def getAllV2ELBs(roleArn=None):
"""
This function grabs each v2 elb from each region and returns
a list of them.
If a roleArn is provided, that role is assumed before monitoring
"""
session = getSession(
roleArn) # defaults to local session if roleArn is None
accountId = getAccountId(session)
# get list of all load balancers in each region
elbs = []
regions = session.client('ec2').describe_regions()['Regions']
for region in regions:
elbClient = session.client('elbv2', region_name=region['RegionName'])
for elb in elbClient.describe_load_balancers()['LoadBalancers']:
# add additional data
elb["Region"] = region
elb["AccountId"] = accountId
# add listeners to see which SSL policies are attached to this elb
elbArn = elb['LoadBalancerArn']
listeners = elbClient.describe_listeners(LoadBalancerArn=elbArn)
elb["Listeners"] = listeners # add listeners as feild in the ELB
elbs.append(elb)
# return list of load balancers
return elbs
def getAllV1ELBs(roleArn=None):
"""
This function grabs each classic elb from each region and returns
a list of them.
If a roleArn is provided, that role is assumed before monitoring
"""
session = getSession(
roleArn) # defaults to local session if roleArn is None
accountId = getAccountId(session)
# get list of all load balancers in each region
elbs = []
regions = session.client('ec2').describe_regions()['Regions']
for region in regions:
elbClient = session.client('elb', region_name=region['RegionName'])
for elb in elbClient.describe_load_balancers(
)['LoadBalancerDescriptions']:
# add data before adding elb to list of elbs
elb["Region"] = region
elb["AccountId"] = accountId
elbs.append(elb)
# return list of load balancers
return elbs
def getAllInstances(roleArn=None):
"""
This method returns a list containing each
ec2 instance from each region in the current AWS account.
If a roleArn is provided, that role is assumed and instances
are retreived from that role's AWS account
"""
session = getSession(roleArn) # if None, the base boto3 session is used
regions = session.client('ec2').describe_regions()['Regions']
accountId = getAccountId(session)
# get list of all instances in each region
instances = []
for region in regions:
reservations = session.client('ec2', region_name=region['RegionName']
).describe_instances()["Reservations"]
for reservation in reservations:
for instance in reservation['Instances']:
instance["Region"] = region
instance["InstanceName"] = getInstanceName(instance)
instance["AccountId"] = accountId
instances.append(instance)
# return list of instances
return instances
def getAllIAMData(roleArn=None):
"""
This function gets all user, group, policy, and role data
from IAM and returns a dict of 4 lists containing this information.
If a roleArn is provided, that role is assumed before monitoring.
"""
session = getSession(roleArn) # if no arn, the base boto3 session is used
accountId = getAccountId(session)
# define lists to hold each of the 4 types of iam data
userDetails, groupDetails, roleDetails, policyDetails = [], [], [], []
# get paginated iam data
iamClient = session.client('iam')
authDetails = iamClient.get_account_authorization_details()
while True:
userDetails.extend(authDetails['UserDetailList'])
groupDetails.extend(authDetails['GroupDetailList'])
roleDetails.extend(authDetails['RoleDetailList'])
policyDetails.extend(authDetails['Policies'])
# break the loop if there are no more results
if not authDetails['IsTruncated']:
break
# fetch next results
authDetails = iamClient.get_account_authorization_details(
Marker=authDetails['Marker'])
# add MFA data for each user
for user in userDetails:
user['MFADevices'] = iamClient.list_mfa_devices(
UserName=user['UserName'])['MFADevices']
# add account id to each detail
for detail in userDetails:
detail['AccountId'] = accountId
for detail in groupDetails:
detail['AccountId'] = accountId
for detail in roleDetails:
detail['AccountId'] = accountId
for detail in policyDetails:
detail['AccountId'] = accountId
# return iam data
return {
'users': userDetails,
'groups': groupDetails,
'roles': roleDetails,
'policies': policyDetails
}
def getAllSecurityGroups(roleArn=None):
"""
This function grabs each security group from each region and returns
a list of the security groups.
If a roleArn is provided, the role is assumed before monitoring
"""
session = getSession(roleArn) # defaults to local aws account if arn is None
accountId = getAccountId(session)
# get list of all groups in each region
securityGroups = []
regions = session.client('ec2').describe_regions()['Regions']
for region in regions:
ec2 = session.client('ec2', region_name=region['RegionName'])
for group in ec2.describe_security_groups()['SecurityGroups']:
group["Region"] = region
group["AccountId"] = accountId
securityGroups.append(group)
# return list of groups
return securityGroups