def __init__(self):
self.__cfg = ConfigMgr()
self.__bucket_name = self.__cfg.get_parameter("Instances", "NamingPrefix")
self.__bucket_unique_id = EnvironmentVariables.get_storage_unique_id(self.__bucket_name)
self.__bucket_policy_path = self.__cfg.get_parameter("Instances", "BucketPolicyPath")
self.__current_instance_name = EnvironmentVariables.get_current_instance_name()
credentials = EnvironmentVariables.get_instance_credentials().split(" ")
self.__s3 = S3Connection(aws_access_key_id=credentials[0], aws_secret_access_key=credentials[1], security_token=credentials[2])
def __init__(self):
self.__cfg = ConfigMgr()
self.__iam_strict_policy_path = self.__cfg.get_parameter("Instances", "IAMStrictPolicyPath")
self.__prefix_name = self.__cfg.get_parameter("Instances", "NamingPrefix")
credentials = EnvironmentVariables.get_instance_credentials().split(" ")
self.__conn = IAMConnection(aws_access_key_id=credentials[0], aws_secret_access_key=credentials[1], security_token=credentials[2])
self.__iam_policy_name = "cloud-sec-policy"
def __get_bucket_policy(self):
referer_name = self.__get_referer_unique_id()
bucket_name = EnvironmentVariables.get_storage_unique_id(self.__bucket_name)
canonical_user = self.__cfg.get_parameter("Instances", "CanonicalUserId")
with open(self.__bucket_policy_path, "r") as policy_file:
bucket_policy = policy_file.read().replace('\n', '').replace('\t', '').replace('BUCKETNAME',
bucket_name).replace('REFERERNAME', referer_name).replace("CANONICALUSER",canonical_user)
return bucket_policy
def strict_dynamic_role(self, iam_role_name):
with open(self.__iam_strict_policy_path, "r") as policy_file:
bucket_unique_id = EnvironmentVariables.get_storage_unique_id(self.__prefix_name)
iam_policy_document = policy_file.read().replace("BUCKETNAME", bucket_unique_id)
self.__conn.put_role_policy(iam_role_name, self.__iam_policy_name, iam_policy_document)
def strict_current_instance_role_permissions(self):
iam = IAM()
current_role_name = EnvironmentVariables.get_current_instance_profile()
iam.strict_dynamic_role(current_role_name)
Logger.log("info", "Changed the IAM role to be more strict")
def __init__(self):
self.__cfg = ConfigMgr()
credentials = EnvironmentVariables.get_instance_credentials().split(" ")
self.__conn = boto.ec2.EC2Connection(aws_access_key_id=credentials[0], aws_secret_access_key=credentials[1], security_token=credentials[2])
self.__conn.region = EnvironmentVariables.get_current_instance_region()
self.__current_instance_name = EnvironmentVariables.get_current_instance_name()
def __get_referer_unique_id(self):
unique_string = "{}{}".format(EnvironmentVariables.get_current_instance_mac(), self.__current_instance_name)
uppercase_result = hashlib.sha512(unique_string).hexdigest()
return uppercase_result.lower()