def main():
session = get_session()
all_data = {}
for region in get_all_regions(session):
ec2_client = session.client('ec2', region)
all_data[region] = {}
print('Processing region: %s' % region)
iterator = yield_handling_errors(get_snapshots, ec2_client)
iterator = enumerate(iterator)
for i, snapshot in iterator:
all_data[region][i] = snapshot
sys.stdout.write('.')
sys.stdout.flush()
if all_data[region]:
print('\n')
os.makedirs('output', exist_ok=True)
json_writer('output/ec2_snapshots.json', all_data)
json_printer(all_data)
def main():
session = get_session()
all_data = {}
for region in get_all_regions(session):
all_data[region] = {}
client = session.client('rds', region_name=region)
for snapshot in get_shapshots_for_region(client):
snapshot_id = snapshot['DBSnapshotIdentifier']
print('Region: %s / Snapshot: %s' % (region, snapshot_id))
try:
attributes = get_snapshot_attributes(client, snapshot_id)
except Exception as e:
msg = 'Failed to retrieve attributes for %s @ %s. Error: "%s"'
args = (snapshot_id, region, e)
print(msg % args)
attributes = {}
all_data[region][snapshot_id] = {}
all_data[region][snapshot_id]['main'] = snapshot
all_data[region][snapshot_id]['attributes'] = attributes
else:
print('Region: %s / No snapshots found' % (region, ))
os.makedirs('output', exist_ok=True)
json_writer('output/rds-snapshots.json', all_data)
json_printer(all_data)
def main():
all_data = {}
session = get_session()
for region in get_all_regions(session):
all_data[region] = {}
client = session.client('apigateway', region_name=region)
iterator = yield_handling_errors(get_api_gateways_for_region, client)
for rest_api in iterator:
api_id = rest_api['id']
print('Region: %s / API ID: %s' % (region, api_id))
try:
authorizers = get_authorizers(client, api_id)
except Exception as e:
msg = 'Failed to retrieve authorizers for %s @ %s. Error: "%s"'
args = (api_id, region, e)
print(msg % args)
authorizers = {}
all_data[region][api_id] = {}
all_data[region][api_id]['main'] = rest_api
all_data[region][api_id]['authorizers'] = authorizers
else:
print('Region: %s / No API gateways' % region)
os.makedirs('output', exist_ok=True)
json_writer('output/api-gateways.json', all_data)
json_printer(all_data)
def main():
session = get_session()
all_data = {}
for region in get_all_regions(session):
all_data[region] = {}
client = session.client('cognito-identity', region_name=region)
print('Processing region: %s' % region)
for i, id_pool in enumerate(get_id_pools(client)):
id_pool_id = id_pool['IdentityPoolId']
id_pool = client.describe_identity_pool(IdentityPoolId=id_pool_id)
pool_roles = client.get_identity_pool_roles(
IdentityPoolId=id_pool_id)
all_data[region][id_pool_id] = {}
all_data[region][id_pool_id]['describe'] = id_pool
all_data[region][id_pool_id]['roles'] = pool_roles
sys.stdout.write('.')
sys.stdout.flush()
os.makedirs('output', exist_ok=True)
json_writer('output/cognito-id-pools.json', all_data)
json_printer(all_data)
def get_ips(regions):
for region in regions:
client = connect_aws_service(region, 'ec2')
PublicInfo = list()
response = client.describe_network_interfaces(Filters=[
{
'Name': 'attachment.status',
'Values': ['attached']
},
], )
for NetworkInterfaces in response:
NetworkInterfaces = response.get('NetworkInterfaces')
for details in NetworkInterfaces:
try:
if details.get('Association').get(
'PublicIp') in PublicInfo:
continue
else:
PublicInfo.append(
details.get('Association').get('PublicIp'))
except:
pass
json_writer('output/' + region + '-info.json', PublicInfo)
def main():
session = get_session()
all_data = {}
iam_client = session.client('iam')
for region in get_all_regions(session):
all_data[region] = {}
ec2_client = session.client('ec2', region_name=region)
print('Processing region: %s' % region)
iterator = yield_handling_errors(get_instance_profiles, ec2_client,
iam_client)
iterator = enumerate(iterator)
for i, instance_profile_policy in iterator:
all_data[region][i] = instance_profile_policy
sys.stdout.write('.')
sys.stdout.flush()
os.makedirs('output', exist_ok=True)
json_writer('output/instance_profile_policies.json', all_data)
json_printer(all_data)
def main():
session = get_session()
all_data = {}
for region in get_all_regions(session):
all_data[region] = {}
client = session.client('lambda', region_name=region)
iterator = yield_handling_errors(get_lambda_functions_for_region, client)
for lambda_function in iterator:
function_name = lambda_function['FunctionName']
print('Region: %s / Lambda function: %s' % (region, function_name))
function_details = get_function(client, function_name)
function_policy = get_policy(client, function_name)
all_data[region][function_name] = {}
all_data[region][function_name]['main'] = lambda_function
all_data[region][function_name]['details'] = function_details
all_data[region][function_name]['policy'] = function_policy
if not all_data[region]:
print('Region %s / No Lambda functions' % region)
continue
os.makedirs('output', exist_ok=True)
json_writer('output/lambda-functions.json', all_data)
json_printer(all_data)
def main():
session = get_session()
all_data = {}
for region in get_all_regions(session):
all_data[region] = get_findings(session, region)
os.makedirs('output', exist_ok=True)
json_writer('output/guardduty.json', all_data)
json_printer(all_data)
def main():
session = get_session()
route53_client = session.client('route53')
zone_info = route53_client.list_hosted_zones()
all_data = dict()
for zone in zone_info.get('HostedZones'):
zone_name = zone['Name']
zone_id = zone['Id']
# remove trailing dot
zone_name = zone_name[:-1]
dump_route53_records(route53_client, zone_name, zone_id, all_data)
json_writer('output/route53_dump.json', all_data)
return all_data
def main():
csv_filename = get_input_csv_filename()
resources_per_region = {}
ignored_resources_per_region = {}
#
# Filter out the default resources
#
for resource in get_resources(csv_filename):
if should_ignore_resource(resource, ignored_resources_per_region):
continue
if resource.region in resources_per_region:
resources_per_region[resource.region].append(resource)
else:
resources_per_region[resource.region] = [resource]
#
# Make the output printable in JSON
#
resources_per_region_json = {}
for region in resources_per_region:
for resource in resources_per_region[region]:
if region in resources_per_region_json:
resources_per_region_json[region].append(resource.to_dict())
else:
resources_per_region_json[region] = [resource.to_dict()]
used_regions = list(resources_per_region_json.keys())
used_regions.sort()
used_regions.append('global')
# Global is always in use
resources_per_region_json['global'] = ['iam']
os.makedirs('output', exist_ok=True)
json_writer('output/regions-in-use.json', used_regions)
json_writer('output/resources-by-region.json', resources_per_region_json)
json_printer(used_regions)
def main():
session = get_session()
all_data = {}
for region in get_all_regions(session):
all_data[region] = {}
client = session.client('kms', region_name=region)
keys_for_region = get_keys_for_region(client)
if not keys_for_region:
print('Region: %s / No KMS keys' % region)
continue
for key in keys_for_region:
print('Region: %s / KeyId: %s' % (region, key))
grants = []
policies = []
try:
grants = get_key_grants(client, key)
except Exception as e:
msg = 'Failed to retrieve grants for %s @ %s. Error: "%s"'
args = (key, region, e)
print(msg % args)
try:
policies = get_key_policies(client, key)
except Exception as e:
msg = 'Failed to retrieve policies for %s @ %s. Error: "%s"'
args = (key, region, e)
print(msg % args)
all_data[region][key] = {}
all_data[region][key]['grants'] = grants
all_data[region][key]['policies'] = policies
os.makedirs('output', exist_ok=True)
json_writer('output/key-grants.json', all_data)
json_printer(all_data)
def main():
session = get_session()
all_data = {}
client = session.client('iam')
for role_name in get_role_names(client):
print('RoleName: %s' % (role_name, ))
roles = []
try:
role_details = get_role_details(client, role_name)
except Exception as e:
msg = 'Failed to retrieve role for %s. Error: "%s"'
args = (role_name, e)
print(msg % args)
all_data[role_name] = role_details
os.makedirs('output', exist_ok=True)
json_writer('output/role-details.json', all_data)
json_printer(all_data)