def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
response = client.describe_subnets(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from Subnets...", "HEADER")
for data in response["Subnets"]:
nametag = get_name_tag(data)
name = data["SubnetId"] if nametag is None else nametag
subnet_digest = ResourceDigest(id=data["SubnetId"],
type="aws_subnet")
resources_found.append(
Resource(
digest=subnet_digest,
name=name,
details="Subnet using CidrBlock {} and AZ {}".format(
data["CidrBlock"], data["AvailabilityZone"]),
group="network",
tags=resource_tags(data),
))
self.relations_found.append(
ResourceEdge(from_node=subnet_digest,
to_node=self.vpc_options.vpc_digest()))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
client_vpn_endpoints = client.describe_client_vpn_endpoints()
resources: List[Resource] = []
for client_vpn_endpoint in client_vpn_endpoints["ClientVpnEndpoints"]:
if client_vpn_endpoint["VpcId"] == self.vpc_options.vpc_id:
digest = ResourceDigest(
id=client_vpn_endpoint["ClientVpnEndpointId"],
type="aws_vpn_client_endpoint",
)
nametag = get_name_tag(client_vpn_endpoint)
name = (client_vpn_endpoint["ClientVpnEndpointId"]
if nametag is None else nametag)
resources.append(
Resource(
digest=digest,
name=name,
group="network",
tags=resource_tags(client_vpn_endpoint),
))
self.relations_found.append(
ResourceEdge(from_node=digest,
to_node=self.vpc_options.vpc_digest()))
return resources
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
response = client.describe_route_tables(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from Route Tables...", "HEADER")
# Iterate to get all route table filtered
for route_table in response["RouteTables"]:
nametag = get_name_tag(route_table)
name = route_table["RouteTableId"] if nametag is None else nametag
table_digest = ResourceDigest(id=route_table["RouteTableId"],
type="aws_route_table")
is_main = False
for association in route_table["Associations"]:
if association["Main"] is True:
is_main = True
if is_main:
self.relations_found.append(
ResourceEdge(
from_node=table_digest,
to_node=self.vpc_options.vpc_digest(),
))
else:
for association in route_table["Associations"]:
if "SubnetId" in association:
self.relations_found.append(
ResourceEdge(
from_node=table_digest,
to_node=ResourceDigest(
id=association["SubnetId"],
type="aws_subnet"),
))
is_public = False
for route in route_table["Routes"]:
if ("DestinationCidrBlock" in route
and route["DestinationCidrBlock"] == "0.0.0.0/0"
and "GatewayId" in route
and route["GatewayId"].startswith("igw-")):
is_public = True
resources_found.append(
Resource(
digest=table_digest,
name=name,
details="default: {}, public: {}".format(
is_main, is_public),
group="network",
tags=resource_tags(route_table),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
response = client.describe_instances()
if self.vpc_options.verbose:
message_handler("Collecting data from EC2 Instances...", "HEADER")
for data in response["Reservations"]:
for instances in data["Instances"]:
if "VpcId" in instances:
if instances["VpcId"] == self.vpc_options.vpc_id:
nametag = get_name_tag(instances)
asg_name = get_tag(instances, "aws:autoscaling:groupName")
instance_name = (
instances["InstanceId"] if nametag is None else nametag
)
ec2_digest = ResourceDigest(
id=instances["InstanceId"], type="aws_instance"
)
resources_found.append(
Resource(
digest=ec2_digest,
name=instance_name,
details="",
group="compute",
tags=resource_tags(instances),
)
)
self.relations_found.append(
ResourceEdge(
from_node=ec2_digest,
to_node=ResourceDigest(
id=instances["SubnetId"], type="aws_subnet"
),
)
)
if asg_name is not None:
self.relations_found.append(
ResourceEdge(
from_node=ec2_digest,
to_node=ResourceDigest(
id=asg_name, type="aws_autoscaling_group"
),
)
)
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("efs")
resources_found = []
# get filesystems available
response = client.describe_file_systems()
if self.vpc_options.verbose:
message_handler("Collecting data from EFS Mount Targets...",
"HEADER")
for data in response["FileSystems"]:
filesystem = client.describe_mount_targets(
FileSystemId=data["FileSystemId"])
nametag = get_name_tag(data)
filesystem_name = data[
"FileSystemId"] if nametag is None else nametag
# iterate filesystems to get mount targets
for datafilesystem in filesystem["MountTargets"]:
# Using subnet to check VPC
subnets = describe_subnet(
vpc_options=self.vpc_options,
subnet_ids=datafilesystem["SubnetId"])
if subnets is not None:
if subnets["Subnets"][0][
"VpcId"] == self.vpc_options.vpc_id:
digest = ResourceDigest(id=data["FileSystemId"],
type="aws_efs_file_system")
resources_found.append(
Resource(
digest=digest,
name=filesystem_name,
details="",
group="storage",
tags=resource_tags(data),
))
self.relations_found.append(
ResourceEdge(
from_node=digest,
to_node=ResourceDigest(
id=datafilesystem["SubnetId"],
type="aws_subnet"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
response = client.describe_vpc_peering_connections()
if self.vpc_options.verbose:
message_handler("Collecting data from VPC Peering...", "HEADER")
for data in response["VpcPeeringConnections"]:
if (data["AccepterVpcInfo"]["VpcId"] == self.vpc_options.vpc_id
or data["RequesterVpcInfo"]["VpcId"]
== self.vpc_options.vpc_id):
nametag = get_name_tag(data)
name = data[
"VpcPeeringConnectionId"] if nametag is None else nametag
peering_digest = ResourceDigest(
id=data["VpcPeeringConnectionId"],
type="aws_vpc_peering_connection",
)
resources_found.append(
Resource(
digest=peering_digest,
name=name,
details=
"Vpc Peering Accepter OwnerId {}, Accepter Region {}, Accepter VpcId {} \
Requester OwnerId {}, Requester Region {}, \
Requester VpcId {}".
format(
data["AccepterVpcInfo"]["OwnerId"],
data["AccepterVpcInfo"]["Region"],
data["AccepterVpcInfo"]["VpcId"],
data["RequesterVpcInfo"]["OwnerId"],
data["RequesterVpcInfo"]["Region"],
data["RequesterVpcInfo"]["VpcId"],
),
group="network",
tags=resource_tags(data),
))
self.relations_found.append(
ResourceEdge(
from_node=peering_digest,
to_node=self.vpc_options.vpc_digest(),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("workspaces")
resources_found = []
response = client.describe_workspaces()
if self.vpc_options.verbose:
message_handler("Collecting data from Workspaces...", "HEADER")
for data in response["Workspaces"]:
# Get tag name
tags = client.describe_tags(ResourceId=data["WorkspaceId"])
nametag = get_name_tag(tags)
workspace_name = data["WorkspaceId"] if nametag is None else nametag
directory_service = self.vpc_options.client("ds")
directories = directory_service.describe_directories(
DirectoryIds=[data["DirectoryId"]])
for directorie in directories["DirectoryDescriptions"]:
if "VpcSettings" in directorie:
if directorie["VpcSettings"][
"VpcId"] == self.vpc_options.vpc_id:
workspace_digest = ResourceDigest(
id=data["WorkspaceId"], type="aws_workspaces")
resources_found.append(
Resource(
digest=workspace_digest,
name=workspace_name,
details="",
group="enduser",
tags=resource_tags(tags),
))
self.relations_found.append(
ResourceEdge(
from_node=workspace_digest,
to_node=ResourceDigest(
id=directorie["DirectoryId"],
type="aws_ds"),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
response = client.describe_nat_gateways(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from NAT Gateways...", "HEADER")
for data in response["NatGateways"]:
if data["VpcId"] == self.vpc_options.vpc_id and data[
"State"] != "deleted":
nametag = get_name_tag(data)
name = data["NatGatewayId"] if nametag is None else nametag
nat_digest = ResourceDigest(id=data["NatGatewayId"],
type="aws_nat_gateway")
resources_found.append(
Resource(
digest=nat_digest,
name=name,
details=
"NAT Gateway Private IP {}, Public IP {}, Subnet id {}"
.format(
data["NatGatewayAddresses"][0]["PrivateIp"],
data["NatGatewayAddresses"][0]["PublicIp"],
data["SubnetId"],
),
group="network",
tags=resource_tags(data),
))
self.relations_found.append(
ResourceEdge(
from_node=nat_digest,
to_node=ResourceDigest(id=data["SubnetId"],
type="aws_subnet"),
))
return resources_found
def add_customer_gateway(self, client, connection_digest, resources,
vpn_connection):
customer_gateway_id = vpn_connection["CustomerGatewayId"]
vcw_gateway_response = client.describe_customer_gateways(
CustomerGatewayIds=[customer_gateway_id])
vcw_gateway_digest = ResourceDigest(id=customer_gateway_id,
type="aws_customer_gateway")
vcw_nametag = get_name_tag(vcw_gateway_response["CustomerGateways"][0])
vcw_name = customer_gateway_id if vcw_nametag is None else vcw_nametag
resources.append(
Resource(
digest=vcw_gateway_digest,
name=vcw_name,
group="network",
tags=resource_tags(
vcw_gateway_response["CustomerGateways"][0]),
))
self.relations_found.append(
ResourceEdge(from_node=connection_digest,
to_node=vcw_gateway_digest))
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}]
response = client.describe_network_acls(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from NACLs...", "HEADER")
for data in response["NetworkAcls"]:
nacl_digest = ResourceDigest(id=data["NetworkAclId"],
type="aws_network_acl")
subnet_ids = []
for subnet in data["Associations"]:
subnet_ids.append(subnet["SubnetId"])
self.relations_found.append(
ResourceEdge(
from_node=nacl_digest,
to_node=ResourceDigest(id=subnet["SubnetId"],
type="aws_subnet"),
))
nametag = get_name_tag(data)
name = data["NetworkAclId"] if nametag is None else nametag
resources_found.append(
Resource(
digest=nacl_digest,
name=name,
details="NACL using Subnets {}".format(
", ".join(subnet_ids)),
group="network",
tags=resource_tags(data),
))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
resources_found = []
filters = [{
"Name": "attachment.vpc-id",
"Values": [self.vpc_options.vpc_id]
}]
response = client.describe_internet_gateways(Filters=filters)
if self.vpc_options.verbose:
message_handler("Collecting data from Internet Gateways...",
"HEADER")
# One VPC has only 1 IGW then it's a direct check
if len(response["InternetGateways"]) > 0:
nametag = get_name_tag(response["InternetGateways"][0])
name = (response["InternetGateways"][0]["InternetGatewayId"]
if nametag is None else nametag)
igw_digest = ResourceDigest(
id=response["InternetGateways"][0]["InternetGatewayId"],
type="aws_internet_gateway",
)
resources_found.append(
Resource(
digest=igw_digest,
name=name,
details="",
group="network",
tags=resource_tags(response["InternetGateways"][0]),
))
self.relations_found.append(
ResourceEdge(from_node=igw_digest,
to_node=self.vpc_options.vpc_digest()))
return resources_found
def get_resources(self) -> List[Resource]:
client = self.vpc_options.client("ec2")
vpn_response = client.describe_vpn_connections()
resources: List[Resource] = []
for vpn_connection in vpn_response["VpnConnections"]:
if ("VpnGatewayId" in vpn_connection
and vpn_connection["VpnGatewayId"] != ""):
vpn_gateway_id = vpn_connection["VpnGatewayId"]
vpn_gateway_response = client.describe_vpn_gateways(
Filters=[{
"Name": "attachment.vpc-id",
"Values": [
self.vpc_options.vpc_id,
],
}],
VpnGatewayIds=[vpn_gateway_id],
)
if vpn_gateway_response["VpnGateways"]:
connection_digest = ResourceDigest(
id=vpn_connection["VpnConnectionId"],
type="aws_vpn_connection")
vpn_nametag = get_name_tag(vpn_connection)
vpn_name = (vpn_connection["VpnConnectionId"]
if vpn_nametag is None else vpn_nametag)
resources.append(
Resource(
digest=connection_digest,
name=vpn_name,
group="network",
tags=resource_tags(vpn_connection),
))
self.relations_found.append(
ResourceEdge(
from_node=connection_digest,
to_node=self.vpc_options.vpc_digest(),
))
vpn_gateway_digest = ResourceDigest(id=vpn_gateway_id,
type="aws_vpn_gateway")
vgw_nametag = get_name_tag(
vpn_gateway_response["VpnGateways"][0])
vgw_name = vpn_gateway_id if vgw_nametag is None else vgw_nametag
resources.append(
Resource(
digest=vpn_gateway_digest,
name=vgw_name,
group="network",
tags=resource_tags(
vpn_gateway_response["VpnGateways"][0]),
))
self.relations_found.append(
ResourceEdge(from_node=connection_digest,
to_node=vpn_gateway_digest))
if ("CustomerGatewayId" in vpn_connection
and vpn_connection["CustomerGatewayId"] != ""):
self.add_customer_gateway(client, connection_digest,
resources, vpn_connection)
return resources
