def inventory_users(iam, account, output_bucket): """continue from multithread call Args: iam (object): iam client object account (dict): aws accounts output_bucket (list): results bucket holder Returns: nothing. appends results to output_bucket """ users_list = iam.list_users().get('Users') for user in users_list: output_bucket.append( misc.format_line(( misc.check_if(account.get('name')), misc.check_if(user.get('UserName')), misc.check_if(user.get('CreateDate').strftime('%Y_%m_%d')), misc.check_if(is_password_set(iam, user.get('UserName'))), misc.check_if(misc.date_to_days(user.get('PasswordLastUsed'))), misc.check_if(count_active_keys(iam, user.get('UserName'))), misc.check_if(mfa_enabled(iam, user.get('UserName'))), misc.check_if(list_groups_for_user(iam, user.get('UserName'))), misc.check_if( list_user_policies_for_user(iam, user.get('UserName'))), )))
def describe_snapshots(ec2, account, region, output_bucket): """continue from multithread describe_snapshots() call Args: ec2 (object): ec2 client object account (dict): aws accounts region (dict): regions output_bucket (list): results bucket holder Returns: nothing. appends results to output_bucket """ '''extract owner_id from role''' owner_id = str(re.split(':',account.get('role_arn'))[4]) '''get list of snapshots owned by owner_id''' snap_list = ec2.describe_snapshots(OwnerIds=[owner_id]).get('Snapshots') for snap_obj in snap_list: output_bucket.append(misc.format_line(( misc.check_if(account.get('name')), misc.check_if(region.get('RegionName')), misc.check_if(str(snap_obj.get('SnapshotId'))), misc.check_if(str(misc.date_to_days(snap_obj.get('StartTime')))), misc.check_if(str(snap_obj.get('StartTime').strftime('%Y_%m_%d'))), misc.check_if(str(snap_obj.get('VolumeSize'))), misc.check_if(str(snap_obj.get('Encrypted'))), #'''get rid of commas if present''' misc.check_if(str(re.sub('[,]','', snap_obj.get('Description')))), )))
def inventory_access_keys(iam, account, output_bucket): """continue from multithread call Args: iam (object): iam client object account (dict): aws accounts output_bucket (list): results bucket holder Returns: nothing. appends results to output_bucket """ """get list of keys from the list of users""" for user in iam.list_users().get('Users'): for key in iam.list_access_keys( UserName=user.get('UserName')).get('AccessKeyMetadata'): """find out which keys have been used""" last_used = iam.get_access_key_last_used( AccessKeyId=key.get('AccessKeyId')).get('AccessKeyLastUsed') key_lastused = None key_lastused_days = None key_service = None """get info for active keys""" if last_used.get('LastUsedDate'): key_lastused = last_used.get('LastUsedDate').strftime( '%Y_%m_%d') key_lastused_days = misc.date_to_days( last_used.get('LastUsedDate')) key_service = last_used.get('ServiceName') else: """mark inactive keys""" key_lastused = 'Never' key_lastused_days = '-1' key_service = 'N/A' output_bucket.append( misc.format_line(( misc.check_if(account.get('name')), misc.check_if(user.get('UserName')), misc.check_if(key.get('AccessKeyId')), misc.check_if(str(misc.date_to_days( key.get('CreateDate')))), misc.check_if(key.get('CreateDate').strftime('%Y_%m_%d')), misc.check_if(key.get('Status')), misc.check_if(str(key_lastused_days)), misc.check_if(key_lastused), misc.check_if(key_service), )))
def inventory_access_keys(iam, account, output_bucket): """continue from multithread call Args: iam (object): iam client object account (dict): aws accounts output_bucket (list): results bucket holder Returns: nothing. appends results to output_bucket """ """get list of keys from the list of users""" for user in iam.list_users().get('Users'): for key in iam.list_access_keys( UserName=user.get('UserName')).get('AccessKeyMetadata'): """find out which keys have been used""" last_used = iam.get_access_key_last_used( AccessKeyId=key.get('AccessKeyId')).get('AccessKeyLastUsed') key_lastused = None key_lastused_days = None key_service = None """get info for active keys""" if last_used.get('LastUsedDate'): key_lastused = last_used.get('LastUsedDate').strftime('%Y_%m_%d') key_lastused_days = misc.date_to_days(last_used.get('LastUsedDate')) key_service = last_used.get('ServiceName') else: """mark inactive keys""" key_lastused = 'Never' key_lastused_days = '-1' key_service = 'N/A' output_bucket.append(misc.format_line(( misc.check_if(account.get('name')), misc.check_if(user.get('UserName')), misc.check_if(key.get('AccessKeyId')), misc.check_if(str(misc.date_to_days(key.get('CreateDate')))), misc.check_if(key.get('CreateDate').strftime('%Y_%m_%d')), misc.check_if(key.get('Status')), misc.check_if(str(key_lastused_days)), misc.check_if(key_lastused), misc.check_if(key_service), )))
def inventory_users(iam, account, output_bucket): """continue from multithread call Args: iam (object): iam client object account (dict): aws accounts output_bucket (list): results bucket holder Returns: nothing. appends results to output_bucket """ users_list = iam.list_users().get('Users') for user in users_list: output_bucket.append(misc.format_line(( misc.check_if(account.get('name')), misc.check_if(user.get('UserName')), misc.check_if(user.get('CreateDate').strftime('%Y_%m_%d')), misc.check_if(is_password_set(iam, user.get('UserName'))), misc.check_if(misc.date_to_days(user.get('PasswordLastUsed'))), misc.check_if(count_active_keys(iam, user.get('UserName'))), misc.check_if(mfa_enabled(iam, user.get('UserName'))), misc.check_if(list_groups_for_user(iam, user.get('UserName'))), misc.check_if(list_user_policies_for_user(iam, user.get('UserName'))), )))
for group_name in app_groups: dep_group = codedeploy.get_deployment_group( applicationName=app_obj, deploymentGroupName=group_name ).get('deploymentGroupInfo') deployments = codedeploy.list_deployments( applicationName=app_obj, deploymentGroupName=group_name ).get('deployments') for deployment_name in deployments: instances = '<br>'.join(codedeploy.list_deployment_instances( deploymentId=deployment_name ).get('instancesList')) output_bucket.append(misc.format_line(( misc.check_if(account.get('name')), misc.check_if(region.get('RegionName')), misc.check_if(str(app_info.get('applicationName'))), misc.check_if(str(app_info.get('linkedToGitHub'))), misc.check_if(str(app_info.get('createTime').strftime('%Y_%m_%d'))), misc.check_if(str(misc.date_to_days(app_info.get('createTime')))), misc.check_if(str(group_name)), misc.check_if(str(dep_group.get('targetRevision').get('revisionType'))), misc.check_if(str(instances)), misc.check_if(str(dep_group.get('serviceRoleArn'))), )))
deploymentGroupName=group_name).get('deployments') for deployment_name in deployments: instances = '<br>'.join( codedeploy.list_deployment_instances( deploymentId=deployment_name).get('instancesList')) output_bucket.append( misc.format_line(( misc.check_if(account.get('name')), misc.check_if(region.get('RegionName')), misc.check_if(str( app_info.get('applicationName'))), misc.check_if(str(app_info.get('linkedToGitHub'))), misc.check_if( str( app_info.get('createTime').strftime( '%Y_%m_%d'))), misc.check_if( str( misc.date_to_days( app_info.get('createTime')))), misc.check_if(str(group_name)), misc.check_if( str( dep_group.get('targetRevision').get( 'revisionType'))), misc.check_if(str(instances)), misc.check_if(str( dep_group.get('serviceRoleArn'))), )))