コード例 #1
0
def setup_subscriptions(account_id, environment_id, trails_configuration, sourceAccountSession, targetAccountSession):
    prefix = "Setting up CloudTrails subscriptions for environment %s:" % environment_id
    regions = trails_configuration.keys()
    if not len(regions): return trails_configuration

    progress = Progress(
                len(regions),
                prefix + "\t\t")

    for region in regions:
        trail = trails_configuration.pop(region)
        try:
            trails_configuration[region] = aws_setup_subscription(
                            account_id,
                            environment_id,
                            trail,
                            sourceAccountSession,
                            targetAccountSession,
                            progress)
        except Exception as e:
            print "Error: %s" % (e)
        #    details = e.args[0]
            # trails_configuration[u'invalid_trails'][region] = details['reason']
        progress.report()
    progress.done()
    return trails_configuration
コード例 #2
0
def main():
    args = get_user_input()

    targetAccountSession = args.profile and boto3.session.Session(profile_name = args.profile) or None
    sourceAccountSession = args.source_profile and boto3.session.Session(profile_name = args.source_profile) or None

    #
    # Connect to CloudInsight
    #
    ci = CI_API(args.user, args.password, account_id = args.account, locality = args.locality)

    print "Successfully logged in into CloudInsight. Account: %s(%s), User: %s" % \
            (ci.auth_account_name, ci.auth_account_id, ci.auth_user_name)
    #
    # Load configuration file
    #
    config = {}
    environments = []
    with open(args.config) as data_file:    
        config = json.load(data_file)
        if u'role' not in config:
            raise Exception("Missing 'role' attribute in '%s' configuration file" % (args.config))
        if u'external_id' not in config:
            raise Exception("Missing 'external_id' attribute in '%s' configuration file" % (args.config))
        if u'trails' not in config and u'regions' not in config :
            raise Exception("Missing 'trails' and 'regions' configuration in '%s' configuration file" % (args.config))

        role_arn = config[u'role']
        external_id = config[u'external_id']

        if u'environments' in config:
            environments = config[u'environments']
        elif u'aws_account_id' in config:
            environments = ci.get_environments(config[u'aws_account_id'])

    #
    # Get CloudInsight Credential ID for the specified role
    #
    credential_id = get_credential(ci, role_arn, external_id)[u'credential'][u'id']
    print "Obtained credential id for '%s' role" % (role_arn)

    #
    # Get sources for environments specified in the configuration file
    #
    sources = []
    trails = {}
    progress = Progress(
                len(config[u'regions']),
                "Validating configuration.\t\t\t\t\t\t\t\t\t\t")
    for region_name, region_config in config[u'regions'].iteritems():
        progress.report()
        if region_config[u'type'] == u'queue':
            if not u'queue' in region_config:
                raise Exception("Invalid config file. 'queue' property is missing for '%s' region" % region_name)

            if targetAccountSession and not validate_queue(region_name, region_config[u'queue'], targetAccountSession):
                raise Exception("Invalid config file. '%s' queue doesn't exist in '%s' region in '%s' AWS Account." %\
                               (region_config[u'queue'], region_name, get_account_id(targetAccountSession) ) )

            bucket_region = u'bucket_region' in region_config and region_config[u'bucket_region'] or u'us-east-1'
            for environment_id in environments:
                result = ci.get_sources(environment_id = environment_id, region = region_name)
                sources.append(update_source_config(
                        len(result) and result[0] or None,
                        ci.account_id,
                        environment_id,
                        region_name,
                        credential_id = credential_id,
                        bucket_region = bucket_region,
                        queue = get_queue_name(region_config[u'queue'])))
        elif region_config[u'type'] == u'trail':
            if u'trail' not in region_config or not region_config[u'trail']:
                raise Exception("Invalid config file. 'trail' property is missing '%s' region" % region_name)
            
            trail = get_cloud_trail_configuration(
                                    region_name,
                                    region_config[u'trail'], 
                                    sourceAccountSession,
                                    targetAccountSession)
            if trail:
                 trails[region_name] = trail
    progress.done()

    #
    # Setup CloudTrail subscriptions
    #
    for environment_id in environments:
        trails_configuration = setup_subscriptions(
                                    args.account,
                                    environment_id,
                                    trails,
                                    sourceAccountSession,
                                    targetAccountSession)

        for region_name, trail_configuration in trails_configuration.iteritems():
                result = ci.get_sources(environment = environment_id, region = region_name)
                sources.append(update_source_config(
                        len(result) and result[0] or None,
                        ci.account_id,
                        environment_id,
                        region_name,
                        credential_id = credential_id,
                        bucket_region = trail_configuration[u'bucket_region'],
                        queue = trail_configuration[u'sqs_queue_name']))

    #
    # Create CloudInsight sources
    #
    for source in sources:
        print "Updating '%s' source in '%s' environment." %\
              (source[u'source'][u'name'], source[u'source'][u'environment'])
        ci.create_source(source)
    print "Successfully updated CloudInsight configuration."
    print_instructions(role_arn)