def __init__(self, accounts=None, alert_accounts=None, debug=False): self.account_watchers = {} self.account_alerters = {} if not alert_accounts: alert_accounts = accounts for account in accounts: self.account_watchers[account] = [ (SQS(accounts=[account], debug=debug), None), (ELB(accounts=[account], debug=debug), None), (IAMSSL(accounts=[account], debug=debug), None), (RDSSecurityGroup(accounts=[account], debug=debug), RDSSecurityGroupAuditor(accounts=[account], debug=debug)), (SecurityGroup(accounts=[account], debug=debug), SecurityGroupAuditor(accounts=[account], debug=debug)), (S3(accounts=[account], debug=debug), S3Auditor(accounts=[account], debug=debug)), (IAMUser(accounts=[account], debug=debug), IAMUserAuditor(accounts=[account], debug=debug)), (IAMGroup(accounts=[account], debug=debug), None), (IAMRole(accounts=[account], debug=debug), None), (Keypair(accounts=[account], debug=debug), None), (SNS(accounts=[account], debug=debug), SNSAuditor(accounts=[account], debug=debug)) ] if account in alert_accounts: self.account_alerters[account] = Alerter( watchers_auditors=self.account_watchers[account], account=account)
def audit_rds(accounts, send_report): """ Runs auditors/rds_security_group """ accounts = __prep_accounts__(accounts) au = RDSSecurityGroupAuditor(accounts=accounts, debug=True) au.audit_all_objects() if send_report: report = au.create_report() au.email_report(report) au.save_issues() db.session.close()
def find_rds_changes(accounts): """ Runs watchers/rds_security_group""" accounts = __prep_accounts__(accounts) cw = RDSSecurityGroup(accounts=accounts, debug=True) (items, exception_map) = cw.slurp() cw.find_changes(current=items, exception_map=exception_map) # Audit these changed items items_to_audit = [] for item in cw.created_items + cw.changed_items: rds_item = RDSSecurityGroupItem(region=item.region, account=item.account, name=item.name, config=item.new_config) items_to_audit.append(rds_item) au = RDSSecurityGroupAuditor(accounts=accounts, debug=True) au.audit_these_objects(items_to_audit) au.save_issues() cw.save() db.session.close()