def get_resources(self) -> List[Resource]: client = self.vpc_options.client("ec2") resources_found = [] filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}] response = client.describe_vpc_endpoints(Filters=filters) if self.vpc_options.verbose: message_handler("Collecting data from VPC Endpoints...", "HEADER") for data in response["VpcEndpoints"]: if data["VpcId"] == self.vpc_options.vpc_id: endpoint_digest = ResourceDigest( id=data["VpcEndpointId"], type="aws_vpc_endpoint_gateway") if data["VpcEndpointType"] == "Gateway": resources_found.append( Resource( digest=endpoint_digest, name=data["ServiceName"], details="Vpc Endpoint Gateway RouteTable {}". format(", ".join(data["RouteTableIds"])), group="network", tags=resource_tags(data), )) self.relations_found.append( ResourceEdge( from_node=endpoint_digest, to_node=self.vpc_options.vpc_digest(), )) else: resources_found.append( Resource( digest=endpoint_digest, name=data["ServiceName"], details="Vpc Endpoint Service Subnet {}".format( ", ".join(data["SubnetIds"])), group="network", tags=resource_tags(data), )) for subnet_id in data["SubnetIds"]: self.relations_found.append( ResourceEdge( from_node=endpoint_digest, to_node=ResourceDigest(id=subnet_id, type="aws_subnet"), )) return resources_found
def analyze_restapi(self, data): if "policy" in data: documentpolicy = data["policy"] else: return False, None document = json.dumps(documentpolicy, default=datetime_to_string) # check either vpc_id or potential subnet ip are found ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) if ipvpc_found is not False: digest = ResourceDigest(id=data["id"], type="aws_api_gateway_rest_api") self.relations_found.append( ResourceEdge(from_node=digest, to_node=self.vpc_options.vpc_digest())) return ( True, Resource( digest=digest, name=data["name"], details="", group="network", tags=resource_tags(data), ), ) return False, None
def get_resources(self) -> List[Resource]: if self.options.verbose: message_handler("Collecting data from IAM Roles...", "HEADER") paginator = self.client.get_paginator("list_roles") pages = paginator.paginate() resources_found = [] for roles in pages: for data in roles["Roles"]: resource_digest = ResourceDigest(id=data["RoleName"], type="aws_iam_role") tag_response = self.client.list_role_tags( RoleName=data["RoleName"], ) resources_found.append( Resource( digest=resource_digest, name=data["RoleName"], details="", group="", tags=resource_tags(tag_response), )) if ("AssumeRolePolicyDocument" in data and "Statement" in data["AssumeRolePolicyDocument"]): for statement in data["AssumeRolePolicyDocument"][ "Statement"]: resources_found.extend( self.analyze_assume_statement( resource_digest, statement)) self.resources_found = resources_found return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("ec2") resources_found = [] filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}] response = client.describe_security_groups(Filters=filters) if self.vpc_options.verbose: message_handler("Collecting data from Security Groups...", "HEADER") for data in response["SecurityGroups"]: group_digest = ResourceDigest(id=data["GroupId"], type="aws_security_group") resources_found.append( Resource( digest=group_digest, name=data["GroupName"], details="", group="network", tags=resource_tags(data), )) self.relations_found.append( ResourceEdge(from_node=group_digest, to_node=self.vpc_options.vpc_digest())) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("ec2") resources_found = [] filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}] response = client.describe_route_tables(Filters=filters) if self.vpc_options.verbose: message_handler("Collecting data from Route Tables...", "HEADER") # Iterate to get all route table filtered for data in response["RouteTables"]: nametag = get_name_tag(data) name = data["RouteTableId"] if nametag is None else nametag table_digest = ResourceDigest(id=data["RouteTableId"], type="aws_route_table") is_main = False for association in data["Associations"]: if association["Main"] is True: is_main = True if is_main: self.relations_found.append( ResourceEdge( from_node=table_digest, to_node=self.vpc_options.vpc_digest(), )) else: for association in data["Associations"]: if "SubnetId" in association: self.relations_found.append( ResourceEdge( from_node=table_digest, to_node=ResourceDigest( id=association["SubnetId"], type="aws_subnet"), )) is_public = False for route in data["Routes"]: if ("DestinationCidrBlock" in route and route["DestinationCidrBlock"] == "0.0.0.0/0" and "GatewayId" in route and route["GatewayId"].startswith("igw-")): is_public = True resources_found.append( Resource( digest=table_digest, name=name, details="default: {}, public: {}".format( is_main, is_public), group="network", tags=resource_tags(data), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("ec2") resources_found = [] filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}] response = client.describe_subnets(Filters=filters) if self.vpc_options.verbose: message_handler("Collecting data from Subnets...", "HEADER") for data in response["Subnets"]: nametag = get_name_tag(data) name = data["SubnetId"] if nametag is None else nametag subnet_digest = ResourceDigest(id=data["SubnetId"], type="aws_subnet") resources_found.append( Resource( digest=subnet_digest, name=name, details="Subnet using CidrBlock {} and AZ {}".format( data["CidrBlock"], data["AvailabilityZone"]), group="network", tags=resource_tags(data), )) self.relations_found.append( ResourceEdge(from_node=subnet_digest, to_node=self.vpc_options.vpc_digest())) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("ec2") client_vpn_endpoints = client.describe_client_vpn_endpoints() resources: List[Resource] = [] for client_vpn_endpoint in client_vpn_endpoints["ClientVpnEndpoints"]: if client_vpn_endpoint["VpcId"] == self.vpc_options.vpc_id: digest = ResourceDigest( id=client_vpn_endpoint["ClientVpnEndpointId"], type="aws_vpn_client_endpoint", ) nametag = get_name_tag(client_vpn_endpoint) name = (client_vpn_endpoint["ClientVpnEndpointId"] if nametag is None else nametag) resources.append( Resource( digest=digest, name=name, group="network", tags=resource_tags(client_vpn_endpoint), )) self.relations_found.append( ResourceEdge(from_node=digest, to_node=self.vpc_options.vpc_digest())) return resources
def analyze_bucket(self, client, data): try: documentpolicy = client.get_bucket_policy(Bucket=data["Name"]) except ClientError: return False, None document = json.dumps(documentpolicy, default=datetime_to_string) # check either vpc_id or potential subnet ip are found ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) if ipvpc_found is True: tags_response = client.get_bucket_tagging(Bucket=data["Name"]) digest = ResourceDigest(id=data["Name"], type="aws_s3_bucket_policy") self.relations_found.append( ResourceEdge(from_node=digest, to_node=self.vpc_options.vpc_digest())) return ( True, Resource( digest=digest, name=data["Name"], details="", group="storage", tags=resource_tags(tags_response), ), ) return False, None
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("ec2") vpc_response = client.describe_vpcs(VpcIds=[self.vpc_options.vpc_id]) return [ Resource( digest=self.vpc_options.vpc_digest(), name=self.vpc_options.vpc_id, tags=resource_tags(vpc_response["Vpcs"][0]), ) ]
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("autoscaling") resources_found = [] response = client.describe_auto_scaling_groups() if self.vpc_options.verbose: message_handler("Collecting data from Autoscaling Groups...", "HEADER") for data in response["AutoScalingGroups"]: asg_subnets = data["VPCZoneIdentifier"].split(",") # Using subnet to check VPC subnets = describe_subnet( vpc_options=self.vpc_options, subnet_ids=asg_subnets ) if subnets is not None: # Iterate subnet to get VPC for data_subnet in subnets["Subnets"]: if data_subnet["VpcId"] == self.vpc_options.vpc_id: asg_name = data["AutoScalingGroupName"] digest = ResourceDigest( id=asg_name, type="aws_autoscaling_group" ) if "LaunchConfigurationName" in data: details = "Using LaunchConfigurationName {0}".format( data["LaunchConfigurationName"] ) else: details = "Using Launch Template" resources_found.append( Resource( digest=digest, name=asg_name, details=details, group="compute", tags=resource_tags(data), ) ) self.relations_found.append( ResourceEdge( from_node=digest, to_node=ResourceDigest( id=data_subnet["SubnetId"], type="aws_subnet" ), ) ) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("ec2") resources_found = [] response = client.describe_instances() if self.vpc_options.verbose: message_handler("Collecting data from EC2 Instances...", "HEADER") for data in response["Reservations"]: for instances in data["Instances"]: if "VpcId" in instances: if instances["VpcId"] == self.vpc_options.vpc_id: nametag = get_name_tag(instances) asg_name = get_tag(instances, "aws:autoscaling:groupName") instance_name = ( instances["InstanceId"] if nametag is None else nametag ) ec2_digest = ResourceDigest( id=instances["InstanceId"], type="aws_instance" ) resources_found.append( Resource( digest=ec2_digest, name=instance_name, details="", group="compute", tags=resource_tags(instances), ) ) self.relations_found.append( ResourceEdge( from_node=ec2_digest, to_node=ResourceDigest( id=instances["SubnetId"], type="aws_subnet" ), ) ) if asg_name is not None: self.relations_found.append( ResourceEdge( from_node=ec2_digest, to_node=ResourceDigest( id=asg_name, type="aws_autoscaling_group" ), ) ) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("mediaconnect") resources_found = [] response = client.list_flows() if self.vpc_options.verbose: message_handler("Collecting data from Media Connect...", "HEADER") for data in response["Flows"]: tags_response = client.list_tags_for_resource( ResourceArn=data["FlowArn"]) data_flow = client.describe_flow(FlowArn=data["FlowArn"]) if "VpcInterfaces" in data_flow["Flow"]: for data_interfaces in data_flow["Flow"]["VpcInterfaces"]: # Using subnet to check VPC subnets = describe_subnet( vpc_options=self.vpc_options, subnet_ids=data_interfaces["SubnetId"], ) if subnets is not None: if subnets["Subnets"][0][ "VpcId"] == self.vpc_options.vpc_id: digest = ResourceDigest(id=data["FlowArn"], type="aws_media_connect") resources_found.append( Resource( digest=digest, name=data["Name"], details= "Flow using VPC {} in VPC Interface {}". format(self.vpc_options.vpc_id, data_interfaces["Name"]), group="mediaservices", tags=resource_tags(tags_response), )) self.relations_found.append( ResourceEdge( from_node=digest, to_node=ResourceDigest( id=data_interfaces["SubnetId"], type="aws_subnet", ), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("es") resources_found = [] response = client.list_domain_names() if self.vpc_options.verbose: message_handler("Collecting data from Elasticsearch Domains...", "HEADER") for data in response["DomainNames"]: elasticsearch_domain = client.describe_elasticsearch_domain( DomainName=data["DomainName"]) documentpolicy = elasticsearch_domain["DomainStatus"][ "AccessPolicies"] document = json.dumps(documentpolicy, default=datetime_to_string) # check either vpc_id or potencial subnet ip are found ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) # elasticsearch uses accesspolicies too, so check both situation if (elasticsearch_domain["DomainStatus"]["VPCOptions"]["VPCId"] == self.vpc_options.vpc_id or ipvpc_found is True): list_tags_response = client.list_tags( ARN=elasticsearch_domain["DomainStatus"]["ARN"]) digest = ResourceDigest( id=elasticsearch_domain["DomainStatus"]["DomainId"], type="aws_elasticsearch_domain", ) resources_found.append( Resource( digest=digest, name=elasticsearch_domain["DomainStatus"] ["DomainName"], details="", group="analytics", tags=resource_tags(list_tags_response), )) for subnet_id in elasticsearch_domain["DomainStatus"][ "VPCOptions"]["SubnetIds"]: self.relations_found.append( ResourceEdge( from_node=digest, to_node=ResourceDigest(id=subnet_id, type="aws_subnet"), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("efs") resources_found = [] # get filesystems available response = client.describe_file_systems() if self.vpc_options.verbose: message_handler("Collecting data from EFS Mount Targets...", "HEADER") for data in response["FileSystems"]: filesystem = client.describe_mount_targets( FileSystemId=data["FileSystemId"]) nametag = get_name_tag(data) filesystem_name = data[ "FileSystemId"] if nametag is None else nametag # iterate filesystems to get mount targets for datafilesystem in filesystem["MountTargets"]: # Using subnet to check VPC subnets = describe_subnet( vpc_options=self.vpc_options, subnet_ids=datafilesystem["SubnetId"]) if subnets is not None: if subnets["Subnets"][0][ "VpcId"] == self.vpc_options.vpc_id: digest = ResourceDigest(id=data["FileSystemId"], type="aws_efs_file_system") resources_found.append( Resource( digest=digest, name=filesystem_name, details="", group="storage", tags=resource_tags(data), )) self.relations_found.append( ResourceEdge( from_node=digest, to_node=ResourceDigest( id=datafilesystem["SubnetId"], type="aws_subnet"), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("ec2") resources_found = [] response = client.describe_vpc_peering_connections() if self.vpc_options.verbose: message_handler("Collecting data from VPC Peering...", "HEADER") for data in response["VpcPeeringConnections"]: if (data["AccepterVpcInfo"]["VpcId"] == self.vpc_options.vpc_id or data["RequesterVpcInfo"]["VpcId"] == self.vpc_options.vpc_id): nametag = get_name_tag(data) name = data[ "VpcPeeringConnectionId"] if nametag is None else nametag peering_digest = ResourceDigest( id=data["VpcPeeringConnectionId"], type="aws_vpc_peering_connection", ) resources_found.append( Resource( digest=peering_digest, name=name, details= "Vpc Peering Accepter OwnerId {}, Accepter Region {}, Accepter VpcId {} \ Requester OwnerId {}, Requester Region {}, \ Requester VpcId {}". format( data["AccepterVpcInfo"]["OwnerId"], data["AccepterVpcInfo"]["Region"], data["AccepterVpcInfo"]["VpcId"], data["RequesterVpcInfo"]["OwnerId"], data["RequesterVpcInfo"]["Region"], data["RequesterVpcInfo"]["VpcId"], ), group="network", tags=resource_tags(data), )) self.relations_found.append( ResourceEdge( from_node=peering_digest, to_node=self.vpc_options.vpc_digest(), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("workspaces") resources_found = [] response = client.describe_workspaces() if self.vpc_options.verbose: message_handler("Collecting data from Workspaces...", "HEADER") for data in response["Workspaces"]: # Get tag name tags = client.describe_tags(ResourceId=data["WorkspaceId"]) nametag = get_name_tag(tags) workspace_name = data["WorkspaceId"] if nametag is None else nametag directory_service = self.vpc_options.client("ds") directories = directory_service.describe_directories( DirectoryIds=[data["DirectoryId"]]) for directorie in directories["DirectoryDescriptions"]: if "VpcSettings" in directorie: if directorie["VpcSettings"][ "VpcId"] == self.vpc_options.vpc_id: workspace_digest = ResourceDigest( id=data["WorkspaceId"], type="aws_workspaces") resources_found.append( Resource( digest=workspace_digest, name=workspace_name, details="", group="enduser", tags=resource_tags(tags), )) self.relations_found.append( ResourceEdge( from_node=workspace_digest, to_node=ResourceDigest( id=directorie["DirectoryId"], type="aws_ds"), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.iot_options.client("iot") resources_found = [] if self.iot_options.verbose: message_handler("Collecting data from IoT Certificates...", "HEADER") for thing in self.iot_options.thing_name["things"]: response = client.list_thing_principals( thingName=thing["thingName"]) for data in response["principals"]: if "cert/" in data: lst_cert = data.split("/") data_cert = client.describe_certificate( certificateId=lst_cert[1]) tag_response = client.list_tags_for_resource( resourceArn=data_cert["certificateDescription"] ["certificateArn"]) iot_cert_digest = ResourceDigest( id=data_cert["certificateDescription"] ["certificateId"], type="aws_iot_certificate", ) resources_found.append( Resource( digest=iot_cert_digest, name=data_cert["certificateDescription"] ["certificateId"], details="", group="iot", tags=resource_tags(tag_response), )) self.relations_found.append( ResourceEdge( from_node=iot_cert_digest, to_node=ResourceDigest(id=thing["thingName"], type="aws_iot_thing"), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("emr") resources_found = [] response = client.list_clusters() if self.vpc_options.verbose: message_handler("Collecting data from EMR Clusters...", "HEADER") for data in response["Clusters"]: cluster = client.describe_cluster(ClusterId=data["Id"]) # Using subnet to check VPC subnets = describe_subnet( vpc_options=self.vpc_options, subnet_ids=cluster["Cluster"]["Ec2InstanceAttributes"]["Ec2SubnetId"], ) if subnets is not None: if subnets["Subnets"][0]["VpcId"] == self.vpc_options.vpc_id: digest = ResourceDigest(id=data["Id"], type="aws_emr_cluster") resources_found.append( Resource( digest=digest, name=data["Name"], details="", group="compute", tags=resource_tags(cluster["Cluster"]), ) ) self.relations_found.append( ResourceEdge( from_node=digest, to_node=ResourceDigest( id=cluster["Cluster"]["Ec2InstanceAttributes"][ "Ec2SubnetId" ], type="aws_subnet", ), ) ) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("kafka") resources_found = [] # get all cache clusters response = client.list_clusters() if self.vpc_options.verbose: message_handler("Collecting data from MSK Clusters...", "HEADER") # iterate cache clusters to get subnet groups for data in response["ClusterInfoList"]: msk_subnets = ", ".join( data["BrokerNodeGroupInfo"]["ClientSubnets"]) ec2 = self.vpc_options.session.resource( "ec2", region_name=self.vpc_options.region_name) filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}] subnets = ec2.subnets.filter(Filters=filters) for subnet in list(subnets): if subnet.id in msk_subnets: digest = ResourceDigest(id=data["ClusterArn"], type="aws_msk_cluster") resources_found.append( Resource( digest=digest, name=data["ClusterName"], details="", group="analytics", tags=resource_tags(data), )) self.relations_found.append( ResourceEdge( from_node=digest, to_node=ResourceDigest(id=subnet.id, type="aws_subnet"), )) break return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("neptune") resources_found = [] response = client.describe_db_instances( Filters=[{"Name": "engine", "Values": ["neptune"]}] ) if self.vpc_options.verbose: message_handler("Collecting data from Neptune Instances...", "HEADER") # iterate cache clusters to get subnet groups for data in response["DBInstances"]: if data["DBSubnetGroup"]["VpcId"] == self.vpc_options.vpc_id: tags_response = client.list_tags_for_resource( ResourceName=data["DBInstanceArn"] ) neptune_digest = ResourceDigest( id=data["DBInstanceArn"], type="aws_neptune_cluster" ) subnet_ids = [] for subnet in data["DBSubnetGroup"]["Subnets"]: subnet_ids.append(subnet["SubnetIdentifier"]) self.relations_found.append( ResourceEdge( from_node=neptune_digest, to_node=ResourceDigest( id=subnet["SubnetIdentifier"], type="aws_subnet" ), ) ) resources_found.append( Resource( digest=neptune_digest, name=data["DBInstanceIdentifier"], details="Neptune using subnets {} and engine {}".format( ", ".join(subnet_ids), data["Engine"] ), group="database", tags=resource_tags(tags_response), ) ) return resources_found
def build_resource(base_resource, operation_name, resource_type, group) -> Optional[Resource]: if isinstance(base_resource, str): return None resource_name = retrieve_resource_name(base_resource, operation_name) resource_id = retrieve_resource_id(base_resource, operation_name, resource_name) if resource_id is None or resource_name is None: return None attributes = flatten(base_resource) return Resource( digest=ResourceDigest(id=resource_id, type=resource_type), group=group, name=resource_name, attributes=attributes, tags=resource_tags(base_resource), )
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("ec2") resources_found = [] filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}] response = client.describe_nat_gateways(Filters=filters) if self.vpc_options.verbose: message_handler("Collecting data from NAT Gateways...", "HEADER") for data in response["NatGateways"]: if data["VpcId"] == self.vpc_options.vpc_id: nametag = get_name_tag(data) name = data["NatGatewayId"] if nametag is None else nametag nat_digest = ResourceDigest(id=data["NatGatewayId"], type="aws_nat_gateway") resources_found.append( Resource( digest=nat_digest, name=name, details= "NAT Gateway Private IP {}, Public IP {}, Subnet id {}" .format( data["NatGatewayAddresses"][0]["PrivateIp"], data["NatGatewayAddresses"][0]["PublicIp"], data["SubnetId"], ), group="network", tags=resource_tags(data), )) self.relations_found.append( ResourceEdge( from_node=nat_digest, to_node=ResourceDigest(id=data["SubnetId"], type="aws_subnet"), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.iot_options.client("iot") resources_found = [] if self.iot_options.verbose: message_handler("Collecting data from IoT Billing Group...", "HEADER") for thing in self.iot_options.thing_name["things"]: response = client.describe_thing(thingName=thing["thingName"]) billing_groups = client.list_billing_groups() for billing_group in billing_groups["billingGroups"]: # billingGroupName is not mandatory in IoT Thing if "billingGroupName" in response: if billing_group["groupName"] == response[ "billingGroupName"]: iot_billing_group_digest = ResourceDigest( id=billing_group["groupArn"], type="aws_iot_billing_group") tag_response = client.list_tags_for_resource( resourceArn=billing_group["groupArn"]) resources_found.append( Resource( digest=iot_billing_group_digest, name=billing_group["groupName"], details="", group="iot", tags=resource_tags(tag_response), )) self.relations_found.append( ResourceEdge( from_node=iot_billing_group_digest, to_node=ResourceDigest(id=thing["thingName"], type="aws_iot_thing"), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.iot_options.client("iot") resources_found = [] if self.iot_options.verbose: message_handler("Collecting data from IoT Jobs...", "HEADER") for thing in self.iot_options.thing_name["things"]: client.describe_thing(thingName=thing["thingName"]) jobs = client.list_jobs() for job in jobs["jobs"]: data_job = client.describe_job(jobId=job["jobId"]) # Find THING name in targets things for target in data_job["job"]["targets"]: if thing["thingName"] in target: iot_job_digest = ResourceDigest(id=job["jobId"], type="aws_iot_job") tag_response = client.list_tags_for_resource( resourceArn=job["jobArn"]) resources_found.append( Resource( digest=iot_job_digest, name=job["jobId"], details="", group="iot", tags=resource_tags(tag_response), )) self.relations_found.append( ResourceEdge( from_node=iot_job_digest, to_node=ResourceDigest(id=thing["thingName"], type="aws_iot_thing"), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.iot_options.client("iot") resources_found = [] if self.iot_options.verbose: message_handler("Collecting data from IoT Policies...", "HEADER") for thing in self.iot_options.thing_name["things"]: response = client.list_thing_principals( thingName=thing["thingName"]) for data in response["principals"]: policies = client.list_principal_policies(principal=data) for policy in policies["policies"]: data_policy = client.get_policy( policyName=policy["policyName"]) tag_response = client.list_tags_for_resource( resourceArn=data_policy["policyArn"]) iot_policy_digest = ResourceDigest( id=data_policy["policyArn"], type="aws_iot_policy") resources_found.append( Resource( digest=iot_policy_digest, name=data_policy["policyName"], details="", group="iot", tags=resource_tags(tag_response), )) self.relations_found.append( ResourceEdge( from_node=iot_policy_digest, to_node=ResourceDigest(id=thing["thingName"], type="aws_iot_thing"), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("medialive") resources_found = [] response = client.list_inputs() if self.vpc_options.verbose: message_handler("Collecting data from Media Live Inputs...", "HEADER") for data in response["Inputs"]: tags_response = client.list_tags_for_resource( ResourceArn=data["Arn"]) for destinations in data["Destinations"]: if "Vpc" in destinations: # describe networkinterface to get VpcId ec2 = self.vpc_options.client("ec2") eni = ec2.describe_network_interfaces(NetworkInterfaceIds=[ destinations["Vpc"]["NetworkInterfaceId"] ]) if eni["NetworkInterfaces"][0][ "VpcId"] == self.vpc_options.vpc_id: digest = ResourceDigest(id=data["Arn"], type="aws_media_live") resources_found.append( Resource( digest=digest, name="Input " + destinations["Ip"], details="", group="mediaservices", tags=resource_tags(tags_response), )) self.relations_found.append( ResourceEdge( from_node=digest, to_node=self.vpc_options.vpc_digest(), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("elbv2") resources_found = [] response = client.describe_load_balancers() if self.vpc_options.verbose: message_handler( "Collecting data from Application Load Balancers...", "HEADER") for data in response["LoadBalancers"]: if data["VpcId"] == self.vpc_options.vpc_id: tags_response = client.describe_tags( ResourceArns=[data["LoadBalancerArn"]]) elb_digest = ResourceDigest(id=data["LoadBalancerName"], type="aws_elb") subnet_ids = [] for availabilityZone in data["AvailabilityZones"]: subnet_ids.append(availabilityZone["SubnetId"]) self.relations_found.append( ResourceEdge( from_node=elb_digest, to_node=ResourceDigest( id=availabilityZone["SubnetId"], type="aws_subnet"), )) resources_found.append( Resource( digest=elb_digest, name=data["LoadBalancerName"], details="", group="network", tags=resource_tags( tags_response["TagDescriptions"][0]), )) return resources_found
def add_customer_gateway(self, client, connection_digest, resources, vpn_connection): customer_gateway_id = vpn_connection["CustomerGatewayId"] vcw_gateway_response = client.describe_customer_gateways( CustomerGatewayIds=[customer_gateway_id]) vcw_gateway_digest = ResourceDigest(id=customer_gateway_id, type="aws_customer_gateway") vcw_nametag = get_name_tag(vcw_gateway_response["CustomerGateways"][0]) vcw_name = customer_gateway_id if vcw_nametag is None else vcw_nametag resources.append( Resource( digest=vcw_gateway_digest, name=vcw_name, group="network", tags=resource_tags( vcw_gateway_response["CustomerGateways"][0]), )) self.relations_found.append( ResourceEdge(from_node=connection_digest, to_node=vcw_gateway_digest))
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("ec2") resources_found = [] filters = [{"Name": "vpc-id", "Values": [self.vpc_options.vpc_id]}] response = client.describe_network_acls(Filters=filters) if self.vpc_options.verbose: message_handler("Collecting data from NACLs...", "HEADER") for data in response["NetworkAcls"]: nacl_digest = ResourceDigest(id=data["NetworkAclId"], type="aws_network_acl") subnet_ids = [] for subnet in data["Associations"]: subnet_ids.append(subnet["SubnetId"]) self.relations_found.append( ResourceEdge( from_node=nacl_digest, to_node=ResourceDigest(id=subnet["SubnetId"], type="aws_subnet"), )) nametag = get_name_tag(data) name = data["NetworkAclId"] if nametag is None else nametag resources_found.append( Resource( digest=nacl_digest, name=name, details="NACL using Subnets {}".format( ", ".join(subnet_ids)), group="network", tags=resource_tags(data), )) return resources_found
def get_resources(self) -> List[Resource]: client = self.vpc_options.client("eks") resources_found = [] response = client.list_clusters() if self.vpc_options.verbose: message_handler("Collecting data from EKS Clusters...", "HEADER") for data in response["clusters"]: cluster = client.describe_cluster(name=data) if ( cluster["cluster"]["resourcesVpcConfig"]["vpcId"] == self.vpc_options.vpc_id ): digest = ResourceDigest( id=cluster["cluster"]["arn"], type="aws_eks_cluster" ) resources_found.append( Resource( digest=digest, name=cluster["cluster"]["name"], details="", group="compute", tags=resource_tags(data), ) ) for subnet_id in cluster["cluster"]["resourcesVpcConfig"]["subnetIds"]: self.relations_found.append( ResourceEdge( from_node=digest, to_node=ResourceDigest(id=subnet_id, type="aws_subnet"), ) ) return resources_found