def describe_route_tables(ec2, account, region, output_bucket):
"""continue from multithread ec2.describe_instances() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
rtable_list = ec2.describe_route_tables().get('RouteTables')
for rtable_obj in rtable_list:
#subnet_assocs = str(len(rtable_obj.get('Associations')))
subnet_assocs = rtable_q_assocs(rtable_obj)
r_entry_list = rtable_obj.get('Routes')
for r_entry in r_entry_list:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(rtable_obj.get('VpcId')),
misc.check_if(subnet_assocs),
misc.check_if(rtable_obj.get('RouteTableId')),
misc.check_if(check_tag(rtable_obj, str('Name'))),
misc.check_if(rtable_q_dest(r_entry)),
misc.check_if(rtable_q_target(r_entry)),
misc.check_if(r_entry.get('State')),
misc.check_if(rtable_q_propagate(r_entry)),
)))
def list_buckets(s3, account, output_bucket):
"""continue from multithread call
Args:
s3 (object): s3 client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
s3_bucket_list = s3.list_buckets().get('Buckets')
for s3_obj in s3_bucket_list:
site = []
try:
site = s3.get_bucket_website(Bucket=s3_obj.get('Name'))
except Exception, e:
error_code = e
if site:
site_enabled = 'true'
else:
site_enabled = 'false'
url = 'https://{0}.s3.amazonaws.com'.format(
str(s3_obj.get('Name'))
)
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(site_enabled),
misc.check_if(s3_obj.get('Name')),
misc.check_if(url),
)))
def describe_route_tables(ec2, account, region, output_bucket):
"""continue from multithread ec2.describe_instances() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
rtable_list = ec2.describe_route_tables().get("RouteTables")
for rtable_obj in rtable_list:
# subnet_assocs = str(len(rtable_obj.get('Associations')))
subnet_assocs = rtable_q_assocs(rtable_obj)
r_entry_list = rtable_obj.get("Routes")
for r_entry in r_entry_list:
output_bucket.append(
misc.format_line(
(
misc.check_if(account.get("name")),
misc.check_if(region.get("RegionName")),
misc.check_if(rtable_obj.get("VpcId")),
misc.check_if(subnet_assocs),
misc.check_if(rtable_obj.get("RouteTableId")),
misc.check_if(check_tag(rtable_obj, str("Name"))),
misc.check_if(rtable_q_dest(r_entry)),
misc.check_if(rtable_q_target(r_entry)),
misc.check_if(r_entry.get("State")),
misc.check_if(rtable_q_propagate(r_entry)),
)
)
)
def list_buckets(s3, account, output_bucket):
"""continue from multithread call
Args:
s3 (object): s3 client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
s3_bucket_list = s3.list_buckets().get('Buckets')
for s3_obj in s3_bucket_list:
site = []
try:
site = s3.get_bucket_website(Bucket=s3_obj.get('Name'))
except Exception, e:
error_code = e
if site:
site_enabled = 'true'
else:
site_enabled = 'false'
url = 'https://{0}.s3.amazonaws.com'.format(str(s3_obj.get('Name')))
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(site_enabled),
misc.check_if(s3_obj.get('Name')),
misc.check_if(url),
)))
def describe_instances(ec2, account, region, output_bucket):
"""continue from multithread ec2.describe_instances() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
ec2_list = [i for r in
ec2.describe_instances().get('Reservations') for i in
r.get('Instances')]
for ec2_obj in ec2_list:
#print ec2_obj
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(ec2_obj.get('VpcId')),
misc.check_if(ec2_obj.get('InstanceId')),
misc.check_if(ec2_obj.get('InstanceType')),
misc.check_if(ec2_obj.get('State').get('Name')),
misc.check_if(check_tag(ec2_obj, str('Name'))),
misc.check_if(ec2_obj.get('PrivateIpAddress')),
misc.check_if(ec2_obj.get('PublicIpAddress')),
misc.check_if(ec2_obj.get('KeyName'))
)))
def inventory_users(iam, account, output_bucket):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
users_list = iam.list_users().get('Users')
for user in users_list:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(user.get('UserName')),
misc.check_if(user.get('CreateDate').strftime('%Y_%m_%d')),
misc.check_if(is_password_set(iam, user.get('UserName'))),
misc.check_if(misc.date_to_days(user.get('PasswordLastUsed'))),
misc.check_if(count_active_keys(iam, user.get('UserName'))),
misc.check_if(mfa_enabled(iam, user.get('UserName'))),
misc.check_if(list_groups_for_user(iam, user.get('UserName'))),
misc.check_if(
list_user_policies_for_user(iam, user.get('UserName'))),
)))
def describe_vpcs(ec2, account, region, output_bucket):
"""continue from multithread ec2.describe_instances() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
vpc_list = ec2.describe_vpcs().get("Vpcs")
for vpc_obj in vpc_list:
output_bucket.append(
misc.format_line(
(
misc.check_if(account.get("name")),
misc.check_if(region.get("RegionName")),
misc.check_if(vpc_obj.get("VpcId")),
misc.check_if(check_tag(vpc_obj, str("Name"))),
misc.check_if(vpc_obj.get("State")),
misc.check_if(vpc_obj.get("CidrBlock")),
misc.check_if(str(vpc_obj.get("IsDefault"))),
misc.check_if(vpc_obj.get("InstanceTenancy")),
misc.check_if(vpc_obj.get("DhcpOptionsId")),
)
)
)
def describe_rds_instances(rds, account, region, output_bucket):
"""continue from multithread call
Args:
rds (object): rds client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
rds_list = rds.describe_db_instances().get('DBInstances')
for rds_obj in rds_list:
#print rds_obj
output_bucket.append(
misc.format_line(
(misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(rds_obj.get('DBSubnetGroup').get('VpcId')),
misc.check_if(rds_obj.get('DBInstanceIdentifier')),
misc.check_if(rds_obj.get('DBInstanceClass')),
misc.check_if(str(rds_obj.get('PubliclyAccessible'))),
misc.check_if(rds_obj.get('Endpoint').get('Address')),
misc.lookup(rds_obj.get('Endpoint').get('Address')),
misc.check_if(str(rds_obj.get('Endpoint').get('Port'))))))
def describe_snapshots(ec2, account, region, output_bucket):
"""continue from multithread describe_snapshots() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
'''extract owner_id from role'''
owner_id = str(re.split(':',account.get('role_arn'))[4])
'''get list of snapshots owned by owner_id'''
snap_list = ec2.describe_snapshots(OwnerIds=[owner_id]).get('Snapshots')
for snap_obj in snap_list:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(str(snap_obj.get('SnapshotId'))),
misc.check_if(str(misc.date_to_days(snap_obj.get('StartTime')))),
misc.check_if(str(snap_obj.get('StartTime').strftime('%Y_%m_%d'))),
misc.check_if(str(snap_obj.get('VolumeSize'))),
misc.check_if(str(snap_obj.get('Encrypted'))),
#'''get rid of commas if present'''
misc.check_if(str(re.sub('[,]','', snap_obj.get('Description')))),
)))
def describe_rds_instances(rds, account, region, output_bucket):
"""continue from multithread call
Args:
rds (object): rds client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
rds_list = rds.describe_db_instances().get('DBInstances')
for rds_obj in rds_list:
#print rds_obj
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(rds_obj.get('DBSubnetGroup').get('VpcId')),
misc.check_if(rds_obj.get('DBInstanceIdentifier')),
misc.check_if(rds_obj.get('DBInstanceClass')),
misc.check_if(str(rds_obj.get('PubliclyAccessible'))),
misc.check_if(rds_obj.get('Endpoint').get('Address')),
misc.lookup(rds_obj.get('Endpoint').get('Address')),
misc.check_if(str(rds_obj.get('Endpoint').get('Port')))
)))
def list_bucket_acls(s3, account, output_bucket):
"""continue from multithread call
Args:
s3 (object): s3 client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
s3_bucket_list = s3.list_buckets().get('Buckets')
for s3_obj in s3_bucket_list:
grants = []
try:
grants = s3.get_bucket_acl(Bucket=s3_obj.get('Name')).get('Grants')
except Exception, e:
error_code = e
if grants:
for grant in grants:
if grant.get('Grantee').get('DisplayName'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(s3_obj.get('Name')),
misc.check_if(grant.get('Grantee').get('DisplayName')),
misc.check_if(grant.get('Permission'))
)))
if grant.get('Grantee').get('URI'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(s3_obj.get('Name')),
misc.check_if(grant.get('Grantee').get('URI')),
misc.check_if(grant.get('Permission'))
)))
def describe_key_pairs(ec2, account, region, output_bucket):
"""continue from multithread ec2.describe_key_pairs() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
for key_pair in ec2.describe_key_pairs().get('KeyPairs'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(key_pair.get('KeyName')),
misc.check_if(key_pair.get('KeyFingerprint'))
)))
def describe_images(ec2, account, region, output_bucket):
"""continue from multithread describe_snapshots() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
'''extract owner_id from role'''
owner_id = str(re.split(':',account.get('role_arn'))[4])
'''get list of amis owned by owner_id'''
ami_list = ec2.describe_images(Owners=[owner_id]).get('Images')
for ami_obj in ami_list:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(str(ami_obj.get('ImageId'))),
misc.check_if(str(ami_obj.get('State'))),
misc.check_if(str(date_to_days(ami_obj.get('CreationDate')))),
misc.check_if(str(ami_obj.get('Public'))),
#'''get rid of commas if present'''
misc.check_if(str(re.sub('[,]','', ami_obj.get('Name')))),
)))
def describe_vpn_connections(ec2, account, region, output_bucket):
"""continue from multithread ec2.describe_instances() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
vpn_list = ec2.describe_vpn_connections().get("VpnConnections")
for vpn_obj in vpn_list:
"""extract VpcId from virtual private gateway information"""
vpn_cgw = ec2.describe_vpn_gateways(VpnGatewayIds=[vpn_obj.get("VpnGatewayId")]).get("VpnGateways")
for cgw_attachment in vpn_cgw:
for vpc_obj in cgw_attachment.get("VpcAttachments"):
vpc_id = str(vpc_obj.get("VpcId"))
"""now extract vpc cidr info"""
vpc_obj2 = ec2.describe_vpcs(VpcIds=[vpc_id]).get("Vpcs")
for vpc_net in vpc_obj2:
vpc_cidr = str(vpc_net.get("CidrBlock"))
"""need customer gateway to extract remote customer ip"""
customer_gw = ec2.describe_customer_gateways(CustomerGatewayIds=[vpn_obj.get("CustomerGatewayId")]).get(
"CustomerGateways"
)
output_bucket.append(
misc.format_line(
(
misc.check_if(account.get("name")),
misc.check_if(region.get("RegionName")),
misc.check_if(vpc_id),
misc.check_if(vpc_cidr),
misc.check_if(check_tag(vpn_obj, str("Name"))),
misc.check_if(vpn_obj.get("VpnConnectionId")),
misc.check_if(vpn_obj.get("State")),
misc.check_if(vpn_obj.get("CustomerGatewayId")),
misc.check_if(str("/".join(i.get("IpAddress") for i in customer_gw))),
misc.check_if(vpn_obj.get("Type")),
)
)
)
def inventory_access_keys(iam, account, output_bucket):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""get list of keys from the list of users"""
for user in iam.list_users().get('Users'):
for key in iam.list_access_keys(
UserName=user.get('UserName')).get('AccessKeyMetadata'):
"""find out which keys have been used"""
last_used = iam.get_access_key_last_used(
AccessKeyId=key.get('AccessKeyId')).get('AccessKeyLastUsed')
key_lastused = None
key_lastused_days = None
key_service = None
"""get info for active keys"""
if last_used.get('LastUsedDate'):
key_lastused = last_used.get('LastUsedDate').strftime(
'%Y_%m_%d')
key_lastused_days = misc.date_to_days(
last_used.get('LastUsedDate'))
key_service = last_used.get('ServiceName')
else:
"""mark inactive keys"""
key_lastused = 'Never'
key_lastused_days = '-1'
key_service = 'N/A'
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(user.get('UserName')),
misc.check_if(key.get('AccessKeyId')),
misc.check_if(str(misc.date_to_days(
key.get('CreateDate')))),
misc.check_if(key.get('CreateDate').strftime('%Y_%m_%d')),
misc.check_if(key.get('Status')),
misc.check_if(str(key_lastused_days)),
misc.check_if(key_lastused),
misc.check_if(key_service),
)))
def describe_vpn_connections(ec2, account, region, output_bucket):
"""continue from multithread ec2.describe_instances() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
vpn_list = ec2.describe_vpn_connections().get('VpnConnections')
for vpn_obj in vpn_list:
'''extract VpcId from virtual private gateway information'''
vpn_cgw = ec2.describe_vpn_gateways(
VpnGatewayIds=[vpn_obj.get('VpnGatewayId')]).get('VpnGateways')
for cgw_attachment in vpn_cgw:
for vpc_obj in cgw_attachment.get('VpcAttachments'):
vpc_id = str(vpc_obj.get('VpcId'))
'''now extract vpc cidr info'''
vpc_obj2 = ec2.describe_vpcs(VpcIds=[vpc_id]).get('Vpcs')
for vpc_net in vpc_obj2:
vpc_cidr = str(vpc_net.get('CidrBlock'))
'''need customer gateway to extract remote customer ip'''
customer_gw = ec2.describe_customer_gateways(
CustomerGatewayIds=[vpn_obj.get('CustomerGatewayId')]).get(
'CustomerGateways')
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(vpc_id),
misc.check_if(vpc_cidr),
misc.check_if(check_tag(vpn_obj, str('Name'))),
misc.check_if(vpn_obj.get('VpnConnectionId')),
misc.check_if(vpn_obj.get('State')),
misc.check_if(vpn_obj.get('CustomerGatewayId')),
misc.check_if(
str('/'.join(i.get('IpAddress') for i in customer_gw))),
misc.check_if(vpn_obj.get('Type')),
)))
def list_potential_exposed_files(s3, account, output_bucket):
"""continue from multithread call
Args:
s3 (object): s3 client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
s3_bucket_list = s3.list_buckets().get('Buckets')
for s3_obj in s3_bucket_list:
object_list = []
try:
object_list = s3.list_objects(Bucket=s3_obj.get('Name'))
except Exception, e:
error_code = e
try:
for obj_keys in object_list.get('Contents'):
obj_acl_list = s3.get_object_acl(
Bucket=s3_obj.get('Name'),
Key=obj_keys.get('Key')
).get('Grants')
if obj_acl_list:
for obj_acl in obj_acl_list:
if 'AllUsers' in str(obj_acl.get('Grantee')):
#output_bucket.append(misc.format_line((
url = 'http://{0}.s3.amazonaws.com/{1}'.format(
str(s3_obj.get('Name')),
str(obj_keys.get('Key'))
)
print (misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(obj_acl.get('Permission')),
misc.check_if('AllUsers'),
misc.check_if(url),
)))
except Exception, e:
error_code = e
def list_potential_exposed_files(s3, account, output_bucket):
"""continue from multithread call
Args:
s3 (object): s3 client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
s3_bucket_list = s3.list_buckets().get('Buckets')
for s3_obj in s3_bucket_list:
object_list = []
try:
object_list = s3.list_objects(Bucket=s3_obj.get('Name'))
except Exception, e:
error_code = e
try:
for obj_keys in object_list.get('Contents'):
obj_acl_list = s3.get_object_acl(
Bucket=s3_obj.get('Name'),
Key=obj_keys.get('Key')).get('Grants')
if obj_acl_list:
for obj_acl in obj_acl_list:
if 'AllUsers' in str(obj_acl.get('Grantee')):
#output_bucket.append(misc.format_line((
url = 'http://{0}.s3.amazonaws.com/{1}'.format(
str(s3_obj.get('Name')),
str(obj_keys.get('Key')))
print(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(obj_acl.get('Permission')),
misc.check_if('AllUsers'),
misc.check_if(url),
)))
except Exception, e:
error_code = e
def inventory_access_keys(iam, account, output_bucket):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""get list of keys from the list of users"""
for user in iam.list_users().get('Users'):
for key in iam.list_access_keys(
UserName=user.get('UserName')).get('AccessKeyMetadata'):
"""find out which keys have been used"""
last_used = iam.get_access_key_last_used(
AccessKeyId=key.get('AccessKeyId')).get('AccessKeyLastUsed')
key_lastused = None
key_lastused_days = None
key_service = None
"""get info for active keys"""
if last_used.get('LastUsedDate'):
key_lastused = last_used.get('LastUsedDate').strftime('%Y_%m_%d')
key_lastused_days = misc.date_to_days(last_used.get('LastUsedDate'))
key_service = last_used.get('ServiceName')
else:
"""mark inactive keys"""
key_lastused = 'Never'
key_lastused_days = '-1'
key_service = 'N/A'
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(user.get('UserName')),
misc.check_if(key.get('AccessKeyId')),
misc.check_if(str(misc.date_to_days(key.get('CreateDate')))),
misc.check_if(key.get('CreateDate').strftime('%Y_%m_%d')),
misc.check_if(key.get('Status')),
misc.check_if(str(key_lastused_days)),
misc.check_if(key_lastused),
misc.check_if(key_service),
)))
def describe_vpcs(ec2, account, region, output_bucket):
"""continue from multithread ec2.describe_instances() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
vpc_list = ec2.describe_vpcs().get('Vpcs')
for vpc_obj in vpc_list:
output_bucket.append(
misc.format_line((misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(vpc_obj.get('VpcId')),
misc.check_if(check_tag(vpc_obj, str('Name'))),
misc.check_if(vpc_obj.get('State')),
misc.check_if(vpc_obj.get('CidrBlock')),
misc.check_if(str(vpc_obj.get('IsDefault'))),
misc.check_if(vpc_obj.get('InstanceTenancy')),
misc.check_if(vpc_obj.get('DhcpOptionsId')))))
def inventory_users(iam, account, output_bucket):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
users_list = iam.list_users().get('Users')
for user in users_list:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(user.get('UserName')),
misc.check_if(user.get('CreateDate').strftime('%Y_%m_%d')),
misc.check_if(is_password_set(iam, user.get('UserName'))),
misc.check_if(misc.date_to_days(user.get('PasswordLastUsed'))),
misc.check_if(count_active_keys(iam, user.get('UserName'))),
misc.check_if(mfa_enabled(iam, user.get('UserName'))),
misc.check_if(list_groups_for_user(iam, user.get('UserName'))),
misc.check_if(list_user_policies_for_user(iam, user.get('UserName'))),
)))
def inventory_group_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
group_list = iam.list_groups().get('Groups')
for group in group_list:
"""pull out inline group policies"""
policies = iam.list_group_policies(
GroupName=group.get('GroupName')).get('PolicyNames')
for policy_name in policies:
policy = misc.json_pretty_print(
iam.get_group_policy(
GroupName=group.get('GroupName'),
PolicyName=policy_name).get('PolicyDocument'))
"""inline group policy entry"""
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(
group.get('GroupName'))),
misc.check_if(base64.b64encode(str(policy_name))),
misc.check_if(
base64.b64encode(str('<pre>' + policy +
'</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(group.get('GroupName')),
misc.check_if(str(policy_name)),
misc.check_if(str(policy)),
)))
def inventory_user_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
user_list = iam.list_users().get('Users')
for user in user_list:
"""pull out inline user policies"""
policies = iam.list_user_policies(
UserName=user.get('UserName')).get('PolicyNames')
for policy_name in policies:
policy = misc.json_pretty_print(
iam.get_user_policy(
UserName=user.get('UserName'),
PolicyName=policy_name
).get('PolicyDocument')
)
"""inline user policy entry"""
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(user.get('UserName'))),
misc.check_if(base64.b64encode(str(policy_name))),
misc.check_if(base64.b64encode(str('<pre>' + policy + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(user.get('UserName')),
misc.check_if(str(policy_name)),
misc.check_if(str(policy)),
)))
def security_group_list(ec2, account, region, output_bucket):
"""generate list of ec2s to check agains security groups
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""could not find ec2.instances() anywhere in boto3"""
ec2_list = [i for r in
ec2.describe_instances().get('Reservations') for i in
r.get('Instances')]
"""generate security group list"""
sg_list = ec2.describe_security_groups().get('SecurityGroups')
for sg_obj in sg_list:
ec2count = 0
"""find out how many ec2s are using a security group"""
for ec2_obj in ec2_list:
for sg in ec2_obj.get('SecurityGroups'):
if sg_obj.get('GroupId') == sg.get('GroupId'):
ec2count += 1
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(sg_obj.get('VpcId')),
misc.check_if(region.get('RegionName')),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(str(ec2count)),
misc.check_if(sg_obj.get('GroupName')),
misc.check_if(check_tag(sg_obj, str('RFC'))),
misc.check_if(re.sub('[,]', '-', sg_obj.get('Description')))
)))
def list_bucket_policies(s3, account, output_bucket, encode):
"""continue from multithread call
Args:
s3 (object): s3 client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
s3_bucket_list = s3.list_buckets().get('Buckets')
for s3_obj in s3_bucket_list:
bucket_policy = []
"""get bucket policy if defined """
try:
bucket_policy = s3.get_bucket_policy(Bucket=s3_obj.get('Name')).get('Policy')
except Exception, e:
error_code = e
if bucket_policy:
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(s3_obj.get('Name'))),
misc.check_if(base64.b64encode('s3:bucket_policy')),
misc.check_if(base64.b64encode(
'<pre>' +
misc.json_pretty_print(json.loads(bucket_policy)) +
'</pre>'))
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(s3_obj.get('Name')),
misc.check_if(str('s3:bucket_policy')),
misc.check_if(
misc.json_pretty_print(json.loads(bucket_policy)))
)))
def list_bucket_policies(s3, account, output_bucket, encode):
"""continue from multithread call
Args:
s3 (object): s3 client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
s3_bucket_list = s3.list_buckets().get('Buckets')
for s3_obj in s3_bucket_list:
bucket_policy = []
"""get bucket policy if defined """
try:
bucket_policy = s3.get_bucket_policy(
Bucket=s3_obj.get('Name')).get('Policy')
except Exception, e:
error_code = e
if bucket_policy:
if encode == 'on':
output_bucket.append(
misc.format_line(
(misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(s3_obj.get('Name'))),
misc.check_if(base64.b64encode('s3:bucket_policy')),
misc.check_if(
base64.b64encode('<pre>' + misc.json_pretty_print(
json.loads(bucket_policy)) + '</pre>')))))
else:
output_bucket.append(
misc.format_line((misc.check_if(account.get('name')),
misc.check_if(s3_obj.get('Name')),
misc.check_if(str('s3:bucket_policy')),
misc.check_if(
misc.json_pretty_print(
json.loads(bucket_policy))))))
def list_bucket_acls(s3, account, output_bucket):
"""continue from multithread call
Args:
s3 (object): s3 client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
s3_bucket_list = s3.list_buckets().get('Buckets')
for s3_obj in s3_bucket_list:
grants = []
try:
grants = s3.get_bucket_acl(Bucket=s3_obj.get('Name')).get('Grants')
except Exception, e:
error_code = e
if grants:
for grant in grants:
if grant.get('Grantee').get('DisplayName'):
output_bucket.append(
misc.format_line(
(misc.check_if(account.get('name')),
misc.check_if(s3_obj.get('Name')),
misc.check_if(
grant.get('Grantee').get('DisplayName')),
misc.check_if(grant.get('Permission')))))
if grant.get('Grantee').get('URI'):
output_bucket.append(
misc.format_line(
(misc.check_if(account.get('name')),
misc.check_if(s3_obj.get('Name')),
misc.check_if(grant.get('Grantee').get('URI')),
misc.check_if(grant.get('Permission')))))
def inventory_role_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
role_list = iam.list_roles().get('Roles')
for role in role_list:
assume_role_policy = misc.json_pretty_print(role.get('AssumeRolePolicyDocument'))
"""trust relationship policy"""
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('iam:trust_policy'))),
misc.check_if(base64.b64encode(role.get('RoleName'))),
misc.check_if(base64.b64encode(role.get('Arn'))),
misc.check_if(base64.b64encode(str('<pre>' + assume_role_policy + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('iam:trust_policy')),
misc.check_if(role.get('RoleName')),
misc.check_if(role.get('Arn')),
misc.check_if(str(assume_role_policy)),
)))
"""pull out inline role policies"""
policies = iam.list_role_policies(
RoleName=role.get('RoleName')).get('PolicyNames')
for policy_name in policies:
policy = misc.json_pretty_print(
iam.get_role_policy(
RoleName=role.get('RoleName'),
PolicyName=policy_name
).get('PolicyDocument')
)
"""inline role policy entry"""
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('iam:inline_policy'))),
misc.check_if(base64.b64encode(role.get('RoleName'))),
misc.check_if(base64.b64encode(str(policy_name))),
misc.check_if(base64.b64encode(str('<pre>' + policy + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('iam:inline_policy')),
misc.check_if(role.get('RoleName')),
misc.check_if(str(policy_name)),
misc.check_if(str(policy)),
)))
def inventory_managed_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
policy_list = iam.list_policies(
OnlyAttached=True).get('Policies')
for policy in policy_list:
policy_body = iam.get_policy_version(
PolicyArn=policy.get('Arn'),
VersionId=policy.get('DefaultVersionId')
).get('PolicyVersion').get('Document')
policy_body = misc.json_pretty_print(policy_body)
"""get list of groups using this policy"""
policy_groups = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyGroups')
"""get list of roles using this policy"""
policy_roles = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyRoles')
"""get list of users using this policy"""
policy_users = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyUsers')
if policy_groups:
for group_entity in policy_groups:
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('group_policy'))),
misc.check_if(base64.b64encode(group_entity.get('GroupName'))),
misc.check_if(base64.b64encode(policy.get('PolicyName'))),
misc.check_if(base64.b64encode(str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('group_policy')),
misc.check_if(group_entity.get('GroupName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
if policy_roles:
for role_entity in policy_roles:
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('role_policy'))),
misc.check_if(base64.b64encode(role_entity.get('RoleName'))),
misc.check_if(base64.b64encode(policy.get('PolicyName'))),
misc.check_if(base64.b64encode(str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('role_policy')),
misc.check_if(role_entity.get('RoleName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
if policy_users:
for user_entity in policy_users:
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('user_policy'))),
misc.check_if(base64.b64encode(user_entity.get('UserName'))),
misc.check_if(base64.b64encode(policy.get('PolicyName'))),
misc.check_if(base64.b64encode(str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('user_policy')),
misc.check_if(user_entity.get('UserName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
def sg_rule_sets_by_rds(rds, ec2, account, region, output_bucket):
"""generate list of security group rule sets by rds instance
Args:
rds (object): rds client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""generate list of rds instances"""
rds_list = rds.describe_db_instances().get('DBInstances')
"""generate list of security groups to get rule set details"""
sg_list = ec2.describe_security_groups().get('SecurityGroups')
for sg_obj in sg_list:
"""find out how many rdss are using a security group"""
for rds_obj in rds_list:
for rdssg in rds_obj.get('VpcSecurityGroups'):
"""check if security group is associated to rds instance"""
if sg_obj.get('GroupId') == rdssg.get('VpcSecurityGroupId'):
"""move on to rule entries"""
for rule in sg_obj.get('IpPermissions'):
"""cidr as source"""
for cidr in rule.get('IpRanges'):
if cidr.get('CidrIp'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(rds_obj.get('DBSubnetGroup').get('VpcId')),
misc.check_if(rds_obj.get('DBInstanceIdentifier')),
misc.check_if(str(rds_obj.get('PubliclyAccessible'))),
misc.check_if(rds_obj.get('Endpoint').get('Address')),
misc.check_if(str(rds_obj.get('Endpoint').get('Port'))),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(sg_obj.get('GroupName')),
misc.check_if(str(cidr.get('CidrIp'))),
misc.check_if(str(check_port(rule.get('FromPort')))),
misc.check_if(str(check_port(rule.get('ToPort')))),
misc.check_if(str(check_proto(rule.get('IpProtocol'))))
)))
"""security groups as source"""
for group in rule.get('UserIdGroupPairs'):
if group.get('GroupId'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(rds_obj.get('DBSubnetGroup').get('VpcId')),
misc.check_if(rds_obj.get('DBInstanceIdentifier')),
misc.check_if(str(rds_obj.get('PubliclyAccessible'))),
misc.check_if(rds_obj.get('Endpoint').get('Address')),
misc.check_if(str(rds_obj.get('Endpoint').get('Port'))),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(sg_obj.get('GroupName')),
misc.check_if(group.get('GroupId')),
misc.check_if(str(check_port(rule.get('FromPort')))),
misc.check_if(str(check_port(rule.get('ToPort')))),
misc.check_if(str(check_proto(rule.get('IpProtocol'))))
)))
def describe_vpc_peering(ec2, account, region, output_bucket):
"""continue from multithread ec2.describe_instances() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
peer_list = ec2.describe_vpc_peering_connections().get("VpcPeeringConnections")
for peer_obj in peer_list:
output_bucket.append(
misc.format_line(
(
misc.check_if(account.get("name")),
misc.check_if(region.get("RegionName")),
misc.check_if(check_tag(peer_obj, str("Name"))),
#'''redact account owner number'''
misc.check_if("..." + str(peer_obj.get("RequesterVpcInfo").get("OwnerId")[6:])),
misc.check_if(peer_obj.get("RequesterVpcInfo").get("VpcId")),
misc.check_if(peer_obj.get("RequesterVpcInfo").get("CidrBlock")),
#'''redact account owner number'''
misc.check_if("..." + str(peer_obj.get("AccepterVpcInfo").get("OwnerId")[6:])),
misc.check_if(peer_obj.get("AccepterVpcInfo").get("VpcId")),
misc.check_if(peer_obj.get("AccepterVpcInfo").get("CidrBlock")),
misc.check_if(peer_obj.get("Status").get("Message")),
misc.check_if(peer_obj.get("VpcPeeringConnectionId")),
)
)
)
for group_name in app_groups:
dep_group = codedeploy.get_deployment_group(
applicationName=app_obj,
deploymentGroupName=group_name).get('deploymentGroupInfo')
deployments = codedeploy.list_deployments(
applicationName=app_obj,
deploymentGroupName=group_name).get('deployments')
for deployment_name in deployments:
instances = '<br>'.join(
codedeploy.list_deployment_instances(
deploymentId=deployment_name).get('instancesList'))
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(str(
app_info.get('applicationName'))),
misc.check_if(str(app_info.get('linkedToGitHub'))),
misc.check_if(
str(
app_info.get('createTime').strftime(
'%Y_%m_%d'))),
misc.check_if(
str(
misc.date_to_days(
app_info.get('createTime')))),
misc.check_if(str(group_name)),
misc.check_if(
str(
def sg_rule_sets_by_rds(rds, ec2, account, region, output_bucket):
"""generate list of security group rule sets by rds instance
Args:
rds (object): rds client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""generate list of rds instances"""
rds_list = rds.describe_db_instances().get('DBInstances')
"""generate list of security groups to get rule set details"""
sg_list = ec2.describe_security_groups().get('SecurityGroups')
for sg_obj in sg_list:
"""find out how many rdss are using a security group"""
for rds_obj in rds_list:
for rdssg in rds_obj.get('VpcSecurityGroups'):
"""check if security group is associated to rds instance"""
if sg_obj.get('GroupId') == rdssg.get('VpcSecurityGroupId'):
"""move on to rule entries"""
for rule in sg_obj.get('IpPermissions'):
"""cidr as source"""
for cidr in rule.get('IpRanges'):
if cidr.get('CidrIp'):
output_bucket.append(
misc.format_line(
(misc.check_if(account.get('name')),
misc.check_if(
region.get('RegionName')),
misc.check_if(
rds_obj.get('DBSubnetGroup').get(
'VpcId')),
misc.check_if(
rds_obj.get(
'DBInstanceIdentifier')),
misc.check_if(
str(
rds_obj.get(
'PubliclyAccessible'))),
misc.check_if(
rds_obj.get('Endpoint').get(
'Address')),
misc.check_if(
str(
rds_obj.get('Endpoint').get(
'Port'))),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(
sg_obj.get('GroupName')),
misc.check_if(str(
cidr.get('CidrIp'))),
misc.check_if(
str(
check_port(
rule.get('FromPort')))),
misc.check_if(
str(check_port(
rule.get('ToPort')))),
misc.check_if(
str(
check_proto(
rule.get('IpProtocol'))))
)))
"""security groups as source"""
for group in rule.get('UserIdGroupPairs'):
if group.get('GroupId'):
output_bucket.append(
misc.format_line(
(misc.check_if(account.get('name')),
misc.check_if(
region.get('RegionName')),
misc.check_if(
rds_obj.get('DBSubnetGroup').get(
'VpcId')),
misc.check_if(
rds_obj.get(
'DBInstanceIdentifier')),
misc.check_if(
str(
rds_obj.get(
'PubliclyAccessible'))),
misc.check_if(
rds_obj.get('Endpoint').get(
'Address')),
misc.check_if(
str(
rds_obj.get('Endpoint').get(
'Port'))),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(
sg_obj.get('GroupName')),
misc.check_if(group.get('GroupId')),
misc.check_if(
str(
check_port(
rule.get('FromPort')))),
misc.check_if(
str(check_port(
rule.get('ToPort')))),
misc.check_if(
str(
check_proto(
rule.get('IpProtocol'))))
)))
for group_name in app_groups:
dep_group = codedeploy.get_deployment_group(
applicationName=app_obj,
deploymentGroupName=group_name
).get('deploymentGroupInfo')
deployments = codedeploy.list_deployments(
applicationName=app_obj,
deploymentGroupName=group_name
).get('deployments')
for deployment_name in deployments:
instances = '<br>'.join(codedeploy.list_deployment_instances(
deploymentId=deployment_name
).get('instancesList'))
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(str(app_info.get('applicationName'))),
misc.check_if(str(app_info.get('linkedToGitHub'))),
misc.check_if(str(app_info.get('createTime').strftime('%Y_%m_%d'))),
misc.check_if(str(misc.date_to_days(app_info.get('createTime')))),
misc.check_if(str(group_name)),
misc.check_if(str(dep_group.get('targetRevision').get('revisionType'))),
misc.check_if(str(instances)),
misc.check_if(str(dep_group.get('serviceRoleArn'))),
)))
def describe_vpc_peering(ec2, account, region, output_bucket):
"""continue from multithread ec2.describe_instances() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
peer_list = ec2.describe_vpc_peering_connections().get(
'VpcPeeringConnections')
for peer_obj in peer_list:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(check_tag(peer_obj, str('Name'))),
#'''redact account owner number'''
misc.check_if(
'...' +
str(peer_obj.get('RequesterVpcInfo').get('OwnerId')[6:])),
misc.check_if(peer_obj.get('RequesterVpcInfo').get('VpcId')),
misc.check_if(
peer_obj.get('RequesterVpcInfo').get('CidrBlock')),
#'''redact account owner number'''
misc.check_if(
'...' +
str(peer_obj.get('AccepterVpcInfo').get('OwnerId')[6:])),
misc.check_if(peer_obj.get('AccepterVpcInfo').get('VpcId')),
misc.check_if(
peer_obj.get('AccepterVpcInfo').get('CidrBlock')),
misc.check_if(peer_obj.get('Status').get('Message')),
misc.check_if(peer_obj.get('VpcPeeringConnectionId')),
)))
def describe_elb_instances(elb, account, region, output_bucket):
"""continue from multithread call
Args:
elb (object): elb client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
elb_list = elb.describe_load_balancers().get('LoadBalancerDescriptions')
for elb_obj in elb_list:
#print elb_obj
"""dns lookup fqdn"""
elb_ip = misc.lookup(elb_obj.get('DNSName'))
"""get list of attached ec2 ids"""
ec2id = get_ec2s(elb_obj.get('Instances'))
for elb_listener in elb_obj.get('ListenerDescriptions'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(elb_obj.get('VPCId')),
misc.check_if(elb_obj.get('LoadBalancerName')),
misc.check_if(elb_obj.get('Scheme')),
misc.check_if(elb_ip),
misc.check_if(elb_obj.get('DNSName')),
misc.check_if(str(elb_listener.get('Listener').get('LoadBalancerPort'))),
misc.check_if(elb_listener.get('Listener').get('Protocol')),
misc.check_if(ec2id),
misc.check_if(str(elb_listener.get('Listener').get('InstancePort'))),
misc.check_if(elb_listener.get('Listener').get('InstanceProtocol'))
)))
def sg_rule_sets(ec2, account, region, output_bucket):
"""generate list of security group rule sets
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""generate security group list"""
sg_list = ec2.describe_security_groups().get('SecurityGroups')
for sg_obj in sg_list:
for rule in sg_obj.get('IpPermissions'):
"""cidr as source"""
for cidr in rule.get('IpRanges'):
if cidr.get('CidrIp'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(sg_obj.get('VpcId')),
misc.check_if(region.get('RegionName')),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(sg_obj.get('GroupName')),
misc.check_if(str(cidr.get('CidrIp'))),
misc.check_if(str(check_port(rule.get('FromPort')))),
misc.check_if(str(check_port(rule.get('ToPort')))),
misc.check_if(str(check_proto(rule.get('IpProtocol'))))
)))
"""security groups as source"""
for group in rule.get('UserIdGroupPairs'):
if group.get('GroupId'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(sg_obj.get('VpcId')),
misc.check_if(region.get('RegionName')),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(sg_obj.get('GroupName')),
misc.check_if(group.get('GroupId')),
misc.check_if(str(check_port(rule.get('FromPort')))),
misc.check_if(str(check_port(rule.get('ToPort')))),
misc.check_if(str(check_proto(rule.get('IpProtocol'))))
)))
def describe_network_acls(ec2, account, region, output_bucket):
"""continue from multithread call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
netacl_list = ec2.describe_network_acls().get("NetworkAcls")
for acl_obj in netacl_list:
for rule_obj in acl_obj.get("Entries"):
"""extract direction"""
direction = "inbound"
if str(rule_obj.get("Egress")) == "True":
direction = "outbound"
output_bucket.append(
misc.format_line(
(
misc.check_if(account.get("name")),
misc.check_if(region.get("RegionName")),
misc.check_if(acl_obj.get("VpcId")),
misc.check_if(check_tag(acl_obj, str("Name"))),
misc.check_if(acl_obj.get("NetworkAclId")),
misc.check_if(str(acl_obj.get("IsDefault"))),
misc.check_if(str(rule_obj.get("RuleNumber"))),
misc.check_if(str(direction)),
misc.check_if(str(rule_obj.get("Protocol"))),
misc.check_if(str(rule_obj.get("CidrBlock"))),
misc.check_if(str(rule_obj.get("RuleAction"))),
)
)
)
def inventory_role_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
role_list = iam.list_roles().get('Roles')
for role in role_list:
assume_role_policy = misc.json_pretty_print(
role.get('AssumeRolePolicyDocument'))
"""trust relationship policy"""
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(str('iam:trust_policy'))),
misc.check_if(base64.b64encode(role.get('RoleName'))),
misc.check_if(base64.b64encode(role.get('Arn'))),
misc.check_if(
base64.b64encode(
str('<pre>' + assume_role_policy + '</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('iam:trust_policy')),
misc.check_if(role.get('RoleName')),
misc.check_if(role.get('Arn')),
misc.check_if(str(assume_role_policy)),
)))
"""pull out inline role policies"""
policies = iam.list_role_policies(
RoleName=role.get('RoleName')).get('PolicyNames')
for policy_name in policies:
policy = misc.json_pretty_print(
iam.get_role_policy(
RoleName=role.get('RoleName'),
PolicyName=policy_name).get('PolicyDocument'))
"""inline role policy entry"""
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(
base64.b64encode(str('iam:inline_policy'))),
misc.check_if(base64.b64encode(role.get('RoleName'))),
misc.check_if(base64.b64encode(str(policy_name))),
misc.check_if(
base64.b64encode(str('<pre>' + policy +
'</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('iam:inline_policy')),
misc.check_if(role.get('RoleName')),
misc.check_if(str(policy_name)),
misc.check_if(str(policy)),
)))
def inventory_managed_policies(iam, account, output_bucket, encode):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
policy_list = iam.list_policies(OnlyAttached=True).get('Policies')
for policy in policy_list:
policy_body = iam.get_policy_version(
PolicyArn=policy.get('Arn'),
VersionId=policy.get('DefaultVersionId')).get('PolicyVersion').get(
'Document')
policy_body = misc.json_pretty_print(policy_body)
"""get list of groups using this policy"""
policy_groups = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyGroups')
"""get list of roles using this policy"""
policy_roles = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyRoles')
"""get list of users using this policy"""
policy_users = iam.list_entities_for_policy(
PolicyArn=policy.get('Arn')).get('PolicyUsers')
if policy_groups:
for group_entity in policy_groups:
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(
account.get('name'))),
misc.check_if(base64.b64encode(
str('group_policy'))),
misc.check_if(
base64.b64encode(
group_entity.get('GroupName'))),
misc.check_if(
base64.b64encode(policy.get('PolicyName'))),
misc.check_if(
base64.b64encode(
str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('group_policy')),
misc.check_if(group_entity.get('GroupName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
if policy_roles:
for role_entity in policy_roles:
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(
account.get('name'))),
misc.check_if(base64.b64encode(
str('role_policy'))),
misc.check_if(
base64.b64encode(role_entity.get('RoleName'))),
misc.check_if(
base64.b64encode(policy.get('PolicyName'))),
misc.check_if(
base64.b64encode(
str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('role_policy')),
misc.check_if(role_entity.get('RoleName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
if policy_users:
for user_entity in policy_users:
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(
account.get('name'))),
misc.check_if(base64.b64encode(
str('user_policy'))),
misc.check_if(
base64.b64encode(user_entity.get('UserName'))),
misc.check_if(
base64.b64encode(policy.get('PolicyName'))),
misc.check_if(
base64.b64encode(
str('<pre>' + policy_body + '</pre>'))),
)))
else:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(str('user_policy')),
misc.check_if(user_entity.get('UserName')),
misc.check_if(policy.get('PolicyName')),
misc.check_if(str(policy_body)),
)))
def describe_network_acls(ec2, account, region, output_bucket):
"""continue from multithread call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
netacl_list = ec2.describe_network_acls().get('NetworkAcls')
for acl_obj in netacl_list:
for rule_obj in acl_obj.get('Entries'):
'''extract direction'''
direction = 'inbound'
if str(rule_obj.get('Egress')) == 'True':
direction = 'outbound'
output_bucket.append(
misc.format_line(
(misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(acl_obj.get('VpcId')),
misc.check_if(check_tag(acl_obj, str('Name'))),
misc.check_if(acl_obj.get('NetworkAclId')),
misc.check_if(str(acl_obj.get('IsDefault'))),
misc.check_if(str(rule_obj.get('RuleNumber'))),
misc.check_if(str(direction)),
misc.check_if(str(rule_obj.get('Protocol'))),
misc.check_if(str(rule_obj.get('CidrBlock'))),
misc.check_if(str(rule_obj.get('RuleAction'))))))
def describe_elb_instances(elb, account, region, output_bucket):
"""continue from multithread call
Args:
elb (object): elb client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
elb_list = elb.describe_load_balancers().get('LoadBalancerDescriptions')
for elb_obj in elb_list:
#print elb_obj
"""dns lookup fqdn"""
elb_ip = misc.lookup(elb_obj.get('DNSName'))
"""get list of attached ec2 ids"""
ec2id = get_ec2s(elb_obj.get('Instances'))
for elb_listener in elb_obj.get('ListenerDescriptions'):
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(elb_obj.get('VPCId')),
misc.check_if(elb_obj.get('LoadBalancerName')),
misc.check_if(elb_obj.get('Scheme')),
misc.check_if(elb_ip),
misc.check_if(elb_obj.get('DNSName')),
misc.check_if(
str(
elb_listener.get('Listener').get(
'LoadBalancerPort'))),
misc.check_if(
elb_listener.get('Listener').get('Protocol')),
misc.check_if(ec2id),
misc.check_if(
str(elb_listener.get('Listener').get('InstancePort'))),
misc.check_if(
elb_listener.get('Listener').get('InstanceProtocol'))
)))
def describe_subnets(ec2, account, region, output_bucket):
"""continue from multithread call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
subnet_list = ec2.describe_subnets().get('Subnets')
for subnet_obj in subnet_list:
"""check if flow have been enabled for this subnet"""
sub_flow_logs = None
try:
sub_flow_logs = ec2.describe_flow_logs(
Filter=[{
'Name': 'resource-id',
'Values': [subnet_obj.get('SubnetId')]
}]).get('FlowLogs')
except Exception, e:
error_code = e
if sub_flow_logs:
flow_enabled = str('True')
else:
flow_enabled = str('False')
output_bucket.append(
misc.format_line(
(misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(subnet_obj.get('VpcId')),
misc.check_if(check_tag(subnet_obj, str('Name'))),
misc.check_if(subnet_obj.get('SubnetId')),
misc.check_if(subnet_obj.get('State')),
misc.check_if(flow_enabled),
misc.check_if(subnet_obj.get('CidrBlock')),
misc.check_if(str(subnet_obj.get('AvailableIpAddressCount'))),
misc.check_if(str(subnet_obj.get('DefaultForAz'))),
misc.check_if(str(subnet_obj.get('MapPublicIpOnLaunch'))))))
def describe_subnets(ec2, account, region, output_bucket):
"""continue from multithread call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
subnet_list = ec2.describe_subnets().get("Subnets")
for subnet_obj in subnet_list:
"""check if flow have been enabled for this subnet"""
sub_flow_logs = None
try:
sub_flow_logs = ec2.describe_flow_logs(
Filter=[{"Name": "resource-id", "Values": [subnet_obj.get("SubnetId")]}]
).get("FlowLogs")
except Exception, e:
error_code = e
if sub_flow_logs:
flow_enabled = str("True")
else:
flow_enabled = str("False")
output_bucket.append(
misc.format_line(
(
misc.check_if(account.get("name")),
misc.check_if(region.get("RegionName")),
misc.check_if(subnet_obj.get("VpcId")),
misc.check_if(check_tag(subnet_obj, str("Name"))),
misc.check_if(subnet_obj.get("SubnetId")),
misc.check_if(subnet_obj.get("State")),
misc.check_if(flow_enabled),
misc.check_if(subnet_obj.get("CidrBlock")),
misc.check_if(str(subnet_obj.get("AvailableIpAddressCount"))),
misc.check_if(str(subnet_obj.get("DefaultForAz"))),
misc.check_if(str(subnet_obj.get("MapPublicIpOnLaunch"))),
)
)
)
except Exception, e:
error_code = e
if trail_list:
for trail in trail_list:
trail_status = cltr.get_trail_status(Name=trail.get('Name'))
cw_log_group = 'no-record'
cloudwatch_enabled = 'False'
if trail.get('CloudWatchLogsLogGroupArn'):
cloudwatch_enabled = 'True'
cw_log_group = re.split(
":", trail.get('CloudWatchLogsLogGroupArn'))[6]
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(trail.get('Name')),
misc.check_if(str(trail_status.get('IsLogging'))),
misc.check_if(str(cloudwatch_enabled)),
misc.check_if(
str(
trail_status.get('LatestDeliveryTime').strftime(
'%Y_%m_%d %I:%M %p'))),
misc.check_if(str(cw_log_group)),
misc.check_if(trail.get('S3BucketName')),
)))
else:
output_bucket.append(
misc.format_line((
def sg_rule_sets_by_ec2_with_role(ec2, account, region, output_bucket):
"""generate list of security group rule sets by ec2 instance
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""could not find ec2.instances() anywhere in boto3"""
ec2_list = [i for r in
ec2.describe_instances().get('Reservations') for i in
r.get('Instances')]
"""generate security group list"""
sg_list = ec2.describe_security_groups().get('SecurityGroups')
for sg_obj in sg_list:
"""find out how many ec2s are using a security group"""
for ec2_obj in ec2_list:
"""check if ec2 is attached to a role"""
if ec2_obj.get('IamInstanceProfile'):
ec2_role = re.split('/',ec2_obj.get('IamInstanceProfile').get('Arn'))[1]
for ec2sg in ec2_obj.get('SecurityGroups'):
if sg_obj.get('GroupId') == ec2sg.get('GroupId'):
"""move on to rule entries"""
for rule in sg_obj.get('IpPermissions'):
"""cidr as source"""
for cidr in rule.get('IpRanges'):
if cidr.get('CidrIp'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(sg_obj.get('VpcId')),
misc.check_if(ec2_obj.get('InstanceId')),
misc.check_if(ec2_role),
misc.check_if(ec2_obj.get('State').get('Name')),
misc.check_if(check_tag(ec2_obj, str('Name'))),
misc.check_if(ec2_obj.get('PrivateIpAddress')),
misc.check_if(ec2_obj.get('PublicIpAddress')),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(sg_obj.get('GroupName')),
misc.check_if(str(cidr.get('CidrIp'))),
misc.check_if(str(check_port(rule.get('FromPort')))),
misc.check_if(str(check_port(rule.get('ToPort')))),
misc.check_if(str(check_proto(rule.get('IpProtocol'))))
)))
"""security groups as source"""
for group in rule.get('UserIdGroupPairs'):
if group.get('GroupId'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(sg_obj.get('VpcId')),
misc.check_if(ec2_obj.get('InstanceId')),
misc.check_if(ec2_role),
misc.check_if(ec2_obj.get('State').get('Name')),
misc.check_if(check_tag(ec2_obj, str('Name'))),
misc.check_if(ec2_obj.get('PrivateIpAddress')),
misc.check_if(ec2_obj.get('PublicIpAddress')),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(sg_obj.get('GroupName')),
misc.check_if(group.get('GroupId')),
misc.check_if(str(check_port(rule.get('FromPort')))),
misc.check_if(str(check_port(rule.get('ToPort')))),
misc.check_if(str(check_proto(rule.get('IpProtocol'))))
)))
def sg_rule_sets_by_elb(elb, ec2, account, region, output_bucket):
"""generate list of security group rule sets by elb instance
Args:
elb (object): elb client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""generate list of elb instances"""
elb_list = elb.describe_load_balancers().get('LoadBalancerDescriptions')
"""generate list of security groups to get rule set details"""
sg_list = ec2.describe_security_groups().get('SecurityGroups')
for sg_obj in sg_list:
"""find out how many elbs are using a security group"""
for elb_obj in elb_list:
for elbsg in elb_obj.get('SecurityGroups'):
"""check if security group is associated to elb instance"""
if sg_obj.get('GroupId') == elbsg:
elb_ip = misc.lookup(elb_obj.get('DNSName'))
"""move on to rule entries"""
for rule in sg_obj.get('IpPermissions'):
"""cidr as source"""
for cidr in rule.get('IpRanges'):
if cidr.get('CidrIp'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(elb_obj.get('VPCId')),
misc.check_if(elb_obj.get('LoadBalancerName')),
misc.check_if(elb_obj.get('Scheme')),
misc.check_if(elb_ip),
misc.check_if(elb_obj.get('DNSName')),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(sg_obj.get('GroupName')),
misc.check_if(str(cidr.get('CidrIp'))),
misc.check_if(str(check_port(rule.get('FromPort')))),
misc.check_if(str(check_port(rule.get('ToPort')))),
misc.check_if(str(check_proto(rule.get('IpProtocol'))))
)))
"""security groups as source"""
for group in rule.get('UserIdGroupPairs'):
if group.get('GroupId'):
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(elb_obj.get('VPCId')),
misc.check_if(elb_obj.get('LoadBalancerName')),
misc.check_if(elb_obj.get('Scheme')),
misc.check_if(elb_ip),
misc.check_if(elb_obj.get('DNSName')),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(sg_obj.get('GroupName')),
misc.check_if(group.get('GroupId')),
misc.check_if(str(check_port(rule.get('FromPort')))),
misc.check_if(str(check_port(rule.get('ToPort')))),
misc.check_if(str(check_proto(rule.get('IpProtocol'))))
)))
def sg_rule_sets_by_elb(elb, ec2, account, region, output_bucket):
"""generate list of security group rule sets by elb instance
Args:
elb (object): elb client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""generate list of elb instances"""
elb_list = elb.describe_load_balancers().get('LoadBalancerDescriptions')
"""generate list of security groups to get rule set details"""
sg_list = ec2.describe_security_groups().get('SecurityGroups')
for sg_obj in sg_list:
"""find out how many elbs are using a security group"""
for elb_obj in elb_list:
for elbsg in elb_obj.get('SecurityGroups'):
"""check if security group is associated to elb instance"""
if sg_obj.get('GroupId') == elbsg:
elb_ip = misc.lookup(elb_obj.get('DNSName'))
"""move on to rule entries"""
for rule in sg_obj.get('IpPermissions'):
"""cidr as source"""
for cidr in rule.get('IpRanges'):
if cidr.get('CidrIp'):
output_bucket.append(
misc.format_line(
(misc.check_if(account.get('name')),
misc.check_if(
region.get('RegionName')),
misc.check_if(elb_obj.get('VPCId')),
misc.check_if(
elb_obj.get('LoadBalancerName')),
misc.check_if(elb_obj.get('Scheme')),
misc.check_if(elb_ip),
misc.check_if(elb_obj.get('DNSName')),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(
sg_obj.get('GroupName')),
misc.check_if(str(
cidr.get('CidrIp'))),
misc.check_if(
str(
check_port(
rule.get('FromPort')))),
misc.check_if(
str(check_port(
rule.get('ToPort')))),
misc.check_if(
str(
check_proto(
rule.get('IpProtocol'))))
)))
"""security groups as source"""
for group in rule.get('UserIdGroupPairs'):
if group.get('GroupId'):
output_bucket.append(
misc.format_line(
(misc.check_if(account.get('name')),
misc.check_if(
region.get('RegionName')),
misc.check_if(elb_obj.get('VPCId')),
misc.check_if(
elb_obj.get('LoadBalancerName')),
misc.check_if(elb_obj.get('Scheme')),
misc.check_if(elb_ip),
misc.check_if(elb_obj.get('DNSName')),
misc.check_if(sg_obj.get('GroupId')),
misc.check_if(
sg_obj.get('GroupName')),
misc.check_if(group.get('GroupId')),
misc.check_if(
str(
check_port(
rule.get('FromPort')))),
misc.check_if(
str(check_port(
rule.get('ToPort')))),
misc.check_if(
str(
check_proto(
rule.get('IpProtocol'))))
)))
for message in search_logGroup.get('events'):
event_name = (json.loads(message.get('message'))).get('eventName')
event_time = (json.loads(message.get('message'))).get('eventTime')
arn = (json.loads(
message.get('message'))).get('userIdentity').get('arn')
source_address = (json.loads(
message.get('message'))).get('sourceIPAddress')
request_param = misc.json_pretty_print(
(json.loads(message.get('message'))).get('requestParameters'))
response_elem = misc.json_pretty_print(
(json.loads(message.get('message'))).get('responseElements'))
if encode == 'on':
output_bucket.append(
misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(
base64.b64encode(region.get('RegionName'))),
misc.check_if(base64.b64encode(event_name)),
misc.check_if(base64.b64encode(str(event_time))),
misc.check_if(base64.b64encode(misc.check_if(arn))),
misc.check_if(base64.b64encode(str(source_address))),
misc.check_if(
base64.b64encode(
str('<pre>' + request_param + '</pre>'))),
misc.check_if(
base64.b64encode(
str('<pre>' + response_elem + '</pre>'))),
)))
else:
output_bucket.append(
except Exception, e:
error_code = e
#print e
if search_logGroup:
for message in search_logGroup.get('events'):
event_name = (json.loads(message.get('message'))).get('eventName')
event_time = (json.loads(message.get('message'))).get('eventTime')
arn = (json.loads(message.get('message'))).get('userIdentity').get('arn')
source_address = (json.loads(message.get('message'))).get('sourceIPAddress')
request_param = misc.json_pretty_print((json.loads(message.get('message'))).get('requestParameters'))
response_elem = misc.json_pretty_print((json.loads(message.get('message'))).get('responseElements'))
if encode == 'on':
output_bucket.append(misc.format_line((
misc.check_if(base64.b64encode(account.get('name'))),
misc.check_if(base64.b64encode(region.get('RegionName'))),
misc.check_if(base64.b64encode(event_name)),
misc.check_if(base64.b64encode(str(event_time))),
misc.check_if(base64.b64encode(misc.check_if(arn))),
misc.check_if(base64.b64encode(str(source_address))),
misc.check_if(base64.b64encode(str('<pre>' + request_param + '</pre>'))),
misc.check_if(base64.b64encode(str('<pre>' + response_elem + '</pre>'))),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(event_name),
misc.check_if(str(event_time)),
misc.check_if(arn),
except Exception, e:
error_code = e
if trail_list:
for trail in trail_list:
trail_status = cltr.get_trail_status(
Name=trail.get('Name')
)
cw_log_group = 'no-record'
cloudwatch_enabled = 'False'
if trail.get('CloudWatchLogsLogGroupArn'):
cloudwatch_enabled = 'True'
cw_log_group = re.split(":",trail.get('CloudWatchLogsLogGroupArn'))[6]
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(trail.get('Name')),
misc.check_if(str(trail_status.get('IsLogging'))),
misc.check_if(str(cloudwatch_enabled)),
misc.check_if(str(trail_status.get('LatestDeliveryTime').strftime('%Y_%m_%d %I:%M %p'))),
misc.check_if(str(cw_log_group)),
misc.check_if(trail.get('S3BucketName')),
)))
else:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(str('not-configured')),
misc.check_if(str('False')),