def get_s3_buckets(account, region):
if not region:
region = 'us-east-1'
start = time.time()
s3_data = []
aws_accounts = AwsAccounts()
if not account:
# running for all accounts, fan out Lambdas to make it faster
account_list = aws_accounts.all(attr=['accountNum', 'alias'])
client = boto3.client('lambda')
pool = Pool(10)
account_map = []
for account in account_list:
account['region'] = region
account_map.append(account)
results = pool.map(invoke_get_s3_buckets, account_map)
pool.close()
pool.join()
s3_data = [item for sublist in results for item in sublist]
end = time.time()
return s3_data, (end - start)
else:
# running for a single account
end = time.time()
account_data = aws_accounts.with_number(account)
data = get_s3_buckets_for_account(account_data, region)
return data, (end - start)
def instance_count(account=None, region='us-east-1'):
start = time.time()
instance_data = []
if not account:
aws_accounts = AwsAccounts()
# running for all accounts, fan out Lambdas to make it faster
account_list = aws_accounts.all(attr=['accountNum', 'alias'])
account_map = []
for account in account_list:
account['region'] = region
account_map.append(account)
client = boto3.client('lambda')
instance_count = 0
pool = Pool(10)
results = pool.map(invoke_instance_count, account_map)
pool.close()
pool.join()
# Flatten the result
instance_data = [item for sublist in results for item in sublist]
end = time.time()
final = dict(Summary=instance_data, Time=(end - start))
return instance_data, (end - start)
else:
# running for a single account
end = time.time()
data = get_instance_count_for_account(account)
return data, (end - start)
def get_public_ips(function_name, account, region='us-east-1'):
""" Get all public IP addresses from an AWS account
:param account: AWS account
:param region: AWS region
"""
if not region:
region = 'us-east-1'
start = time.time()
aws_accounts = AwsAccounts()
if not account:
# running for all accounts, fan out Lambdas to make it faster
account_list = aws_accounts.all(attr=['accountNum', 'alias'])
pool = Pool(10)
account_map = []
for acc in account_list:
acc['region'] = region
acc['function_name'] = function_name
account_map.append(acc)
results = pool.map(invoke_get_public_ips, account_map)
pool.close()
pool.join()
address_data = [item for sublist in results for item in sublist]
end = time.time()
else:
# running for a single account
end = time.time()
account_data = aws_accounts.with_number(account)
address_data = query_for_account(account_data, region)
return address_data, (end - start)
def get_roles(account):
start = time.time()
user_data = []
aws_accounts = AwsAccounts()
if not account:
# running for all accounts, fan out Lambdas to make it faster
account_list = aws_accounts.all(attr=['accountNum', 'alias'])
client = boto3.client('lambda')
user_count = 0
pool = Pool(10)
account_map = []
for account in account_list:
account_map.append(account)
results = pool.map(invoke_get_roles, account_map)
pool.close()
pool.join()
role_data = [item for sublist in results for item in sublist]
end = time.time()
return role_data, (end - start)
else:
# running for a single account
end = time.time()
account_data = aws_accounts.with_number(account)
data = get_roles_for_account(account_data)
return data, (end - start)
def get_redshift_clusters(account, region):
""" Get all redshift clusters from all accounts. """
redshift_data = []
aws_accounts = AwsAccounts()
accounts = aws_accounts.all()
if not account:
session = boto3.session.Session()
for acc in accounts:
alias = None
assume = rolesession.assume_crossact_audit_role(
session,
acc['accountNum'],
region)
if assume:
client = assume.client('redshift')
redshift_list = mp_wrappers.describe_clusters(client)[
'Clusters']
alias = acc.get('alias')
for cluster in redshift_list:
redshift_data.append(
dict(Region=region,
ClusterId=(cluster['ClusterIdentifier']),
Username=(cluster['MasterUsername']),
DBName=(cluster['DBName']),
Endpoint=(cluster['Endpoint']),
PubliclyAccessible=(
cluster['PubliclyAccessible']),
Encrypted=(cluster['Encrypted']),
AccountNum=acc['accountNum'],
AccountAlias=alias))
else:
pass
elif account.isdigit() and len(account) == 12:
session = boto3.session.Session()
assume = rolesession.assume_crossact_audit_role(
session,
account,
region)
alias = None
if assume:
client = assume.client('redshift')
redshift_list = mp_wrappers.describe_clusters(client)['Clusters']
alias = account.get('alias')
for cluster in redshift_list:
redshift_data.append(
dict(Region=region,
ClusterId=(cluster['ClusterIdentifier']),
Username=(cluster['MasterUsername']),
DBName=(cluster['DBName']),
Endpoint=(cluster['Endpoint']),
PubliclyAccessible=(cluster['PubliclyAccessible']),
Encrypted=(cluster['Encrypted']),
AccountNum=account,
AccountAlias=alias))
else:
return dict(Error='Account not found'), 404
return dict(Clusters=redshift_data), 200
def get_user_count(function_name, account=None):
""" Get user count for all accounts or a specific account.
:param account: Account to get user count
"""
start = time.time()
user_data = []
if not account:
aws_accounts = AwsAccounts()
# running for all accounts, fan out Lambdas to make it faster
account_list = aws_accounts.all(attr=['accountNum', 'alias'])
new_acc_list = []
for acc in account_list:
acc['function_name'] = function_name
new_acc_list.append(acc)
print new_acc_list
pool = Pool(10)
results = pool.map(invoke_user_count, new_acc_list)
pool.close()
pool.join()
user_data = [item for sublist in results for item in sublist]
end = time.time()
final_data = dict(Summary=user_data, Time=(end - start))
return final_data
# running for a single account
acc_data = get_usercount_for_account(account)
return acc_data
def dashboard():
""" Main dashboard function. Run stats across all accounts. """
start = time.time()
instance_count = 0
user_count = 0
sg_count = 0
elb_count = 0
aws_accounts = AwsAccounts()
accounts = aws_accounts.all()
pool = Pool(10)
results = pool.map(get_account_stats, accounts)
pool.close()
pool.join()
for acc_result in results:
instance_count += acc_result['InstanceCount']
user_count += acc_result['UserCount']
sg_count += acc_result['SecurityGroupCount']
elb_count += acc_result['ELBCount']
end = time.time()
result = dict(Time=(end - start),
Summary=dict(AccountsCount=len(accounts),
InstanceCount=instance_count,
UserCount=user_count,
SecurityGroupCount=sg_count,
ELBCount=elb_count))
return result
def ec2_count(function_name, account=None, region='us-east-1'):
""" EC2 Instance count in an AWS account
:param account: AWS account
:param region: AWS region
"""
start = time.time()
instance_data = []
if not account:
aws_accounts = AwsAccounts()
# running for all accounts, fan out Lambdas to make it faster
account_list = aws_accounts.all(attr=['accountNum', 'alias'])
account_map = []
for acc in account_list:
acc['region'] = region
acc['function_name'] = function_name
account_map.append(acc)
pool = Pool(10)
results = pool.map(invoke_instance_count, account_map)
pool.close()
pool.join()
# Flatten the result
instance_data = [item for sublist in results for item in sublist]
end = time.time()
return instance_data, (end - start)
else:
# running for a single account
end = time.time()
data = get_instance_count_for_account(account)
return data, (end - start)
def get_roles(function_name, account):
""" Get IAM roles for all accounts.
:param account: AWS account
"""
start = time.time()
aws_accounts = AwsAccounts()
if not account:
# running for all accounts, fan out Lambdas to make it faster
account_list = aws_accounts.all(attr=['accountNum', 'alias'])
pool = Pool(10)
account_map = []
for acc in account_list:
acc['function_name'] = function_name
account_map.append(acc)
results = pool.map(invoke_get_roles, account_map)
pool.close()
pool.join()
role_data = [item for sublist in results for item in sublist]
end = time.time()
else:
# running for a single account
end = time.time()
account_data = aws_accounts.with_number(account)
role_data = get_roles_for_account(account_data)
return role_data, (end - start)
def dashboard(role=None):
start = time.time()
instance_count = 0
user_count = 0
sg_count = 0
elb_count = 0
aws_accounts = AwsAccounts()
accounts = aws_accounts.all()
pool = Pool(10)
results = pool.map(get_account_stats, accounts)
pool.close()
pool.join()
for x in results:
instance_count += x['InstanceCount']
user_count += x['UserCount']
sg_count += x['SecurityGroupCount']
elb_count += x['ELBCount']
end = time.time()
result = dict(Time=(end - start),
Summary=dict(AccountsCount=len(accounts),
InstanceCount=instance_count,
UserCount=user_count,
SecurityGroupCount=sg_count,
ELBCount=elb_count))
return result
def get_security_groups(account, region='us-east-1'):
sg_data = []
aws_accounts = AwsAccounts()
accounts = aws_accounts.all()
session = boto3.session.Session(region_name=region)
if not account:
for acc in accounts:
if acc['accountNum']:
assume = rolesession.assume_crossact_audit_role(
session, acc['accountNum'], region)
if assume:
ec2 = assume.client('ec2')
security_groups = ec2.describe_security_groups(
)['SecurityGroups']
for group in security_groups:
sg_name = None
try:
for tag in group['Tags']:
if tag['Key'] == 'Name':
sg_name = tag['Value']
except:
sg_name = None
sg_data.append(
dict(Region=region,
GroupName=sg_name,
GroupId=(group['GroupId']),
AccountNum=acc['accountNum'],
AccountAlias=acc['alias']))
elif account.isdigit() and len(account) == 12:
assume = rolesession.assume_crossact_audit_role(
session, account, region)
alias = aws_accounts.with_number(account)['alias']
if assume:
ec2 = assume.client('ec2')
security_groups = ec2.describe_security_groups()['SecurityGroups']
for group in security_groups:
sg_name = None
for tag in group['Tags']:
if tag['Key'] == 'Name':
sg_name = tag['Value']
sg_id = group['GroupId']
sg_data.append(
dict(GroupName=sg_name,
GroupId=sg_id,
AccountNum=account,
AccountAlias=alias))
else:
return (dict(Message='Account not found'), 404)
# print(sg_data)
return dict(SecurityGroups=sg_data), 200
def get_dynamo_tables(account, region):
"""Provide an event that contains the following keys:
-account: account to look in or all for all security groups
-region: region to pull from
"""
dynamo_data = []
aws_accounts = AwsAccounts()
if not account:
accounts = aws_accounts.all()
session = boto3.session.Session()
for account in accounts:
assume = rolesession.assume_crossact_audit_role(
session, account['accountNum'], region)
if assume:
client = assume.client('dynamodb')
dynamo_list = client.list_tables()['TableNames']
for table in dynamo_list:
dynamo_data.append(
dict(Region=region,
TableName=table,
AccountNum=account['accountNum'],
AccountAlias=account['alias']))
else:
pass
elif account.isdigit() and len(account) == 12:
account_number = account
accounts_matching = aws_accounts.with_number(account_number)
alias = accounts_matching['alias']
session = boto3.session.Session()
assume = rolesession.assume_crossact_audit_role(
session, account_number, region)
if assume:
account = aws_accounts.with_number(account_number)
client = assume.client('dynamodb')
dynamo_list = client.list_tables()['TableNames']
for table in dynamo_list:
dynamo_data.append(
dict(Region=region,
TableName=table,
AccountNum=account['accountNum'],
AccountAlias=account['alias']))
else:
print("[D] Assume: %s" % assume)
return {"Error": "Unable to assume role"}, 500
else:
return dict(Error='Account not found.'), 404
return dict(Tables=dynamo_data), 200
def get_user_count(account=None):
start = time.time()
user_data = []
if not account:
aws_accounts = AwsAccounts()
# running for all accounts, fan out Lambdas to make it faster
account_list = aws_accounts.all(attr=['accountNum', 'alias'])
pool = Pool(10)
results = pool.map(invoke_user_count, account_list)
pool.close()
pool.join()
user_data = [item for sublist in results for item in sublist]
end = time.time()
final = dict(Summary=user_data, Time=(end - start))
return final
else:
# running for a single account
data = get_usercount_for_account(account)
return data
def get_elbs(account, region):
global elb_data
elb_data = []
global accounts
aws_accounts = AwsAccounts()
if not account:
session = boto3.session.Session(region_name=region)
for account_rec in aws_accounts.all():
elb_data.extend(
query_elbs_for_account(account_rec, region, session))
elif account.isdigit() and len(account) == 12:
session = boto3.session.Session()
aws_account = aws_accounts.with_number(account)
if aws_account:
elb_data.append(
query_elbs_for_account(aws_account, region, session))
else:
return dict(Message="Account not found"), 404
# print(elb_data)
return dict(LoadBalancers=elb_data), 200