def initialize(access_level_overrides_file, fetch, build):
"""
Initialize the local database to store AWS IAM information, which can be used to generate IAM policies, and for
querying the database.
"""
if not access_level_overrides_file:
overrides_file = HOME + CONFIG_DIRECTORY + 'access-level-overrides.yml'
else:
overrides_file = access_level_overrides_file
# Create the config directory
database_path = create_policy_sentry_config_directory()
# Copy over the html docs, which will be used to build the database
create_html_docs_directory()
# Create the directory to download IAM policies to
create_policy_analysis_directory()
# Create audit directory to host list of permissions for analyze_iam_policy
create_audit_directory()
# Create overrides file, which allows us to override the Access Levels
# provided by AWS documentation
create_default_overrides_file()
# Create the default reporting configuration file. This is used by
# analyze_iam_policy
create_default_report_config_file()
if not build and not fetch:
# copy from the bundled database location to the destination path
shutil.copy(BUNDLED_DATABASE_FILE_PATH, database_path)
# Connect to the database at that path with SQLAlchemy
db_session = connect_db(database_path, initialization=True)
# --fetch: wget the AWS IAM Actions, Resources and Condition Keys pages and store them locally.
# if --build and --fetch are both supplied, just do --fetch
if fetch:
# `wget` the html docs to the local directory
update_html_docs_directory(HTML_DIRECTORY_PATH)
# Update the links.yml file
prefix_list = create_service_links_mapping_file(
HTML_DIRECTORY_PATH, LINKS_YML_FILE_LOCAL)
print(f"Services: {prefix_list}")
# initialize --build
if build or access_level_overrides_file or fetch:
# Use the list of services that were listed in the links.yml file
all_aws_services = get_list_of_service_prefixes_from_links_file(
LINKS_YML_FILE_LOCAL)
print(f"Services to build for: ${LINKS_YML_FILE_LOCAL}")
# Fill in the database with data on the AWS services
create_database(db_session, all_aws_services, overrides_file)
print("Created tables for all services!")
# Query the database for all the services that are now in the database.
all_aws_service_prefixes = get_all_service_prefixes(db_session)
total_count_of_services = str(len(all_aws_service_prefixes))
print(f"{total_count_of_services} AWS services in the database. \nServices: {all_aws_service_prefixes}")
def initialize(access_level_overrides_file, fetch, build, log_level):
"""
Initialize the local database to store AWS IAM information, which can be used to generate IAM policies, and for
querying the database.
"""
set_log_level(logger, log_level)
if not access_level_overrides_file:
overrides_file = HOME + CONFIG_DIRECTORY + "access-level-overrides.yml"
else:
overrides_file = access_level_overrides_file
# Create the config directory
database_path = create_policy_sentry_config_directory()
# Copy over the html docs, which will be used to build the database
create_html_docs_directory()
# Create overrides file, which allows us to override the Access Levels
# provided by AWS documentation
create_default_overrides_file()
print("Database will be stored here: %s", database_path)
if not build and not fetch:
# copy from the bundled database location to the destination path
shutil.copy(BUNDLED_DATABASE_FILE_PATH, database_path)
# Connect to the database at that path with SQLAlchemy
db_session = connect_db(database_path, initialization=True)
# --fetch: wget the AWS IAM Actions, Resources and Condition Keys pages and store them locally.
# if --build and --fetch are both supplied, just do --fetch
if fetch:
# `wget` the html docs to the local directory
update_html_docs_directory(HTML_DIRECTORY_PATH)
# Update the links.yml file
prefix_list = create_service_links_mapping_file(
HTML_DIRECTORY_PATH, LINKS_YML_FILE_LOCAL)
print(f"Services: {prefix_list}")
# initialize --build
if build or access_level_overrides_file or fetch:
# Use the list of services that were listed in the links.yml file
all_aws_services = get_list_of_service_prefixes_from_links_file(
LINKS_YML_FILE_LOCAL)
logger.debug("Services to build are stored in: %s",
LINKS_YML_FILE_LOCAL)
# Fill in the database with data on the AWS services
create_database(db_session, all_aws_services, overrides_file)
print("Created tables for all services!")
# Query the database for all the services that are now in the database.
all_aws_service_prefixes = get_all_service_prefixes(db_session)
total_count_of_services = str(len(all_aws_service_prefixes))
print("Initialization complete!")
print(f"Total AWS services in the IAM database: {total_count_of_services}")
logger.debug("\nService prefixes:")
logger.debug(", ".join(all_aws_service_prefixes))
def build_database():
print(BUNDLED_DATABASE_FILE_PATH)
if os.path.exists(BUNDLED_DATABASE_FILE_PATH):
os.remove(BUNDLED_DATABASE_FILE_PATH)
db_session = connect_db(BUNDLED_DATABASE_FILE_PATH, initialization=True)
all_aws_services = get_list_of_service_prefixes_from_links_file(
LINKS_YML_FILE_IN_PACKAGE)
create_database(db_session, all_aws_services,
DEFAULT_ACCESS_OVERRIDES_FILE)
def initialize(access_level_overrides_file, fetch):
"""
Create a local database to store AWS IAM information, which can be used to generate IAM policies and analyze them
for least privilege.
"""
# Create the config directory
database_path = create_policy_sentry_config_directory()
# Copy over the html docs, which will be used to build the database
create_html_docs_directory()
# Create the directory to download IAM policies to
create_policy_analysis_directory()
# Create audit directory to host list of permissions for analyze_iam_policy
create_audit_directory()
# Create overrides file, which allows us to override the Access Levels
# provided by AWS documentation
create_default_overrides_file()
# Create the default reporting configuration file. This is used by
# analyze_iam_policy
create_default_report_config_file()
# If the user specifies fetch, wget the AWS IAM Actions, Resources and Condition Keys pages and store them locally.
if fetch:
# `wget` the html docs to the local directory
update_html_docs_directory(HTML_DIRECTORY_PATH)
# Update the links.yml file
prefix_list = create_service_links_mapping_file(
HTML_DIRECTORY_PATH, LINKS_YML_FILE_LOCAL)
print(f"Services: {prefix_list}")
# Connect to the database at that path with SQLAlchemy
db_session = connect_db(database_path, initialization=True)
# Use the list of services that were listed in the links.yml file
all_aws_services = get_list_of_service_prefixes_from_links_file(
LINKS_YML_FILE_LOCAL)
print(f"Services to build for: ${LINKS_YML_FILE_LOCAL}")
# Fill in the database with data on the AWS services
create_database(db_session, all_aws_services, access_level_overrides_file)
print("Created tables for all services!")
# Query the database for all the services that are now in the database.
all_aws_service_prefixes = get_all_service_prefixes(db_session)
total_count_of_services = str(len(all_aws_service_prefixes))
print(
f"{total_count_of_services} AWS services in the database. \nServices: {all_aws_service_prefixes}"
)
def initialize():
"""
Create a local database to store AWS IAM information, which can be used to generate IAM policies and analyze them for least privilege.
"""
# Create the config directory
database_path = create_policy_sentry_config_directory()
# Create audit directory to host list of permissions for analyze_iam_policy
create_audit_directory()
# Connect to the database at that path with sqlalchemy
db_session = connect_db(database_path)
# Fill in the database with data on the AWS services
create_database(db_session, ALL_AWS_SERVICES)
print("Created tables for all services!")
def initialize(access_level_overrides_file):
"""
Create a local database to store AWS IAM information, which can be used to generate IAM policies and analyze them for least privilege.
"""
# Create the config directory
database_path = create_policy_sentry_config_directory()
# Create the directory to download IAM policies to
create_policy_analysis_directory()
# Create audit directory to host list of permissions for analyze_iam_policy
create_audit_directory()
# Create overrides file, which allows us to override the Access Levels provided by AWS documentation
create_default_overrides_file()
# Connect to the database at that path with sqlalchemy
db_session = connect_db(database_path)
# Fill in the database with data on the AWS services
create_database(db_session, ALL_AWS_SERVICES, access_level_overrides_file)
print("Created tables for all services!")
