def inventory_users(iam, account, output_bucket):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
users_list = iam.list_users().get('Users')
for user in users_list:
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(user.get('UserName')),
misc.check_if(user.get('CreateDate').strftime('%Y_%m_%d')),
misc.check_if(is_password_set(iam, user.get('UserName'))),
misc.check_if(misc.date_to_days(user.get('PasswordLastUsed'))),
misc.check_if(count_active_keys(iam, user.get('UserName'))),
misc.check_if(mfa_enabled(iam, user.get('UserName'))),
misc.check_if(list_groups_for_user(iam, user.get('UserName'))),
misc.check_if(
list_user_policies_for_user(iam, user.get('UserName'))),
)))
def describe_snapshots(ec2, account, region, output_bucket):
"""continue from multithread describe_snapshots() call
Args:
ec2 (object): ec2 client object
account (dict): aws accounts
region (dict): regions
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
'''extract owner_id from role'''
owner_id = str(re.split(':',account.get('role_arn'))[4])
'''get list of snapshots owned by owner_id'''
snap_list = ec2.describe_snapshots(OwnerIds=[owner_id]).get('Snapshots')
for snap_obj in snap_list:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(str(snap_obj.get('SnapshotId'))),
misc.check_if(str(misc.date_to_days(snap_obj.get('StartTime')))),
misc.check_if(str(snap_obj.get('StartTime').strftime('%Y_%m_%d'))),
misc.check_if(str(snap_obj.get('VolumeSize'))),
misc.check_if(str(snap_obj.get('Encrypted'))),
#'''get rid of commas if present'''
misc.check_if(str(re.sub('[,]','', snap_obj.get('Description')))),
)))
def inventory_access_keys(iam, account, output_bucket):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""get list of keys from the list of users"""
for user in iam.list_users().get('Users'):
for key in iam.list_access_keys(
UserName=user.get('UserName')).get('AccessKeyMetadata'):
"""find out which keys have been used"""
last_used = iam.get_access_key_last_used(
AccessKeyId=key.get('AccessKeyId')).get('AccessKeyLastUsed')
key_lastused = None
key_lastused_days = None
key_service = None
"""get info for active keys"""
if last_used.get('LastUsedDate'):
key_lastused = last_used.get('LastUsedDate').strftime(
'%Y_%m_%d')
key_lastused_days = misc.date_to_days(
last_used.get('LastUsedDate'))
key_service = last_used.get('ServiceName')
else:
"""mark inactive keys"""
key_lastused = 'Never'
key_lastused_days = '-1'
key_service = 'N/A'
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(user.get('UserName')),
misc.check_if(key.get('AccessKeyId')),
misc.check_if(str(misc.date_to_days(
key.get('CreateDate')))),
misc.check_if(key.get('CreateDate').strftime('%Y_%m_%d')),
misc.check_if(key.get('Status')),
misc.check_if(str(key_lastused_days)),
misc.check_if(key_lastused),
misc.check_if(key_service),
)))
def inventory_access_keys(iam, account, output_bucket):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
"""get list of keys from the list of users"""
for user in iam.list_users().get('Users'):
for key in iam.list_access_keys(
UserName=user.get('UserName')).get('AccessKeyMetadata'):
"""find out which keys have been used"""
last_used = iam.get_access_key_last_used(
AccessKeyId=key.get('AccessKeyId')).get('AccessKeyLastUsed')
key_lastused = None
key_lastused_days = None
key_service = None
"""get info for active keys"""
if last_used.get('LastUsedDate'):
key_lastused = last_used.get('LastUsedDate').strftime('%Y_%m_%d')
key_lastused_days = misc.date_to_days(last_used.get('LastUsedDate'))
key_service = last_used.get('ServiceName')
else:
"""mark inactive keys"""
key_lastused = 'Never'
key_lastused_days = '-1'
key_service = 'N/A'
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(user.get('UserName')),
misc.check_if(key.get('AccessKeyId')),
misc.check_if(str(misc.date_to_days(key.get('CreateDate')))),
misc.check_if(key.get('CreateDate').strftime('%Y_%m_%d')),
misc.check_if(key.get('Status')),
misc.check_if(str(key_lastused_days)),
misc.check_if(key_lastused),
misc.check_if(key_service),
)))
def inventory_users(iam, account, output_bucket):
"""continue from multithread call
Args:
iam (object): iam client object
account (dict): aws accounts
output_bucket (list): results bucket holder
Returns:
nothing. appends results to output_bucket
"""
users_list = iam.list_users().get('Users')
for user in users_list:
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(user.get('UserName')),
misc.check_if(user.get('CreateDate').strftime('%Y_%m_%d')),
misc.check_if(is_password_set(iam, user.get('UserName'))),
misc.check_if(misc.date_to_days(user.get('PasswordLastUsed'))),
misc.check_if(count_active_keys(iam, user.get('UserName'))),
misc.check_if(mfa_enabled(iam, user.get('UserName'))),
misc.check_if(list_groups_for_user(iam, user.get('UserName'))),
misc.check_if(list_user_policies_for_user(iam, user.get('UserName'))),
)))
for group_name in app_groups:
dep_group = codedeploy.get_deployment_group(
applicationName=app_obj,
deploymentGroupName=group_name
).get('deploymentGroupInfo')
deployments = codedeploy.list_deployments(
applicationName=app_obj,
deploymentGroupName=group_name
).get('deployments')
for deployment_name in deployments:
instances = '<br>'.join(codedeploy.list_deployment_instances(
deploymentId=deployment_name
).get('instancesList'))
output_bucket.append(misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(str(app_info.get('applicationName'))),
misc.check_if(str(app_info.get('linkedToGitHub'))),
misc.check_if(str(app_info.get('createTime').strftime('%Y_%m_%d'))),
misc.check_if(str(misc.date_to_days(app_info.get('createTime')))),
misc.check_if(str(group_name)),
misc.check_if(str(dep_group.get('targetRevision').get('revisionType'))),
misc.check_if(str(instances)),
misc.check_if(str(dep_group.get('serviceRoleArn'))),
)))
deploymentGroupName=group_name).get('deployments')
for deployment_name in deployments:
instances = '<br>'.join(
codedeploy.list_deployment_instances(
deploymentId=deployment_name).get('instancesList'))
output_bucket.append(
misc.format_line((
misc.check_if(account.get('name')),
misc.check_if(region.get('RegionName')),
misc.check_if(str(
app_info.get('applicationName'))),
misc.check_if(str(app_info.get('linkedToGitHub'))),
misc.check_if(
str(
app_info.get('createTime').strftime(
'%Y_%m_%d'))),
misc.check_if(
str(
misc.date_to_days(
app_info.get('createTime')))),
misc.check_if(str(group_name)),
misc.check_if(
str(
dep_group.get('targetRevision').get(
'revisionType'))),
misc.check_if(str(instances)),
misc.check_if(str(
dep_group.get('serviceRoleArn'))),
)))
