 #5
0
ファイル: cloudwatch.py プロジェクト: nplutt/overprivileged
def start_query(query: str, log_group_name: str, days: int) -> str:
    """
    Starts a cloudwatch insights query
    Args:
        query: the query to be run
        log_group_name: the log group to run the query against
        days: the number of days back to query
    """
    client = fetch_boto3_client("logs")

    start_time = mktime((datetime.utcnow() - timedelta(days=days)).timetuple())
    end_time = time()

    query_response = client.start_query(
        logGroupName=log_group_name,
        startTime=round(start_time),
        endTime=round(end_time),
        queryString=query,
        limit=10000,
    )
    return query_response["queryId"]
コード例 #6
0
ファイル: policy.py プロジェクト: nplutt/overprivileged
def fetch_version_for_policy(policy_arn: str) -> str:
    client = fetch_boto3_client("iam")
    policy = client.get_policy(PolicyArn=policy_arn)
    return policy["Policy"]["DefaultVersionId"]