def connect_elb(self):
'''
Connect to ELB
'''
try:
for reg in elb.regions():
if(reg.name == os.environ['AWS_DEFAULT_REGION']):
return elb.connect_to_region(reg.name)
return None
except Exception as e:
print "%s" % e
exit(-1)
def connect_elb(self):
'''
Connect to ELB
'''
try:
for reg in elb.regions():
if (reg.name == os.environ['AWS_DEFAULT_REGION']):
return elb.connect_to_region(reg.name)
return None
except Exception as e:
print "%s" % e
exit(-1)
def elb_connection(self):
"""(:class:`boto.ec2.elb.ELBConnection`) The ELB connection."""
ec2 = self.app.ec2_connection
region = next(r for r in regions() if r.name == ec2.region.name)
return ELBConnection(
aws_access_key_id=ec2.provider.access_key,
aws_secret_access_key=ec2.provider.secret_key,
is_secure=ec2.is_secure, port=ec2.port,
proxy=ec2.proxy, proxy_port=ec2.proxy_port,
proxy_user=ec2.proxy_user, proxy_pass=ec2.proxy_pass,
debug=ec2.debug, region=region,
security_token=ec2.provider.security_token,
validate_certs=ec2.https_validate_certificates
)
def slurp(self):
"""
:returns: item_list - list of ELB's.
:returns: exception_map - A dict where the keys are a tuple containing the
location of the exception and the value is the actual exception
"""
from security_monkey.common.sts_connect import connect
item_list = []
exception_map = {}
for account in self.accounts:
for region in regions():
app.logger.debug("Checking {}/{}/{}".format(self.index, account, region.name))
elb_conn = connect(account, 'elb', region=region.name)
try:
all_elbs = elb_conn.get_all_load_balancers()
except Exception as e:
if region.name not in TROUBLE_REGIONS:
exc = BotoConnectionIssue(str(e), self.index, account, region.name)
self.slurp_exception((self.index, account, region.name), exc, exception_map)
continue
app.logger.debug("Found {} {}".format(len(all_elbs), self.i_am_plural))
for elb in all_elbs:
### Check if this ELB is on the Ignore List ###
ignore_item = False
for ignore_item_name in IGNORE_PREFIX[self.index]:
if elb.name.lower().startswith(ignore_item_name.lower()):
ignore_item = True
break
if ignore_item:
continue
elb_map = {}
elb_map['availability_zones'] = list(elb.availability_zones)
elb_map['canonical_hosted_zone_name'] = elb.canonical_hosted_zone_name
elb_map['canonical_hosted_zone_name_id'] = elb.canonical_hosted_zone_name_id
elb_map['dns_name'] = elb.dns_name
elb_map['health_check'] = {'target': elb.health_check.target, 'interval': elb.health_check.interval}
elb_map['is_cross_zone_load_balancing'] = elb.is_cross_zone_load_balancing()
elb_map['scheme'] = elb.scheme
elb_map['security_groups'] = list(elb.security_groups)
elb_map['source_security_group'] = elb.source_security_group.name
elb_map['subnets'] = list(elb.subnets)
elb_map['vpc_id'] = elb.vpc_id
backends = []
for be in elb.backends:
backend = {}
backend['instance_port'] = be.instance_port
policies = []
for bepol in be.policies:
policies.append(bepol.policy_name)
backend['policies'] = policies
backends.append(backend)
elb_map['backends'] = backends
listeners = []
for li in elb.listeners:
listener = {}
listener['load_balancer_port'] = li.load_balancer_port
listener['instance_port'] = li.instance_port
listener['protocol'] = li.protocol
listener['instance_protocol'] = li.instance_protocol
listener['ssl_certificate_id'] = li.ssl_certificate_id
policies = []
for lipol in li.policy_names:
policies.append(lipol)
listener['policy_names'] = policies
listeners.append(listener)
elb_map['listeners'] = listeners
policies = {}
app_cookie_stickiness_policies = []
for policy in elb.policies.app_cookie_stickiness_policies:
app_cookie_stickiness_policy = {}
app_cookie_stickiness_policy['policy_name'] = policy.policy_name
app_cookie_stickiness_policy['cookie_name'] = policy.cookie_name
app_cookie_stickiness_policies.append(app_cookie_stickiness_policy)
policies['app_cookie_stickiness_policies'] = app_cookie_stickiness_policies
lb_cookie_stickiness_policies = []
for policy in elb.policies.lb_cookie_stickiness_policies:
lb_cookie_stickiness_policy = {}
lb_cookie_stickiness_policy['policy_name'] = policy.policy_name
lb_cookie_stickiness_policy['cookie_expiration_period'] = policy.cookie_expiration_period
lb_cookie_stickiness_policies.append(lb_cookie_stickiness_policy)
policies['lb_cookie_stickiness_policies'] = lb_cookie_stickiness_policies
policies['other_policies'] = []
for opol in elb.policies.other_policies:
policies['other_policies'].append(opol.policy_name)
elb_map['policies'] = policies
item = ELBItem(region=region.name, account=account, name=elb.name, config=elb_map)
item_list.append(item)
return item_list, exception_map
def slurp(self):
"""
:returns: item_list - list of ELB's.
:returns: exception_map - A dict where the keys are a tuple containing the
location of the exception and the value is the actual exception
"""
self.prep_for_slurp()
from security_monkey.common.sts_connect import connect
item_list = []
exception_map = {}
for account in self.accounts:
self._setup_botocore(account)
for region in regions():
app.logger.debug("Checking {}/{}/{}".format(self.index, account, region.name))
elb_conn = connect(account, 'ec2.elb', region=region.name)
botocore_client = self.botocore_session.create_client('elb', region_name=region.name)
botocore_operation = botocore_client.describe_load_balancer_policies
try:
all_elbs = []
marker = None
while True:
response = self.wrap_aws_rate_limited_call(
elb_conn.get_all_load_balancers,
marker=marker
)
# build our elb list
all_elbs.extend(response)
# ensure that we get every elb
if response.next_marker:
marker = response.next_marker
else:
break
except Exception as e:
if region.name not in TROUBLE_REGIONS:
exc = BotoConnectionIssue(str(e), self.index, account, region.name)
self.slurp_exception((self.index, account, region.name), exc, exception_map)
continue
app.logger.debug("Found {} {}".format(len(all_elbs), self.i_am_plural))
for elb in all_elbs:
if self.check_ignore_list(elb.name):
continue
try:
elb_map = {}
elb_map['availability_zones'] = list(elb.availability_zones)
elb_map['canonical_hosted_zone_name'] = elb.canonical_hosted_zone_name
elb_map['canonical_hosted_zone_name_id'] = elb.canonical_hosted_zone_name_id
elb_map['dns_name'] = elb.dns_name
elb_map['health_check'] = {'target': elb.health_check.target, 'interval': elb.health_check.interval}
elb_map['is_cross_zone_load_balancing'] = self.wrap_aws_rate_limited_call(
elb.is_cross_zone_load_balancing
)
elb_map['scheme'] = elb.scheme
elb_map['security_groups'] = list(elb.security_groups)
elb_map['source_security_group'] = elb.source_security_group.name
elb_map['subnets'] = list(elb.subnets)
elb_map['vpc_id'] = elb.vpc_id
elb_map['is_logging'] = self.wrap_aws_rate_limited_call(
lambda: elb.get_attributes().access_log.enabled
)
backends = []
for be in elb.backends:
backend = {}
backend['instance_port'] = be.instance_port
policies = []
for bepol in be.policies:
policies.append(bepol.policy_name)
backend['policies'] = policies
backends.append(backend)
elb_map['backends'] = backends
elb_policies = self._get_listener_policies(botocore_operation, elb)
listeners = []
for li in elb.listeners:
listener = {
'load_balancer_port': li.load_balancer_port,
'instance_port': li.instance_port,
'protocol': li.protocol,
'instance_protocol': li.instance_protocol,
'ssl_certificate_id': li.ssl_certificate_id,
'policies': [elb_policies.get(policy_name, {"name": policy_name}) for policy_name in li.policy_names]
}
listeners.append(listener)
elb_map['listeners'] = listeners
policies = {}
app_cookie_stickiness_policies = []
for policy in elb.policies.app_cookie_stickiness_policies:
app_cookie_stickiness_policy = {}
app_cookie_stickiness_policy['policy_name'] = policy.policy_name
app_cookie_stickiness_policy['cookie_name'] = policy.cookie_name
app_cookie_stickiness_policies.append(app_cookie_stickiness_policy)
policies['app_cookie_stickiness_policies'] = app_cookie_stickiness_policies
lb_cookie_stickiness_policies = []
for policy in elb.policies.lb_cookie_stickiness_policies:
lb_cookie_stickiness_policy = {}
lb_cookie_stickiness_policy['policy_name'] = policy.policy_name
lb_cookie_stickiness_policy['cookie_expiration_period'] = policy.cookie_expiration_period
lb_cookie_stickiness_policies.append(lb_cookie_stickiness_policy)
policies['lb_cookie_stickiness_policies'] = lb_cookie_stickiness_policies
policies['other_policies'] = []
for opol in elb.policies.other_policies:
policies['other_policies'].append(opol.policy_name)
elb_map['policies'] = policies
item = ELBItem(region=region.name, account=account, name=elb.name, config=elb_map)
item_list.append(item)
except Exception as e:
self.slurp_exception((self.index, account, region.name, elb.name), e, exception_map)
continue
return item_list, exception_map
def regions(self, *args, **kwargs):
return elb.regions(*args, **kwargs)
def slurp(self):
"""
:returns: item_list - list of ELB's.
:returns: exception_map - A dict where the keys are a tuple containing the
location of the exception and the value is the actual exception
"""
from security_monkey.common.sts_connect import connect
item_list = []
exception_map = {}
for account in self.accounts:
for region in regions():
app.logger.debug("Checking {}/{}/{}".format(
self.index, account, region.name))
elb_conn = connect(account, 'elb', region=region.name)
try:
all_elbs = []
marker = None
while True:
response = self.wrap_aws_rate_limited_call(
elb_conn.get_all_load_balancers, marker=marker)
# build our elb list
all_elbs.extend(response)
# ensure that we get every elb
if response.next_marker:
marker = response.next_marker
else:
break
except Exception as e:
if region.name not in TROUBLE_REGIONS:
exc = BotoConnectionIssue(str(e), self.index, account,
region.name)
self.slurp_exception(
(self.index, account, region.name), exc,
exception_map)
continue
app.logger.debug("Found {} {}".format(len(all_elbs),
self.i_am_plural))
for elb in all_elbs:
### Check if this ELB is on the Ignore List ###
ignore_item = False
for ignore_item_name in IGNORE_PREFIX[self.index]:
if elb.name.lower().startswith(
ignore_item_name.lower()):
ignore_item = True
break
if ignore_item:
continue
elb_map = {}
elb_map['availability_zones'] = list(
elb.availability_zones)
elb_map[
'canonical_hosted_zone_name'] = elb.canonical_hosted_zone_name
elb_map[
'canonical_hosted_zone_name_id'] = elb.canonical_hosted_zone_name_id
elb_map['dns_name'] = elb.dns_name
elb_map['health_check'] = {
'target': elb.health_check.target,
'interval': elb.health_check.interval
}
elb_map[
'is_cross_zone_load_balancing'] = self.wrap_aws_rate_limited_call(
elb.is_cross_zone_load_balancing)
elb_map['scheme'] = elb.scheme
elb_map['security_groups'] = list(elb.security_groups)
elb_map[
'source_security_group'] = elb.source_security_group.name
elb_map['subnets'] = list(elb.subnets)
elb_map['vpc_id'] = elb.vpc_id
backends = []
for be in elb.backends:
backend = {}
backend['instance_port'] = be.instance_port
policies = []
for bepol in be.policies:
policies.append(bepol.policy_name)
backend['policies'] = policies
backends.append(backend)
elb_map['backends'] = backends
listeners = []
for li in elb.listeners:
listener = {}
listener['load_balancer_port'] = li.load_balancer_port
listener['instance_port'] = li.instance_port
listener['protocol'] = li.protocol
listener['instance_protocol'] = li.instance_protocol
listener['ssl_certificate_id'] = li.ssl_certificate_id
policies = []
for lipol in li.policy_names:
policies.append(lipol)
listener['policy_names'] = policies
listeners.append(listener)
elb_map['listeners'] = listeners
policies = {}
app_cookie_stickiness_policies = []
for policy in elb.policies.app_cookie_stickiness_policies:
app_cookie_stickiness_policy = {}
app_cookie_stickiness_policy[
'policy_name'] = policy.policy_name
app_cookie_stickiness_policy[
'cookie_name'] = policy.cookie_name
app_cookie_stickiness_policies.append(
app_cookie_stickiness_policy)
policies[
'app_cookie_stickiness_policies'] = app_cookie_stickiness_policies
lb_cookie_stickiness_policies = []
for policy in elb.policies.lb_cookie_stickiness_policies:
lb_cookie_stickiness_policy = {}
lb_cookie_stickiness_policy[
'policy_name'] = policy.policy_name
lb_cookie_stickiness_policy[
'cookie_expiration_period'] = policy.cookie_expiration_period
lb_cookie_stickiness_policies.append(
lb_cookie_stickiness_policy)
policies[
'lb_cookie_stickiness_policies'] = lb_cookie_stickiness_policies
policies['other_policies'] = []
for opol in elb.policies.other_policies:
policies['other_policies'].append(opol.policy_name)
elb_map['policies'] = policies
item = ELBItem(region=region.name,
account=account,
name=elb.name,
config=elb_map)
item_list.append(item)
return item_list, exception_map
def regions(self, *args, **kwargs):
return elb.regions(*args, **kwargs)
def get_elb_regions():
region_objects = elb.regions()
regions = [region_object.name for region_object in region_objects]
return regions
def slurp(self):
"""
:returns: item_list - list of ELB's.
:returns: exception_map - A dict where the keys are a tuple containing the
location of the exception and the value is the actual exception
"""
self.prep_for_slurp()
from security_monkey.common.sts_connect import connect
item_list = []
exception_map = {}
for account in self.accounts:
self._setup_botocore(account)
for region in regions():
app.logger.debug("Checking {}/{}/{}".format(self.index, account, region.name))
elb_conn = connect(account, "elb", region=region.name)
botocore_endpoint = self.botocore_elb.get_endpoint(region.name)
try:
all_elbs = []
marker = None
while True:
response = self.wrap_aws_rate_limited_call(elb_conn.get_all_load_balancers, marker=marker)
# build our elb list
all_elbs.extend(response)
# ensure that we get every elb
if response.next_marker:
marker = response.next_marker
else:
break
except Exception as e:
if region.name not in TROUBLE_REGIONS:
exc = BotoConnectionIssue(str(e), self.index, account, region.name)
self.slurp_exception((self.index, account, region.name), exc, exception_map)
continue
app.logger.debug("Found {} {}".format(len(all_elbs), self.i_am_plural))
for elb in all_elbs:
if self.check_ignore_list(elb.name):
continue
elb_map = {}
elb_map["availability_zones"] = list(elb.availability_zones)
elb_map["canonical_hosted_zone_name"] = elb.canonical_hosted_zone_name
elb_map["canonical_hosted_zone_name_id"] = elb.canonical_hosted_zone_name_id
elb_map["dns_name"] = elb.dns_name
elb_map["health_check"] = {"target": elb.health_check.target, "interval": elb.health_check.interval}
elb_map["is_cross_zone_load_balancing"] = self.wrap_aws_rate_limited_call(
elb.is_cross_zone_load_balancing
)
elb_map["scheme"] = elb.scheme
elb_map["security_groups"] = list(elb.security_groups)
elb_map["source_security_group"] = elb.source_security_group.name
elb_map["subnets"] = list(elb.subnets)
elb_map["vpc_id"] = elb.vpc_id
backends = []
for be in elb.backends:
backend = {}
backend["instance_port"] = be.instance_port
policies = []
for bepol in be.policies:
policies.append(bepol.policy_name)
backend["policies"] = policies
backends.append(backend)
elb_map["backends"] = backends
elb_policies = self._get_listener_policies(elb, botocore_endpoint)
listeners = []
for li in elb.listeners:
listener = {
"load_balancer_port": li.load_balancer_port,
"instance_port": li.instance_port,
"protocol": li.protocol,
"instance_protocol": li.instance_protocol,
"ssl_certificate_id": li.ssl_certificate_id,
"policies": [
elb_policies.get(policy_name, {"name": policy_name}) for policy_name in li.policy_names
],
}
listeners.append(listener)
elb_map["listeners"] = listeners
policies = {}
app_cookie_stickiness_policies = []
for policy in elb.policies.app_cookie_stickiness_policies:
app_cookie_stickiness_policy = {}
app_cookie_stickiness_policy["policy_name"] = policy.policy_name
app_cookie_stickiness_policy["cookie_name"] = policy.cookie_name
app_cookie_stickiness_policies.append(app_cookie_stickiness_policy)
policies["app_cookie_stickiness_policies"] = app_cookie_stickiness_policies
lb_cookie_stickiness_policies = []
for policy in elb.policies.lb_cookie_stickiness_policies:
lb_cookie_stickiness_policy = {}
lb_cookie_stickiness_policy["policy_name"] = policy.policy_name
lb_cookie_stickiness_policy["cookie_expiration_period"] = policy.cookie_expiration_period
lb_cookie_stickiness_policies.append(lb_cookie_stickiness_policy)
policies["lb_cookie_stickiness_policies"] = lb_cookie_stickiness_policies
policies["other_policies"] = []
for opol in elb.policies.other_policies:
policies["other_policies"].append(opol.policy_name)
elb_map["policies"] = policies
item = ELBItem(region=region.name, account=account, name=elb.name, config=elb_map)
item_list.append(item)
return item_list, exception_map