def getAllV2ELBs(roleArn=None):
"""
This function grabs each v2 elb from each region and returns
a list of them.
If a roleArn is provided, that role is assumed before monitoring
"""
session = getSession(
roleArn) # defaults to local session if roleArn is None
accountId = getAccountId(session)
# get list of all load balancers in each region
elbs = []
regions = session.client('ec2').describe_regions()['Regions']
for region in regions:
elbClient = session.client('elbv2', region_name=region['RegionName'])
for elb in elbClient.describe_load_balancers()['LoadBalancers']:
# add additional data
elb["Region"] = region
elb["AccountId"] = accountId
# add listeners to see which SSL policies are attached to this elb
elbArn = elb['LoadBalancerArn']
listeners = elbClient.describe_listeners(LoadBalancerArn=elbArn)
elb["Listeners"] = listeners # add listeners as feild in the ELB
elbs.append(elb)
# return list of load balancers
return elbs
def getAllInstances(roleArn=None):
"""
This method returns a list containing each
ec2 instance from each region in the current AWS account.
If a roleArn is provided, that role is assumed and instances
are retreived from that role's AWS account
"""
session = getSession(roleArn) # if None, the base boto3 session is used
regions = session.client('ec2').describe_regions()['Regions']
accountId = getAccountId(session)
# get list of all instances in each region
instances = []
for region in regions:
reservations = session.client('ec2', region_name=region['RegionName']
).describe_instances()["Reservations"]
for reservation in reservations:
for instance in reservation['Instances']:
instance["Region"] = region
instance["InstanceName"] = getInstanceName(instance)
instance["AccountId"] = accountId
instances.append(instance)
# return list of instances
return instances
def getAllV1ELBs(roleArn=None):
"""
This function grabs each classic elb from each region and returns
a list of them.
If a roleArn is provided, that role is assumed before monitoring
"""
session = getSession(
roleArn) # defaults to local session if roleArn is None
accountId = getAccountId(session)
# get list of all load balancers in each region
elbs = []
regions = session.client('ec2').describe_regions()['Regions']
for region in regions:
elbClient = session.client('elb', region_name=region['RegionName'])
for elb in elbClient.describe_load_balancers(
)['LoadBalancerDescriptions']:
# add data before adding elb to list of elbs
elb["Region"] = region
elb["AccountId"] = accountId
elbs.append(elb)
# return list of load balancers
return elbs
def monitor(event, context):
"""
This method looks for iam data and reports 4 different
kinds of data into 4 different JSON files stored in s3
"""
arns = parseArnsString(READER_ROLE_ARNS)
# gather iamData
iamData = getAllIAMData()
for arn in arns:
additionalIamData = getAllIAMData(arn)
iamData['users'] += additionalIamData['users']
iamData['groups'] += additionalIamData['groups']
iamData['roles'] += additionalIamData['roles']
iamData['policies'] += additionalIamData['policies']
# report each type of data
s3Client = getSession().resource("s3")
reportName = datetime.datetime.utcnow().isoformat(
) + '.json' # same report name for each data type
for typeOfIamData in iamData:
# get s3 key and body
key = S3_MONITORING_PATH + f"/{typeOfIamData}/" + reportName
body = json.dumps(iamData[typeOfIamData],
default=datetimeSerializer).encode("utf-8")
# save to s3
logger.info(
f"creating new monitoring report at s3://{S3_BUCKET_NAME}/{key}")
s3Client.Bucket(S3_BUCKET_NAME).put_object(Key=key, Body=body)
return "finished monitoring."
def monitor(event, context):
"""
This method looks for security groups and reports
any found groups to a json file in s3.
"""
arns = parseArnsString(READER_ROLE_ARNS)
# get groups
groups = getAllSecurityGroups() # defaults to current account
for arn in arns:
groups += getAllSecurityGroups(arn)
if len(groups) is 0:
logger.warning("no security groups found")
return
# get s3 key and body
key = S3_MONITORING_PATH + '/' + datetime.datetime.utcnow().isoformat(
) + '.json'
body = json.dumps(groups, default=datetimeSerializer).encode("utf-8")
# save to s3
logger.info(
f"creating new monitoring report at s3://{S3_BUCKET_NAME}/{key}")
s3 = getSession().resource("s3")
s3.Bucket(S3_BUCKET_NAME).put_object(Key=key, Body=body)
return "finished monitoring."
def monitor(event, context):
"""
This method looks for elastic load balancers and reports
any found elbs to a json file in s3.
"""
arns = parseArnsString(READER_ROLE_ARNS)
# get elbs
v1ELBs = getAllV1ELBs()
v2ELBs = getAllV2ELBs()
elbs = [] + v1ELBs + v2ELBs
for arn in arns:
elbs += getAllV1ELBs(arn) + getAllV2ELBs(arn)
if len(elbs) is 0:
logger.warning("no elastic load balancers found")
return
# get s3 key and body
key = S3_MONITORING_PATH + '/' + datetime.datetime.utcnow().isoformat(
) + '.json'
body = json.dumps(elbs, default=datetimeSerializer).encode("utf-8")
# save to s3
logger.info(
f"creating new monitoring report at s3://{S3_BUCKET_NAME}/{key}")
s3 = getSession().resource("s3")
s3.Bucket(S3_BUCKET_NAME).put_object(Key=key, Body=body)
return "finished monitoring."
def getAllIAMData(roleArn=None):
"""
This function gets all user, group, policy, and role data
from IAM and returns a dict of 4 lists containing this information.
If a roleArn is provided, that role is assumed before monitoring.
"""
session = getSession(roleArn) # if no arn, the base boto3 session is used
accountId = getAccountId(session)
# define lists to hold each of the 4 types of iam data
userDetails, groupDetails, roleDetails, policyDetails = [], [], [], []
# get paginated iam data
iamClient = session.client('iam')
authDetails = iamClient.get_account_authorization_details()
while True:
userDetails.extend(authDetails['UserDetailList'])
groupDetails.extend(authDetails['GroupDetailList'])
roleDetails.extend(authDetails['RoleDetailList'])
policyDetails.extend(authDetails['Policies'])
# break the loop if there are no more results
if not authDetails['IsTruncated']:
break
# fetch next results
authDetails = iamClient.get_account_authorization_details(
Marker=authDetails['Marker'])
# add MFA data for each user
for user in userDetails:
user['MFADevices'] = iamClient.list_mfa_devices(
UserName=user['UserName'])['MFADevices']
# add account id to each detail
for detail in userDetails:
detail['AccountId'] = accountId
for detail in groupDetails:
detail['AccountId'] = accountId
for detail in roleDetails:
detail['AccountId'] = accountId
for detail in policyDetails:
detail['AccountId'] = accountId
# return iam data
return {
'users': userDetails,
'groups': groupDetails,
'roles': roleDetails,
'policies': policyDetails
}
def getAllSecurityGroups(roleArn=None):
"""
This function grabs each security group from each region and returns
a list of the security groups.
If a roleArn is provided, the role is assumed before monitoring
"""
session = getSession(roleArn) # defaults to local aws account if arn is None
accountId = getAccountId(session)
# get list of all groups in each region
securityGroups = []
regions = session.client('ec2').describe_regions()['Regions']
for region in regions:
ec2 = session.client('ec2', region_name=region['RegionName'])
for group in ec2.describe_security_groups()['SecurityGroups']:
group["Region"] = region
group["AccountId"] = accountId
securityGroups.append(group)
# return list of groups
return securityGroups
if received >= total:
try: in_progress.pop(filename)
except: pass
return
percentage = math.trunc(received / total * 10000) / 100;
progress_message= "{0} % ({1} / {2})".format(percentage, received, total)
in_progress[filename] = progress_message
currentTime=time.time()
if (currentTime - lastUpdate) > updateFrequency:
await log_reply(message, progress_message)
lastUpdate=currentTime
with TelegramClient(getSession(), api_id, api_hash,
proxy=proxy).start() as client:
saveSession(client.session)
queue = asyncio.Queue()
peerChannel = PeerChannel(channel_id)
@client.on(events.NewMessage())
async def handler(event):
if event.to_id != peerChannel:
return
print(event)
