def initialize(access_level_overrides_file, fetch, build): """ Initialize the local database to store AWS IAM information, which can be used to generate IAM policies, and for querying the database. """ if not access_level_overrides_file: overrides_file = HOME + CONFIG_DIRECTORY + 'access-level-overrides.yml' else: overrides_file = access_level_overrides_file # Create the config directory database_path = create_policy_sentry_config_directory() # Copy over the html docs, which will be used to build the database create_html_docs_directory() # Create the directory to download IAM policies to create_policy_analysis_directory() # Create audit directory to host list of permissions for analyze_iam_policy create_audit_directory() # Create overrides file, which allows us to override the Access Levels # provided by AWS documentation create_default_overrides_file() # Create the default reporting configuration file. This is used by # analyze_iam_policy create_default_report_config_file() if not build and not fetch: # copy from the bundled database location to the destination path shutil.copy(BUNDLED_DATABASE_FILE_PATH, database_path) # Connect to the database at that path with SQLAlchemy db_session = connect_db(database_path, initialization=True) # --fetch: wget the AWS IAM Actions, Resources and Condition Keys pages and store them locally. # if --build and --fetch are both supplied, just do --fetch if fetch: # `wget` the html docs to the local directory update_html_docs_directory(HTML_DIRECTORY_PATH) # Update the links.yml file prefix_list = create_service_links_mapping_file( HTML_DIRECTORY_PATH, LINKS_YML_FILE_LOCAL) print(f"Services: {prefix_list}") # initialize --build if build or access_level_overrides_file or fetch: # Use the list of services that were listed in the links.yml file all_aws_services = get_list_of_service_prefixes_from_links_file( LINKS_YML_FILE_LOCAL) print(f"Services to build for: ${LINKS_YML_FILE_LOCAL}") # Fill in the database with data on the AWS services create_database(db_session, all_aws_services, overrides_file) print("Created tables for all services!") # Query the database for all the services that are now in the database. all_aws_service_prefixes = get_all_service_prefixes(db_session) total_count_of_services = str(len(all_aws_service_prefixes)) print(f"{total_count_of_services} AWS services in the database. \nServices: {all_aws_service_prefixes}")
def initialize(access_level_overrides_file, fetch, build, log_level): """ Initialize the local database to store AWS IAM information, which can be used to generate IAM policies, and for querying the database. """ set_log_level(logger, log_level) if not access_level_overrides_file: overrides_file = HOME + CONFIG_DIRECTORY + "access-level-overrides.yml" else: overrides_file = access_level_overrides_file # Create the config directory database_path = create_policy_sentry_config_directory() # Copy over the html docs, which will be used to build the database create_html_docs_directory() # Create overrides file, which allows us to override the Access Levels # provided by AWS documentation create_default_overrides_file() print("Database will be stored here: %s", database_path) if not build and not fetch: # copy from the bundled database location to the destination path shutil.copy(BUNDLED_DATABASE_FILE_PATH, database_path) # Connect to the database at that path with SQLAlchemy db_session = connect_db(database_path, initialization=True) # --fetch: wget the AWS IAM Actions, Resources and Condition Keys pages and store them locally. # if --build and --fetch are both supplied, just do --fetch if fetch: # `wget` the html docs to the local directory update_html_docs_directory(HTML_DIRECTORY_PATH) # Update the links.yml file prefix_list = create_service_links_mapping_file( HTML_DIRECTORY_PATH, LINKS_YML_FILE_LOCAL) print(f"Services: {prefix_list}") # initialize --build if build or access_level_overrides_file or fetch: # Use the list of services that were listed in the links.yml file all_aws_services = get_list_of_service_prefixes_from_links_file( LINKS_YML_FILE_LOCAL) logger.debug("Services to build are stored in: %s", LINKS_YML_FILE_LOCAL) # Fill in the database with data on the AWS services create_database(db_session, all_aws_services, overrides_file) print("Created tables for all services!") # Query the database for all the services that are now in the database. all_aws_service_prefixes = get_all_service_prefixes(db_session) total_count_of_services = str(len(all_aws_service_prefixes)) print("Initialization complete!") print(f"Total AWS services in the IAM database: {total_count_of_services}") logger.debug("\nService prefixes:") logger.debug(", ".join(all_aws_service_prefixes))
def build_database(): print(BUNDLED_DATABASE_FILE_PATH) if os.path.exists(BUNDLED_DATABASE_FILE_PATH): os.remove(BUNDLED_DATABASE_FILE_PATH) db_session = connect_db(BUNDLED_DATABASE_FILE_PATH, initialization=True) all_aws_services = get_list_of_service_prefixes_from_links_file( LINKS_YML_FILE_IN_PACKAGE) create_database(db_session, all_aws_services, DEFAULT_ACCESS_OVERRIDES_FILE)
def initialize(access_level_overrides_file, fetch): """ Create a local database to store AWS IAM information, which can be used to generate IAM policies and analyze them for least privilege. """ # Create the config directory database_path = create_policy_sentry_config_directory() # Copy over the html docs, which will be used to build the database create_html_docs_directory() # Create the directory to download IAM policies to create_policy_analysis_directory() # Create audit directory to host list of permissions for analyze_iam_policy create_audit_directory() # Create overrides file, which allows us to override the Access Levels # provided by AWS documentation create_default_overrides_file() # Create the default reporting configuration file. This is used by # analyze_iam_policy create_default_report_config_file() # If the user specifies fetch, wget the AWS IAM Actions, Resources and Condition Keys pages and store them locally. if fetch: # `wget` the html docs to the local directory update_html_docs_directory(HTML_DIRECTORY_PATH) # Update the links.yml file prefix_list = create_service_links_mapping_file( HTML_DIRECTORY_PATH, LINKS_YML_FILE_LOCAL) print(f"Services: {prefix_list}") # Connect to the database at that path with SQLAlchemy db_session = connect_db(database_path, initialization=True) # Use the list of services that were listed in the links.yml file all_aws_services = get_list_of_service_prefixes_from_links_file( LINKS_YML_FILE_LOCAL) print(f"Services to build for: ${LINKS_YML_FILE_LOCAL}") # Fill in the database with data on the AWS services create_database(db_session, all_aws_services, access_level_overrides_file) print("Created tables for all services!") # Query the database for all the services that are now in the database. all_aws_service_prefixes = get_all_service_prefixes(db_session) total_count_of_services = str(len(all_aws_service_prefixes)) print( f"{total_count_of_services} AWS services in the database. \nServices: {all_aws_service_prefixes}" )
def initialize(): """ Create a local database to store AWS IAM information, which can be used to generate IAM policies and analyze them for least privilege. """ # Create the config directory database_path = create_policy_sentry_config_directory() # Create audit directory to host list of permissions for analyze_iam_policy create_audit_directory() # Connect to the database at that path with sqlalchemy db_session = connect_db(database_path) # Fill in the database with data on the AWS services create_database(db_session, ALL_AWS_SERVICES) print("Created tables for all services!")
def initialize(access_level_overrides_file): """ Create a local database to store AWS IAM information, which can be used to generate IAM policies and analyze them for least privilege. """ # Create the config directory database_path = create_policy_sentry_config_directory() # Create the directory to download IAM policies to create_policy_analysis_directory() # Create audit directory to host list of permissions for analyze_iam_policy create_audit_directory() # Create overrides file, which allows us to override the Access Levels provided by AWS documentation create_default_overrides_file() # Connect to the database at that path with sqlalchemy db_session = connect_db(database_path) # Fill in the database with data on the AWS services create_database(db_session, ALL_AWS_SERVICES, access_level_overrides_file) print("Created tables for all services!")