def slurp(self): """ :returns: item_list - list of configs. :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ self.prep_for_slurp() item_list = [] exception_map = {} from security_monkey.common.sts_connect import connect for account in self.accounts: for region in regions(): app.logger.debug( "Checking {}/{}/{}".format(self.index, account, region.name)) if region.name not in AVAILABLE_REGIONS: continue try: configService = connect( account, 'boto3.config.client', region=region) response = self.wrap_aws_rate_limited_call( configService.describe_config_rules ) config_rules = response.get('ConfigRules', []) except Exception as e: app.logger.debug("Exception found: {}".format(e)) if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue( str(e), self.index, account, region.name) self.slurp_exception( (self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}.".format( len(config_rules), self.i_am_plural)) for config_rule in config_rules: name = config_rule.get('ConfigRuleName') if self.check_ignore_list(name): continue item_config = { 'config_rule': name, 'config_rule_arn': config_rule.get('ConfigRuleArn'), 'config_rule_id': config_rule.get('ConfigRuleId'), 'scope': config_rule.get('Scope', {}), 'source': config_rule.get('Source', {}), 'imput_parameters': config_rule.get('InputParameters'), 'maximum_execution_frequency': config_rule.get('MaximumExecutionFrequency'), 'config_rule_state': config_rule.get('ConfigRuleState'), } item = ConfigItem( region=region.name, account=account, name=name, arn=config_rule.get('ConfigRuleArn'), config=item_config) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of RDS Cluster Snapshots. :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ self.prep_for_slurp() from security_monkey.common.sts_connect import connect item_list = [] exception_map = {} for account in self.accounts: for region in regions(): app.logger.debug( "Checking {}/{}/{}".format(self.index, account, region.name)) rds_cluster_snapshots = [] try: rds = connect(account, 'boto3.rds.client', region=region) marker = None while True: if marker: response = self.wrap_aws_rate_limited_call( rds.describe_db_cluster_snapshots, Marker=marker ) else: response = self.wrap_aws_rate_limited_call( rds.describe_db_cluster_snapshots ) rds_cluster_snapshots.extend( response.get('DBClusterSnapshots')) if response.get('Marker'): marker = response.get('Marker') else: break except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue( str(e), self.index, account, region.name) self.slurp_exception( (self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}".format( len(rds_cluster_snapshots), self.i_am_plural)) for cluster_snapshot in rds_cluster_snapshots: name = cluster_snapshot.get('DBClusterSnapshotIdentifier') if self.check_ignore_list(name): continue config = { 'db_cluster_snapshot_identifier': name, 'db_cluster_identifier': cluster_snapshot.get('DBClusterIdentifier'), 'snapshot_create_time': str(cluster_snapshot.get('SnapshotCreateTime')), 'availability_zones': cluster_snapshot.get('AvailabilityZones'), 'engine': cluster_snapshot.get('Engine'), 'allocated_storage': cluster_snapshot.get('AllocatedStorage'), 'status': cluster_snapshot.get('Status'), 'port': cluster_snapshot.get('Port'), 'vpc_id': cluster_snapshot.get('VpcId'), 'cluster_create_time': str(cluster_snapshot.get('ClusterCreateTime')), 'master_username': cluster_snapshot.get('MasterUsername'), 'engine_version': cluster_snapshot.get('EngineVersion'), 'license_model': cluster_snapshot.get('LicenseModel'), 'snapshot_type': cluster_snapshot.get('SnapshotType'), 'percent_progress': cluster_snapshot.get('PercentProgress'), 'storage_encrypted': cluster_snapshot.get('StorageEncrypted'), 'kms_key_id': cluster_snapshot.get('KmsKeyId') } item = RDSClusterSnapshotItem( region=region.name, account=account, name=name, config=dict(config), source_watcher=self) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of configs. :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ self.prep_for_slurp() item_list = [] exception_map = {} from security_monkey.common.sts_connect import connect for account in self.accounts: for region in regions(): app.logger.debug( "Checking {}/{}/{}".format(self.index, account, region.name)) if region.name not in AVAILABLE_REGIONS: continue try: configService = connect( account, 'boto3.config.client', region=region) app.logger.debug( "Config policy is: {}".format(configService)) response = self.wrap_aws_rate_limited_call( configService.describe_config_rules ) config_rules = response.get('ConfigRules', []) except Exception as e: app.logger.debug("Exception found: {}".format(e)) if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue( str(e), self.index, account, region.name) self.slurp_exception( (self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}.".format( len(config_rules), self.i_am_plural)) for config_rule in config_rules: name = config_rule.get('ConfigRuleName') if self.check_ignore_list(name): continue item_config = { 'config_rule': name, 'config_rule_arn': config_rule.get('ConfigRuleArn'), 'config_rule_id': config_rule.get('ConfigRuleId'), 'scope': config_rule.get('Scope', {}), 'source': config_rule.get('Source', {}), 'imput_parameters': config_rule.get('InputParameters'), 'maximum_execution_frequency': config_rule.get('MaximumExecutionFrequency'), 'config_rule_state': config_rule.get('ConfigRuleState'), } item = ConfigItem( region=region.name, account=account, name=name, arn=config_rule.get('ConfigRuleArn'), config=item_config) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of RDS DB Clusters. :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ self.prep_for_slurp() item_list = [] exception_map = {} from security_monkey.common.sts_connect import connect for account in self.accounts: for region in regions(): app.logger.debug("Checking {}/{}/{}".format( self.index, account, region.name)) clusters = [] try: rds = connect(account, 'boto3.rds.client', region=region) marker = None while True: if marker: response = self.wrap_aws_rate_limited_call( rds.describe_db_clusters, Marker=marker) else: response = self.wrap_aws_rate_limited_call( rds.describe_db_clusters) clusters.extend(response.get('DBClusters', [])) if response.get('Marker'): marker = response.get('Marker') else: break except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue(str(e), self.index, account, region.name) self.slurp_exception( (self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}".format(len(clusters), self.i_am_plural)) for cluster in clusters: name = cluster.get('DBClusterIdentifier') if self.check_ignore_list(name): continue item_config = { 'name': name, 'allocated_storage': cluster.get('AllocatedStorage'), 'availability_zones': cluster.get('AvailabilityZones'), 'backup_retention_period': cluster.get('BackupRetentionPeriod'), 'character_set_name': cluster.get('CharacterSetName'), 'database_name': cluster.get('DatabaseName'), 'db_cluster_parameter_group': cluster.get('DBClusterParameterGroup'), 'db_subnet_group': cluster.get('DBSubnetGroup'), 'status': cluster.get('Status'), 'percent_progress': cluster.get('PercentProgress'), 'earliest_restorable_time': str(cluster.get('EarliestRestorableTime')), 'endpoint': cluster.get('Endpoint'), 'engine': cluster.get('Engine'), 'engine_version': cluster.get('EngineVersion'), 'latest_restorable_time': str(cluster.get('LatestRestorableTime')), 'port': cluster.get('Port'), 'master_username': cluster.get('MasterUsername'), 'db_cluster_option_group_memberships': cluster.get('DBClusterOptionGroupMemberships', []), 'preferred_backup_window': cluster.get('PreferredBackupWindow'), 'preferred_maintenance_window': cluster.get('PreferredMaintenanceWindow'), 'db_cluster_members': cluster.get('DBClusterMembers', []), 'vpc_security_groups': cluster.get('VpcSecurityGroups', []), 'hosted_zoneId': cluster.get('HostedZoneId'), 'storage_encrypted': cluster.get('StorageEncrypted', False), 'kms_key_id': cluster.get('KmsKeyId'), 'db_cluster_resourceId': cluster.get('DbClusterResourceId'), 'arn': cluster.get('DBClusterArn') } item = RDSClusterItem(region=region.name, account=account, name=name, arn=cluster.get('DBClusterArn'), config=item_config) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of RDS Security Groups. :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ self.prep_for_slurp() item_list = [] exception_map = {} from security_monkey.common.sts_connect import connect for account in self.accounts: for region in regions(): app.logger.debug("Checking {}/{}/{}".format( self.index, account, region.name)) sgs = [] try: rds = connect(account, 'rds', region=region) marker = None while True: response = self.wrap_aws_rate_limited_call( rds.get_all_dbsecurity_groups, marker=marker) sgs.extend(response) if response.marker: marker = response.marker else: break except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue(str(e), self.index, account, region.name) self.slurp_exception( (self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}".format(len(sgs), self.i_am_plural)) for sg in sgs: if self.check_ignore_list(sg.name): continue name = sg.name vpc_id = None if hasattr(sg, 'VpcId'): vpc_id = sg.VpcId name = "{} (in {})".format(sg.name, vpc_id) item_config = { "name": sg.name, "description": sg.description, "owner_id": sg.owner_id, "region": region.name, "ec2_groups": [], "ip_ranges": [], "vpc_id": vpc_id } for ipr in sg.ip_ranges: ipr_config = { "cidr_ip": ipr.cidr_ip, "status": ipr.status, } item_config["ip_ranges"].append(ipr_config) item_config["ip_ranges"] = sorted(item_config["ip_ranges"]) for ec2_sg in sg.ec2_groups: ec2sg_config = { "name": ec2_sg.name, "owner_id": ec2_sg.owner_id, "Status": ec2_sg.Status, } item_config["ec2_groups"].append(ec2sg_config) item_config["ec2_groups"] = sorted( item_config["ec2_groups"]) item = RDSSecurityGroupItem(region=region.name, account=account, name=name, config=item_config) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of RDS Security Groups. :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ self.prep_for_slurp() item_list = [] exception_map = {} from security_monkey.common.sts_connect import connect for account in self.accounts: account_db = Account.query.filter(Account.name == account).first() account_number = account_db.number for region in regions(): app.logger.debug("Checking {}/{}/{}".format(self.index, account, region.name)) sgs = [] try: rds = connect(account, 'rds', region=region) marker = None while True: response = self.wrap_aws_rate_limited_call( rds.get_all_dbsecurity_groups, marker=marker ) sgs.extend(response) if response.marker: marker = response.marker else: break except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue(str(e), self.index, account, region.name) self.slurp_exception((self.index, account, region.name), exc, exception_map, source="{}-watcher".format(self.index)) continue app.logger.debug("Found {} {}".format(len(sgs), self.i_am_plural)) for sg in sgs: if self.check_ignore_list(sg.name): continue name = sg.name vpc_id = None if hasattr(sg, 'VpcId'): vpc_id = sg.VpcId name = "{} (in {})".format(sg.name, vpc_id) item_config = { "name": sg.name, "description": sg.description, "owner_id": sg.owner_id, "region": region.name, "ec2_groups": [], "ip_ranges": [], "vpc_id": vpc_id } for ipr in sg.ip_ranges: ipr_config = { "cidr_ip": ipr.cidr_ip, "status": ipr.status, } item_config["ip_ranges"].append(ipr_config) item_config["ip_ranges"] = sorted(item_config["ip_ranges"]) for ec2_sg in sg.ec2_groups: ec2sg_config = { "name": ec2_sg.name, "owner_id": ec2_sg.owner_id, "Status": ec2_sg.Status, } item_config["ec2_groups"].append(ec2sg_config) item_config["ec2_groups"] = sorted(item_config["ec2_groups"]) arn = 'arn:aws:rds:{region}:{account_number}:secgrp:{name}'.format( region=region.name, account_number=account_number, name=name) item_config['arn'] = arn item = RDSSecurityGroupItem(region=region.name, account=account, name=name, arn=arn, config=item_config) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of RDS Security Groups. :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ item_list = [] exception_map = {} from security_monkey.common.sts_connect import connect for account in self.accounts: for region in regions(): app.logger.debug("Checking {}/{}/{}".format(self.index, account, region.name)) try: rds = connect(account, 'rds', region=region) sgs = rds.get_all_dbsecurity_groups() except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue(str(e), self.index, account, region.name) self.slurp_exception((self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}".format(len(sgs), self.i_am_plural)) for sg in sgs: ### Check if this SG is on the Ignore List ### ignore_item = False for ignore_item_name in IGNORE_PREFIX[self.index]: if sg.name.lower().startswith(ignore_item_name.lower()): ignore_item = True break if ignore_item: continue item_config = { "name": sg.name, "description": sg.description, "owner_id": sg.owner_id, "region": region.name, "ec2_groups": [], "ip_ranges": [] } for ipr in sg.ip_ranges: ipr_config = { "cidr_ip": ipr.cidr_ip, "status": ipr.status, } item_config["ip_ranges"].append(ipr_config) item_config["ip_ranges"] = sorted(item_config["ip_ranges"]) for ec2_sg in sg.ec2_groups: ec2sg_config = { "name": ec2_sg.name, "owner_id": ec2_sg.owner_id, "Status": ec2_sg.Status, } item_config["ec2_groups"].append(ec2sg_config) item_config["ec2_groups"] = sorted(item_config["ec2_groups"]) item = RDSSecurityGroupItem(region=region.name, account=account, name=sg.name, config=item_config) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of RDS DB Clusters. :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ self.prep_for_slurp() item_list = [] exception_map = {} from security_monkey.common.sts_connect import connect for account in self.accounts: for region in regions(): app.logger.debug( "Checking {}/{}/{}".format(self.index, account, region.name)) clusters = [] try: rds = connect(account, 'boto3.rds.client', region=region) marker = None while True: if marker: response = self.wrap_aws_rate_limited_call( rds.describe_db_clusters, Marker=marker ) else: response = self.wrap_aws_rate_limited_call( rds.describe_db_clusters ) clusters.extend(response.get('DBClusters', [])) if response.get('Marker'): marker = response.get('Marker') else: break except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue( str(e), self.index, account, region.name) self.slurp_exception( (self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}".format( len(clusters), self.i_am_plural)) for cluster in clusters: name = cluster.get('DBClusterIdentifier') if self.check_ignore_list(name): continue item_config = { 'name': name, 'allocated_storage': cluster.get('AllocatedStorage'), 'availability_zones': cluster.get('AvailabilityZones'), 'backup_retention_period': cluster.get('BackupRetentionPeriod'), 'character_set_name': cluster.get('CharacterSetName'), 'database_name': cluster.get('DatabaseName'), 'db_cluster_parameter_group': cluster.get('DBClusterParameterGroup'), 'db_subnet_group': cluster.get('DBSubnetGroup'), 'status': cluster.get('Status'), 'percent_progress': cluster.get('PercentProgress'), 'earliest_restorable_time': str(cluster.get('EarliestRestorableTime')), 'endpoint': cluster.get('Endpoint'), 'engine': cluster.get('Engine'), 'engine_version': cluster.get('EngineVersion'), 'latest_restorable_time': str(cluster.get('LatestRestorableTime')), 'port': cluster.get('Port'), 'master_username': cluster.get('MasterUsername'), 'db_cluster_option_group_memberships': cluster.get('DBClusterOptionGroupMemberships', []), 'preferred_backup_window': cluster.get('PreferredBackupWindow'), 'preferred_maintenance_window': cluster.get('PreferredMaintenanceWindow'), 'db_cluster_members': cluster.get('DBClusterMembers', []), 'vpc_security_groups': cluster.get('VpcSecurityGroups', []), 'hosted_zoneId': cluster.get('HostedZoneId'), 'storage_encrypted': cluster.get('StorageEncrypted', False), 'kms_key_id': cluster.get('KmsKeyId'), 'db_cluster_resourceId': cluster.get('DbClusterResourceId'), 'arn': cluster.get('DBClusterArn') } item = RDSClusterItem( region=region.name, account=account, name=name, arn=cluster.get('DBClusterArn'), config=item_config, source_watcher=self) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of RDS snapshots in use by account :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ self.prep_for_slurp() from security_monkey.common.sts_connect import connect item_list = [] exception_map = {} for account in self.accounts: for region in regions(): app.logger.debug("Checking {}/{}/{}".format( self.index, account, region.name)) snapshots = [] try: rds = connect(account, 'boto3.rds.client', region=region) marker = '' while True: response = self.wrap_aws_rate_limited_call( rds.describe_db_snapshots, Marker=marker) snapshots.extend(response.get('DBSnapshots')) if response.get('Marker'): marker = response.get('Marker') else: break except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue(str(e), self.index, account, region.name) self.slurp_exception( (self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}".format(len(snapshots), self.i_am_plural)) for snapshot in snapshots: name = snapshot.get('DBSnapshotIdentifier') if self.check_ignore_list(name): continue config = dict(snapshot) config['InstanceCreateTime'] = str( config.get('InstanceCreateTime')) config['SnapshotCreateTime'] = str( config.get('SnapshotCreateTime')) config['Arn'] = str(config.get('DBSnapshotArn')) config['Attributes'] = dict() try: attributes = self.wrap_aws_rate_limited_call( rds.describe_db_snapshot_attributes, DBSnapshotIdentifier=snapshot.get( 'DBSnapshotIdentifier')) for attribute in attributes[ 'DBSnapshotAttributesResult'][ 'DBSnapshotAttributes']: config['Attributes'][ attribute['AttributeName']] = attribute[ 'AttributeValues'] except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue(str(e), self.index, account, region.name) self.slurp_exception( (self.index, account, region.name, name), exc, exception_map) item = RDSSnapshotItem(region=region.name, account=account, name=name, arn=snapshot.get('DBSnapshotArn'), config=dict(config), source_watcher=self) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of RDS Cluster Snapshots. :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ self.prep_for_slurp() from security_monkey.common.sts_connect import connect item_list = [] exception_map = {} for account in self.accounts: for region in regions(): app.logger.debug("Checking {}/{}/{}".format( self.index, account, region.name)) rds_cluster_snapshots = [] try: rds = connect(account, 'boto3.rds.client', region=region) marker = None while True: if marker: response = self.wrap_aws_rate_limited_call( rds.describe_db_cluster_snapshots, Marker=marker) else: response = self.wrap_aws_rate_limited_call( rds.describe_db_cluster_snapshots) rds_cluster_snapshots.extend( response.get('DBClusterSnapshots')) if response.get('Marker'): marker = response.get('Marker') else: break except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue(str(e), self.index, account, region.name) self.slurp_exception( (self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}".format( len(rds_cluster_snapshots), self.i_am_plural)) for cluster_snapshot in rds_cluster_snapshots: name = cluster_snapshot.get('DBClusterSnapshotIdentifier') if self.check_ignore_list(name): continue config = { 'db_cluster_snapshot_identifier': name, 'db_cluster_identifier': cluster_snapshot.get('DBClusterIdentifier'), 'snapshot_create_time': str(cluster_snapshot.get('SnapshotCreateTime')), 'availability_zones': cluster_snapshot.get('AvailabilityZones'), 'engine': cluster_snapshot.get('Engine'), 'allocated_storage': cluster_snapshot.get('AllocatedStorage'), 'status': cluster_snapshot.get('Status'), 'port': cluster_snapshot.get('Port'), 'vpc_id': cluster_snapshot.get('VpcId'), 'cluster_create_time': str(cluster_snapshot.get('ClusterCreateTime')), 'master_username': cluster_snapshot.get('MasterUsername'), 'engine_version': cluster_snapshot.get('EngineVersion'), 'license_model': cluster_snapshot.get('LicenseModel'), 'snapshot_type': cluster_snapshot.get('SnapshotType'), 'percent_progress': cluster_snapshot.get('PercentProgress'), 'storage_encrypted': cluster_snapshot.get('StorageEncrypted'), 'kms_key_id': cluster_snapshot.get('KmsKeyId') } item = RDSClusterSnapshotItem(region=region.name, account=account, name=name, config=dict(config), source_watcher=self) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of RDS snapshots in use by account :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ self.prep_for_slurp() from security_monkey.common.sts_connect import connect item_list = [] exception_map = {} for account in self.accounts: for region in regions(): app.logger.debug( "Checking {}/{}/{}".format(self.index, account, region.name)) snapshots = [] try: rds = connect(account, 'boto3.rds.client', region=region) marker = '' while True: response = self.wrap_aws_rate_limited_call( rds.describe_db_snapshots, Marker=marker) snapshots.extend(response.get('DBSnapshots')) if response.get('Marker'): marker = response.get('Marker') else: break except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue( str(e), self.index, account, region.name) self.slurp_exception( (self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}".format( len(snapshots), self.i_am_plural)) for snapshot in snapshots: name = snapshot.get('DBSnapshotIdentifier') if self.check_ignore_list(name): continue config = dict(snapshot) config['InstanceCreateTime'] = str(config.get('InstanceCreateTime')) config['SnapshotCreateTime'] = str(config.get('SnapshotCreateTime')) config['Arn'] = str(config.get('DBSnapshotArn')) config['Attributes'] = dict() try: attributes = self.wrap_aws_rate_limited_call( rds.describe_db_snapshot_attributes, DBSnapshotIdentifier=snapshot.get('DBSnapshotIdentifier')) for attribute in attributes['DBSnapshotAttributesResult']['DBSnapshotAttributes']: config['Attributes'][attribute['AttributeName']] = attribute['AttributeValues'] except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue(str(e), self.index, account, region.name) self.slurp_exception((self.index, account, region.name, name), exc, exception_map) item = RDSSnapshotItem( region=region.name, account=account, name=name, arn=snapshot.get('DBSnapshotArn'), config=dict(config), source_watcher=self) item_list.append(item) return item_list, exception_map
def slurp(self): """ :returns: item_list - list of RDS Security Groups. :returns: exception_map - A dict where the keys are a tuple containing the location of the exception and the value is the actual exception """ item_list = [] exception_map = {} from security_monkey.common.sts_connect import connect for account in self.accounts: for region in regions(): app.logger.debug("Checking {}/{}/{}".format(self.index, account, region.name)) try: rds = connect(account, 'rds', region=region) sgs = self.wrap_aws_rate_limited_call( rds.get_all_dbsecurity_groups ) except Exception as e: if region.name not in TROUBLE_REGIONS: exc = BotoConnectionIssue(str(e), self.index, account, region.name) self.slurp_exception((self.index, account, region.name), exc, exception_map) continue app.logger.debug("Found {} {}".format(len(sgs), self.i_am_plural)) for sg in sgs: ### Check if this SG is on the Ignore List ### ignore_item = False for ignore_item_name in IGNORE_PREFIX[self.index]: if sg.name.lower().startswith(ignore_item_name.lower()): ignore_item = True break if ignore_item: continue item_config = { "name": sg.name, "description": sg.description, "owner_id": sg.owner_id, "region": region.name, "ec2_groups": [], "ip_ranges": [] } for ipr in sg.ip_ranges: ipr_config = { "cidr_ip": ipr.cidr_ip, "status": ipr.status, } item_config["ip_ranges"].append(ipr_config) item_config["ip_ranges"] = sorted(item_config["ip_ranges"]) for ec2_sg in sg.ec2_groups: ec2sg_config = { "name": ec2_sg.name, "owner_id": ec2_sg.owner_id, "Status": ec2_sg.Status, } item_config["ec2_groups"].append(ec2sg_config) item_config["ec2_groups"] = sorted(item_config["ec2_groups"]) item = RDSSecurityGroupItem(region=region.name, account=account, name=sg.name, config=item_config) item_list.append(item) return item_list, exception_map