def __init__(self, name, search_path=None):
if not search_path:
search_path = "./auditors/aws"
self.name = name
self.plugin_base = PluginBase(package="electriceye")
# each check must be decorated with the @registry.register_check("cache_name")
# to be discovered during plugin loading.
self.registry = CheckRegister()
# vendor specific credentials dictionary
sts = boto3.client("sts")
self.awsAccountId = sts.get_caller_identity()["Account"]
self.awsRegion = os.environ.get("AWS_REGION", sts.meta.region_name)
self.awsPartition = "aws"
if self.awsRegion in ["us-gov-east-1", "us-gov-west-1"]:
self.awsPartition = "aws-us-gov"
# If there is a desire to add support for multiple clouds, this would be
# a great place to implement it.
self.source = self.plugin_base.make_plugin_source(
searchpath=[get_path(search_path)], identifier=self.name)
# ElectricEye is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with ElectricEye.
# If not, see https://github.com/jonrau1/ElectricEye/blob/master/LICENSE.
import datetime
from dateutil import parser
import boto3
from check_register import CheckRegister
registry = CheckRegister()
sqs = boto3.client("sqs")
cloudwatch = boto3.client("cloudwatch")
@registry.register_check("sqs")
def sqs_old_message_check(cache: dict, awsAccountId: str, awsRegion: str,
awsPartition: str) -> dict:
response = sqs.list_queues()
iso8601Time = datetime.datetime.now(datetime.timezone.utc).isoformat()
for queueUrl in response["QueueUrls"]:
queueName = queueUrl.rsplit("/", 1)[-1]
attributes = sqs.get_queue_attributes(
QueueUrl=queueUrl,
AttributeNames=["MessageRetentionPeriod", "QueueArn"])
messageRetention = attributes["Attributes"]["MessageRetentionPeriod"]