def __init__(self,
profile='default',
report_dir=None,
timestamp=None,
services=None,
skipped_services=None,
result_format='json',
**kwargs):
services = [] if services is None else services
skipped_services = [] if skipped_services is None else skipped_services
self.metadata_path = '%s/metadata.json' % os.path.split(
os.path.abspath(__file__))[0]
self.sg_map = {}
self.subnet_map = {}
self.profile = profile
self.services_config = AWSServicesConfig
self.provider_code = 'aws'
self.provider_name = 'Amazon Web Services'
self.environment = self.profile
self.result_format = result_format
self.credentials = kwargs['credentials']
self.partition = get_partition_name(self.credentials.session)
self.account_id = get_aws_account_id(self.credentials.session)
super(AWSProvider, self).__init__(report_dir, timestamp, services,
skipped_services, result_format)
async def _fetch(self, service, regions=None, excluded_regions=None):
try:
print_info('Fetching resources for the {} service'.format(
format_service_name(service)))
service_config = getattr(self, service)
# call fetch method for the service
if 'fetch_all' in dir(service_config):
method_args = {}
if regions:
method_args['regions'] = regions
if excluded_regions:
method_args['excluded_regions'] = excluded_regions
if self._is_provider('aws'):
if service != 'iam':
method_args['partition_name'] = get_partition_name(
self.credentials.session)
await service_config.fetch_all(**method_args)
if hasattr(service_config, 'finalize'):
await service_config.finalize()
else:
print_debug('No method to fetch service %s.' % service)
except Exception as e:
print_exception(f'Could not fetch {service} configuration: {e}')
async def _fetch(self, service, regions):
try:
print_info('Fetching resources for the {} service'.format(
format_service_name(service)))
service_config = getattr(self, service)
# call fetch method for the service
if 'fetch_all' in dir(service_config):
method_args = {
'credentials': self.credentials,
'regions': regions
}
if self._is_provider('aws'):
if service != 'iam':
method_args['partition_name'] = get_partition_name(
self.credentials)
await service_config.fetch_all(**method_args)
if hasattr(service_config, 'finalize'):
await service_config.finalize()
else:
print_debug('No method to fetch service %s.' % service)
except Exception as e:
print_error('Error: could not fetch %s configuration.' % service)
print_exception(e)
async def fetch_all(self):
self.partition = get_partition_name(self.facade.session)
self.service = 's3'
raw_buckets = await self.facade.s3.get_buckets()
for raw_bucket in raw_buckets:
name, resource = self._parse_bucket(raw_bucket)
self[name] = resource
def test_get_partition_name(self):
with mock.patch(
"ScoutSuite.providers.aws.utils.get_caller_identity",
return_value={"Arn": "a:b:c:d:e:f:"},
):
assert get_partition_name("") == "b"
def __init__(self, credentials=None):
super().__init__()
self.owner_id = get_aws_account_id(credentials.session)
self.partition = get_partition_name(credentials.session)
self.session = credentials.session
self._instantiate_facades()