def get_lambda_inventory(oId, profile):
"""
Returns lambda inventory.
:param oId: ownerId (AWS account)
:type oId: string
:param profile: configuration profile name used for session
:type profile: string
:return: lambda inventory
:rtype: json
.. note:: http://boto3.readthedocs.io/en/latest/reference/services/lambda.html
"""
return glob.get_inventory(ownerId=oId,
profile=profile,
aws_service="lambda",
aws_region="all",
function_name="list_functions",
key_get="Functions",
pagination=True)
def get_es_inventory(oId):
"""
Returns Elasticsearch details
:param oId: ownerId (AWS account)
:type oId: string
:return: Elasticsearch inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/es.html
"""
return glob.get_inventory(ownerId=oId,
aws_service="es",
aws_region="all",
function_name="list_domain_names",
key_get="DomainNames",
join_key="DomainName",
detail_join_key="DomainName",
detail_function="describe_elasticsearch_domain",
detail_get_key="DomainStatus")
def get_ec2_inventory(oId, profile):
"""
Returns ec2 inventory, without any analysis or any formatting
:param oId: ownerId (AWS account)
:type oId: string
:param profile: configuration profile name used for session
:type profile: string
:return: ec2 inventory
:rtype: json
.. note:: http://boto3.readthedocs.io/en/latest/reference/services/ec2.html
"""
return glob.get_inventory(ownerId=oId,
profile=profile,
aws_service="ec2",
aws_region="all",
function_name="describe_instances",
key_get="Reservations",
pagination=True)
def get_apigateway_inventory(oId, profile):
"""
Returns API Gateway inventory
:param oId: ownerId (AWS account)
:type oId: string
:param profile: configuration profile name used for session
:type profile: string
:return: API Gateway inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/apigateway.html
..todo:: add --> plans, api keys, custom domain names, client certificates, vpc links
"""
return glob.get_inventory(ownerId=oId,
profile=profile,
aws_service="apigateway",
aws_region="all",
function_name="get_rest_apis",
key_get="items",
pagination=True)
def get_elbv2_inventory(oId, profile):
"""
Returns ELBv2 inventory
:param oId: ownerId (AWS account)
:type oId: string
:param profile: configuration profile name used for session
:type profile: string
:return: ELBv2 inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/elbv2.html
"""
return glob.get_inventory(ownerId=oId,
profile=profile,
aws_service="elbv2",
aws_region="all",
function_name="describe_load_balancers",
key_get="LoadBalancers",
pagination=True)
def get_cloudfront_inventory(oId):
"""
Returns cloudfront inventory
:param oId: ownerId (AWS account)
:type oId: string
:return: Cloudfront inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/cloudfront.html
"""
return glob.get_inventory(
ownerId = oId,
aws_service = "cloudfront",
aws_region = "all",
function_name = "list_distributions",
key_get = "Items",
pagination = True
)
def get_rds_inventory(oId, profile):
"""
Returns RDS inventory
:param oId: ownerId (AWS account)
:type oId: string
:param profile: configuration profile name used for session
:type profile: string
:return: RDS inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/rds.html
"""
return glob.get_inventory(ownerId=oId,
profile=profile,
aws_service="rds",
aws_region="all",
function_name="describe_db_instances",
key_get="DBInstances",
pagination=True)
def get_datapipeline_inventory(oId):
"""
Returns datapipeline details
:param oId: ownerId (AWS account)
:type oId: string
:return: datapipeline inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/datapipeline.html
"""
return glob.get_inventory(ownerId=oId,
aws_service="datapipeline",
aws_region="all",
function_name="list_pipelines",
key_get="pipelineIdList",
pagination=True,
join_key="id",
detail_join_key="pipelineId",
detail_function="get_pipeline_definition",
detail_get_key="")
def get_kms_inventory(oId):
"""
Returns keys managed by KMS (global)
:param oId: ownerId (AWS account)
:type oId: string
:return: KMS inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/kms.html
"""
return glob.get_inventory(ownerId=oId,
aws_service="kms",
aws_region="all",
function_name="list_keys",
key_get="Keys",
detail_function="describe_key",
join_key="KeyId",
detail_join_key="KeyId",
detail_get_key="KeyMetadata",
pagination=True)
def get_cloudformation_inventory(oId):
"""
Returns cloudformation inventory (if the region is avalaible)
:param oId: ownerId (AWS account)
:type oId: string
:return: cloudformation inventory
:rtype: json
.. note:: https://boto3.readthedocs.io/en/latest/reference/services/cloudformation.html
"""
return glob.get_inventory(ownerId=oId,
aws_service="cloudformation",
aws_region="all",
function_name="describe_stacks",
key_get="Stacks",
detail_function="describe_stack_resources",
join_key="StackName",
detail_join_key="StackName",
detail_get_key="",
pagination=True)
def get_elb_inventory(oId):
"""
Returns ELB inventory
:param oId: ownerId (AWS account)
:type oId: string
:return: ELB inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/elb.html
"""
return glob.get_inventory(
ownerId = oId,
aws_service = "elb",
aws_region = "all",
function_name = "describe_load_balancers",
key_get = "LoadBalancerDescriptions",
pagination = True
)
def get_storagegateway_inventory(oId):
"""
Returns Storage gateway inventory
:param oId: ownerId (AWS account)
:type oId: string
:return: Storage gateway inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/storagegateway.html
"""
return glob.get_inventory(ownerId=oId,
aws_service="storagegateway",
aws_region="all",
function_name="list_gateways",
key_get="Gateways",
detail_function="describe_gateway_information",
detail_get_key="",
join_key="GatewayARN",
detail_join_key="GatewayARN",
pagination=True)
def get_neptune_inventory(oId):
"""
Returns neptune inventory (instances & clusters). Instances are listed in RDS inventory.
:param oId: ownerId (AWS account)
:type oId: string
:return: neptune inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/neptune.html
"""
neptune_inventory = {}
neptune_inventory['clusters'] = glob.get_inventory(
ownerId=oId,
aws_service="neptune",
aws_region="all",
function_name="describe_db_clusters",
key_get="DBClusters")
return neptune_inventory
def get_cloudsearch_inventory(oId, profile):
"""
Returns cloudsearch details
:param oId: ownerId (AWS account)
:type oId: string
:param profile: configuration profile name used for session
:type profile: string
:return: cloudsearch inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/cloudsearch.html
"""
return glob.get_inventory(
ownerId = oId,
profile = profile,
aws_service = "cloudsearch",
aws_region = "all",
function_name = "describe_domains",
key_get = "DomainStatusList"
)
def get_cloudtrail_inventory(oId, profile):
"""
Returns cloudtrail inventory (if the region is avalaible)
:param oId: ownerId (AWS account)
:type oId: string
:param profile: configuration profile name used for session
:type profile: string
:return: cloudtrail inventory
:rtype: json
.. note:: https://boto3.readthedocs.io/en/latest/reference/services/cloudtrail.html
"""
return glob.get_inventory(
ownerId = oId,
profile = profile,
aws_service = "cloudtrail",
aws_region = "all",
function_name = "describe_trails",
key_get = "trailList"
)
def get_dynamodb_inventory(oId):
"""
Returns dynamoDB inventory
:param oId: ownerId (AWS account)
:type oId: string
:return: dynamoDB inventory
:rtype: json
..note:: http://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html
"""
return glob.get_inventory(ownerId=oId,
aws_service="dynamodb",
aws_region="all",
function_name="list_tables",
key_get="TableNames",
detail_function="describe_table",
join_key="TableName",
detail_join_key="TableName",
detail_get_key="Table",
pagination=True)
def get_s3_inventory(oId, profile):
"""
Returns S3 quick inventory
:param oId: ownerId (AWS account)
:type oId: string
:param profile: configuration profile name used for session
:type profile: string
:return: S3 inventory
:rtype: json
..note:: #http://boto3.readthedocs.io/en/latest/reference/services/s3.html#client
"""
inventory = []
bucket_list = glob.get_inventory(
ownerId = oId,
profile = profile,
aws_service = "s3",
aws_region = "global",
function_name = "list_buckets",
key_get = "Buckets"
)
# S3 needs some analysis (website, size)
session = boto3.Session(profile_name=profile)
s3 = session.client("s3")
if len(bucket_list) > 0:
for bucket in bucket_list:
bucket_name = bucket['Name']
# Check if a website if configured; if yes, it could lead to a DLP issue
try:
has_website = 'unknown'
has_website = s3.get_bucket_website(Bucket = bucket_name)
del has_website['ResponseMetadata']
except ClientError as ce:
if 'NoSuchWebsiteConfiguration' in ce.args[0]:
has_website = 'no'
bucket['website'] = has_website
# Tags
try:
bucket['tags'] = s3.get_bucket_tagging(Bucket = bucket_name).get('TagSet')
except:
pass
# ACL
try:
acl = s3.get_bucket_acl(Bucket = bucket_name)
del acl['ResponseMetadata']
bucket['acl'] = acl
except:
pass
# Policy
try:
policy = "no"
policy = json.JSONDecoder().decode(s3.get_bucket_policy(Bucket = bucket_name).get('Policy'))
del policy['ResponseMetadata']
except:
pass
bucket['policy'] = policy
# Encryption
try:
encrypt = "no"
encrypt = s3.get_bucket_encryption(Bucket = bucket_name)
del encrypt['ResponseMetadata']
except:
pass
bucket['encryption'] = encrypt
# Other
bucket['location'] = s3.get_bucket_location(Bucket = bucket_name).get('LocationConstraint')
# Summarize nb of objets and total size (for the current bucket)
paginator = s3.get_paginator('list_objects_v2')
nbobj = 0
size = 0
#page_objects = paginator.paginate(Bucket=bucketname,PaginationConfig={'MaxItems': 10})
page_objects = paginator.paginate(Bucket = bucket_name)
for objects in page_objects:
try:
nbobj += len(objects['Contents'])
for obj in objects['Contents']:
size += obj['Size']
except:
pass
bucket['number_of_objects'] = nbobj
bucket['total_size'] = size
inventory.append(bucket)
return inventory
