From bab4d7bb19850557683dff9b171066fc2b2554b9 Mon Sep 17 00:00:00 2001 From: Leandro Damascena Date: Tue, 12 May 2020 22:47:22 +0100 Subject: [PATCH 1/7] Added CLOUDFORMATION check #19 --- shared/awscommands.py | 4 ++++ shared/internal/management.py | 45 +++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 shared/internal/management.py diff --git a/shared/awscommands.py b/shared/awscommands.py index e1d3cfb..d64b89f 100644 --- a/shared/awscommands.py +++ b/shared/awscommands.py @@ -7,6 +7,7 @@ from shared.internal.storage import EFS, S3POLICY from shared.internal.analytics import ELASTICSEARCH, MSK from shared.internal.application import SQSPOLICY +from shared.internal.management import CLOUDFORMATION class AwsCommands(object): @@ -55,4 +56,7 @@ def run(self): SG(self.vpc_options).run() VPCPEERING(self.vpc_options).run() VPCENDPOINT(self.vpc_options).run() + + """ Management resources """ + CLOUDFORMATION(self.vpc_options).run() \ No newline at end of file diff --git a/shared/internal/management.py b/shared/internal/management.py new file mode 100644 index 0000000..f552548 --- /dev/null +++ b/shared/internal/management.py @@ -0,0 +1,45 @@ +from shared.common import * +import json + +class CLOUDFORMATION(object): + + def __init__(self, vpc_options: VpcOptions): + self.vpc_options = vpc_options + + def run(self): + try: + client = self.vpc_options.client('cloudformation') + + response = client.describe_stacks() + + message_handler("\nChecking CLOUDFORMATION STACKS...", "HEADER") + + if len(response["Stacks"]) == 0: + message_handler("Found 0 Cloudformation Stacks in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["Stacks"]: + + template = client.get_template(StackName=data['StackName']) + + documenttemplate = template['TemplateBody'] + + document = json.dumps(documenttemplate, default=datetime_to_string) + + """ check either vpc_id or potencial subnet ip are found """ + ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) + + """ elasticsearch uses accesspolicies too, so check both situation """ + if ipvpc_found is True: + found += 1 + message = message + "\nStackName: {} -> VpcId {}".format( + data['StackName'], + self.vpc_options.vpc_id + ) + + message_handler("Found {0} Cloudformation Stacks using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + except Exception as e: + message = "Can't list Cloudformation Stacks\nError {0}".format(str(e)) + exit_critical(message) From af7b879dfbeba151aac605582d1f024f4d886301 Mon Sep 17 00:00:00 2001 From: Leandro Damascena Date: Tue, 12 May 2020 23:20:33 +0100 Subject: [PATCH 2/7] Added SYNTHETIC CANARIES check #19 --- shared/awscommands.py | 3 ++- shared/internal/management.py | 38 +++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/shared/awscommands.py b/shared/awscommands.py index d64b89f..f97fd03 100644 --- a/shared/awscommands.py +++ b/shared/awscommands.py @@ -7,7 +7,7 @@ from shared.internal.storage import EFS, S3POLICY from shared.internal.analytics import ELASTICSEARCH, MSK from shared.internal.application import SQSPOLICY -from shared.internal.management import CLOUDFORMATION +from shared.internal.management import CLOUDFORMATION, CANARIES class AwsCommands(object): @@ -59,4 +59,5 @@ def run(self): """ Management resources """ CLOUDFORMATION(self.vpc_options).run() + CANARIES(self.vpc_options).run() \ No newline at end of file diff --git a/shared/internal/management.py b/shared/internal/management.py index f552548..8f19c46 100644 --- a/shared/internal/management.py +++ b/shared/internal/management.py @@ -43,3 +43,41 @@ def run(self): except Exception as e: message = "Can't list Cloudformation Stacks\nError {0}".format(str(e)) exit_critical(message) + +class SYNTHETICSCANARIES(object): + + def __init__(self, vpc_options: VpcOptions): + self.vpc_options = vpc_options + + def run(self): + try: + client = self.vpc_options.client('synthetics') + + response = client.describe_canaries() + + message_handler("\nChecking SYNTHETICS CANARIES...", "HEADER") + + if len(response["Canaries"]) == 0: + message_handler("Found 0 Synthetic Canaries in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["Canaries"]: + + """ Check if VpcConfig is in dict """ + if "VpcConfig" in data: + + if data['VpcConfig']['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nCanariesName: {} -> VpcId {}".format( + data['Name'], + self.vpc_options.vpc_id + ) + + message_handler("Found {0} Synthetic Canaries using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + except Exception as e: + message = "Can't list Synthetic Canaries\nError {0}".format(str(e)) + exit_critical(message) + +CANARIES = SYNTHETICSCANARIES \ No newline at end of file From c49ee115f0f22398d437795c4659b7bdf904d540 Mon Sep 17 00:00:00 2001 From: Leandro Damascena Date: Wed, 13 May 2020 21:03:25 +0100 Subject: [PATCH 3/7] Addedd EMR check #6 --- shared/awscommands.py | 3 ++- shared/internal/compute.py | 41 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/shared/awscommands.py b/shared/awscommands.py index f97fd03..f85dc1f 100644 --- a/shared/awscommands.py +++ b/shared/awscommands.py @@ -2,7 +2,7 @@ from shared.internal.security import IAM, IAMPOLICY from shared.internal.network import VPC, IGW, NATGATEWAY, ELB, ELBV2, ROUTETABLE, SUBNET, NACL, SG, VPCPEERING from shared.internal.network import VPCENDPOINT -from shared.internal.compute import LAMBDA, EC2, EKS +from shared.internal.compute import LAMBDA, EC2, EKS, EMR from shared.internal.database import RDS, ELASTICACHE, DOCUMENTDB from shared.internal.storage import EFS, S3POLICY from shared.internal.analytics import ELASTICSEARCH, MSK @@ -25,6 +25,7 @@ def run(self): EC2(self.vpc_options).run() LAMBDA(self.vpc_options).run() EKS(self.vpc_options).run() + EMR(self.vpc_options).run() """ Database resources """ RDS(self.vpc_options).run() diff --git a/shared/internal/compute.py b/shared/internal/compute.py index d4aede2..eec520b 100644 --- a/shared/internal/compute.py +++ b/shared/internal/compute.py @@ -101,4 +101,45 @@ def run(self): except Exception as e: message = "Can't list EKS Clusters\nError {0}".format(str(e)) + exit_critical(message) + +class EMR(object): + + def __init__(self, vpc_options: VpcOptions): + self.vpc_options = vpc_options + + def run(self): + try: + client = self.vpc_options.client('emr') + + response = client.list_clusters() + + message_handler("\nChecking EMR CLUSTERS...", "HEADER") + + if len(response["Clusters"]) == 0: + message_handler("Found 0 EMR Clusters in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["Clusters"]: + + cluster = client.describe_cluster(ClusterId=data['Id']) + + """ Using subnet to check VPC """ + ec2 = self.vpc_options.client('ec2') + + subnets = ec2.describe_subnets(SubnetIds=[cluster['Cluster']['Ec2InstanceAttributes']['Ec2SubnetId']]) + + + if subnets['Subnets'][0]['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nClusterId: {} - VpcId {}".format( + data['Id'], + self.vpc_options.vpc_id + ) + + message_handler("Found {0} EMR Clusters using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + except Exception as e: + message = "Can't list EMR Clusters\nError {0}".format(str(e)) exit_critical(message) \ No newline at end of file From 1eff3f01c9144c7de6b3d753f891cf5bc588a424 Mon Sep 17 00:00:00 2001 From: Leandro Damascena Date: Wed, 13 May 2020 22:20:27 +0100 Subject: [PATCH 4/7] Code refactoring to use decorators to handler exceptions and avoid stop script #21 --- aws-network-discovery.py | 6 +- shared/awscommands.py | 2 +- shared/error_handler.py | 16 ++ shared/internal/analytics.py | 119 +++++---- shared/internal/application.py | 57 ++-- shared/internal/compute.py | 210 ++++++++------- shared/internal/database.py | 178 ++++++------- shared/internal/management.py | 111 ++++---- shared/internal/network.py | 467 ++++++++++++++++----------------- shared/internal/security.py | 79 +++--- shared/internal/storage.py | 114 ++++---- 11 files changed, 679 insertions(+), 680 deletions(-) create mode 100644 shared/error_handler.py diff --git a/aws-network-discovery.py b/aws-network-discovery.py index 23f0178..5dc3d25 100644 --- a/aws-network-discovery.py +++ b/aws-network-discovery.py @@ -97,4 +97,8 @@ def main(): if __name__ == "__main__": - main() \ No newline at end of file + try: + main() + except KeyboardInterrupt: + print('Finishing script...') + sys.exit(0) \ No newline at end of file diff --git a/shared/awscommands.py b/shared/awscommands.py index f85dc1f..049c7a3 100644 --- a/shared/awscommands.py +++ b/shared/awscommands.py @@ -16,7 +16,7 @@ def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options def run(self): - + """ IAM and VPC validations """ IAM(self.vpc_options).run() VPC(self.vpc_options).run() diff --git a/shared/error_handler.py b/shared/error_handler.py new file mode 100644 index 0000000..2e2566d --- /dev/null +++ b/shared/error_handler.py @@ -0,0 +1,16 @@ +import functools +from shared.common import * + +def exception(func): + """ + Decorator to catch exceptions and avoid stop script + """ + @functools.wraps(func) + def wrapper(*args, **kwargs): + try: + return func(*args, **kwargs) + except Exception as e: + message = "\nError running check {}. Error message {}".format(func.__qualname__, str(e)) + log_critical(message) + pass + return wrapper \ No newline at end of file diff --git a/shared/internal/analytics.py b/shared/internal/analytics.py index 76506d3..a070146 100644 --- a/shared/internal/analytics.py +++ b/shared/internal/analytics.py @@ -1,95 +1,94 @@ from shared.common import * import json +from shared.error_handler import exception class ELASTICSEARCH(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('es') - - response = client.list_domain_names() - - message_handler("\nChecking ELASTICSEARCH DOMAINS...", "HEADER") - if len(response["DomainNames"]) == 0: - message_handler("Found 0 Elastic Search Domains in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" - for data in response["DomainNames"]: + client = self.vpc_options.client('es') + + response = client.list_domain_names() + + message_handler("\nChecking ELASTICSEARCH DOMAINS...", "HEADER") - elasticsearch_domain = client.describe_elasticsearch_domain(DomainName=data['DomainName']) + if len(response["DomainNames"]) == 0: + message_handler("Found 0 Elastic Search Domains in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["DomainNames"]: - documentpolicy = elasticsearch_domain['DomainStatus']['AccessPolicies'] + elasticsearch_domain = client.describe_elasticsearch_domain(DomainName=data['DomainName']) - document = json.dumps(documentpolicy, default=datetime_to_string) + documentpolicy = elasticsearch_domain['DomainStatus']['AccessPolicies'] - """ check either vpc_id or potencial subnet ip are found """ - ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) + document = json.dumps(documentpolicy, default=datetime_to_string) - """ elasticsearch uses accesspolicies too, so check both situation """ - if elasticsearch_domain['DomainStatus']['VPCOptions']['VPCId'] == self.vpc_options.vpc_id \ - or ipvpc_found is True: - found += 1 - message = message + "\nDomainId: {0} - DomainName: {1} - VpcId {2}".format( - elasticsearch_domain['DomainStatus']['DomainId'], - elasticsearch_domain['DomainStatus']['DomainName'], - self.vpc_options.vpc_id - ) - message_handler("Found {0} ElasticSearch Domains using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - - except Exception as e: - message = "Can't list ElasticSearch Domains\nError {0}".format(str(e)) - exit_critical(message) + """ check either vpc_id or potencial subnet ip are found """ + ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) + + """ elasticsearch uses accesspolicies too, so check both situation """ + if elasticsearch_domain['DomainStatus']['VPCOptions']['VPCId'] == self.vpc_options.vpc_id \ + or ipvpc_found is True: + found += 1 + message = message + "\nDomainId: {0} - DomainName: {1} - VpcId {2}".format( + elasticsearch_domain['DomainStatus']['DomainId'], + elasticsearch_domain['DomainStatus']['DomainName'], + self.vpc_options.vpc_id + ) + message_handler("Found {0} ElasticSearch Domains using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True class MSK(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('kafka') - """ get all cache clusters """ - response = client.list_clusters() + client = self.vpc_options.client('kafka') + + """ get all cache clusters """ + response = client.list_clusters() - message_handler("\nChecking MSK CLUSTERS...", "HEADER") + message_handler("\nChecking MSK CLUSTERS...", "HEADER") - if len(response['ClusterInfoList']) == 0: - message_handler("Found 0 MSK Clusters in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" + if len(response['ClusterInfoList']) == 0: + message_handler("Found 0 MSK Clusters in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" - """ iterate cache clusters to get subnet groups """ - for data in response['ClusterInfoList']: + """ iterate cache clusters to get subnet groups """ + for data in response['ClusterInfoList']: - msk_subnets = ", ".join(data['BrokerNodeGroupInfo']['ClientSubnets']) + msk_subnets = ", ".join(data['BrokerNodeGroupInfo']['ClientSubnets']) - ec2 = self.vpc_options.session.resource('ec2', region_name=self.vpc_options.region_name) + ec2 = self.vpc_options.session.resource('ec2', region_name=self.vpc_options.region_name) - filters = [{'Name':'vpc-id', - 'Values':[self.vpc_options.vpc_id]}] + filters = [{'Name':'vpc-id', + 'Values':[self.vpc_options.vpc_id]}] - subnets = ec2.subnets.filter(Filters=filters) + subnets = ec2.subnets.filter(Filters=filters) - for subnet in list(subnets): + for subnet in list(subnets): - if subnet.id in msk_subnets: + if subnet.id in msk_subnets: - found += 1 - message = message + "\nClusterName: {0} - VpcId: {1}".format( - data['ClusterName'], - self.vpc_options.vpc_id - ) - break + found += 1 + message = message + "\nClusterName: {0} - VpcId: {1}".format( + data['ClusterName'], + self.vpc_options.vpc_id + ) + break - message_handler("Found {0} MSK Clusters using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} MSK Clusters using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list MSK Clusters\nError {0}".format(str(e)) - exit_critical(message) \ No newline at end of file + return True \ No newline at end of file diff --git a/shared/internal/application.py b/shared/internal/application.py index 628d35e..0d48a85 100644 --- a/shared/internal/application.py +++ b/shared/internal/application.py @@ -1,5 +1,5 @@ from concurrent.futures.thread import ThreadPoolExecutor - +from shared.error_handler import exception from shared.common import * import json @@ -9,14 +9,13 @@ class SQSPOLICY(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('sqs') - response = client.list_queues() - except Exception as e: - message = "Can't list SQS Queue Policy\nError {0}".format(str(e)) - log_critical(message) - return + + client = self.vpc_options.client('sqs') + + response = client.list_queues() + message_handler("\nChecking SQS QUEUE POLICY...", "HEADER") if "QueueUrls" not in response: @@ -34,25 +33,27 @@ def run(self): message += result[1] message_handler("Found {0} SQS Queue Policy using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + return True + + @exception def analyze_queues(self, client, queue): - try: - sqs_queue_policy = client.get_queue_attributes(QueueUrl=queue, AttributeNames=['Policy']) - if "Attributes" in sqs_queue_policy: - - """ Not sure about boto3 return """ - - documentpolicy = sqs_queue_policy['Attributes']['Policy'] - document = json.dumps(documentpolicy, default=datetime_to_string) - - """ check either vpc_id or potencial subnet ip are found """ - ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) - - if ipvpc_found is not False: - return True, "\nQueueUrl: {0} -> {1} -> VPC {2}".format( - queue, - ipvpc_found, - self.vpc_options.vpc_id - ) - except Exception as e: - log_critical(str(e)) + + sqs_queue_policy = client.get_queue_attributes(QueueUrl=queue, AttributeNames=['Policy']) + if "Attributes" in sqs_queue_policy: + + """ Not sure about boto3 return """ + + documentpolicy = sqs_queue_policy['Attributes']['Policy'] + document = json.dumps(documentpolicy, default=datetime_to_string) + + """ check either vpc_id or potencial subnet ip are found """ + ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) + + if ipvpc_found is not False: + return True, "\nQueueUrl: {0} -> {1} -> VPC {2}".format( + queue, + ipvpc_found, + self.vpc_options.vpc_id + ) + return False, None diff --git a/shared/internal/compute.py b/shared/internal/compute.py index eec520b..32ab626 100644 --- a/shared/internal/compute.py +++ b/shared/internal/compute.py @@ -1,4 +1,5 @@ from shared.common import * +from shared.error_handler import exception class LAMBDA(object): @@ -6,31 +7,31 @@ class LAMBDA(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('lambda') - - response = client.list_functions() - - message_handler("\nChecking LAMBDA FUNCTIONS...", "HEADER") - - if len(response["Functions"]) == 0: - message_handler("Found 0 Lambda Functions in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" - for data in response["Functions"]: - if 'VpcConfig' in data and data['VpcConfig']['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nFunctionName: {} -> Subnet id(s): {} -> VPC id {}".format( - data["FunctionName"], - ", ".join(data['VpcConfig']['SubnetIds']), - data['VpcConfig']['VpcId'] - ) - message_handler("Found {0} Lambda Functions using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list Lambda Functions\nError {0}".format(str(e)) - exit_critical(message) + + client = self.vpc_options.client('lambda') + + response = client.list_functions() + + message_handler("\nChecking LAMBDA FUNCTIONS...", "HEADER") + + if len(response["Functions"]) == 0: + message_handler("Found 0 Lambda Functions in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["Functions"]: + if 'VpcConfig' in data and data['VpcConfig']['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nFunctionName: {} -> Subnet id(s): {} -> VPC id {}".format( + data["FunctionName"], + ", ".join(data['VpcConfig']['SubnetIds']), + data['VpcConfig']['VpcId'] + ) + message_handler("Found {0} Lambda Functions using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True class EC2(object): @@ -38,108 +39,105 @@ class EC2(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - - client = self.vpc_options.client('ec2') - - response = client.describe_instances() - - message_handler("\nChecking EC2 Instances...", "HEADER") - - if len(response["Reservations"]) == 0: - message_handler("Found 0 EC2 Instances in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" - for data in response["Reservations"]: - for instances in data['Instances']: - if "VpcId" in instances: - if instances['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nInstanceId: {} - PrivateIpAddress: {} -> Subnet id(s): {} - VpcId {}".format( - instances["InstanceId"], - instances["PrivateIpAddress"], - instances['SubnetId'], - instances['VpcId'] - ) - message_handler("Found {0} EC2 Instances using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list EC2 Instances\nError {0}".format(str(e)) - exit_critical(message) + + client = self.vpc_options.client('ec2') + + response = client.describe_instances() + + message_handler("\nChecking EC2 Instances...", "HEADER") + + if len(response["Reservations"]) == 0: + message_handler("Found 0 EC2 Instances in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["Reservations"]: + for instances in data['Instances']: + if "VpcId" in instances: + if instances['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nInstanceId: {} - PrivateIpAddress: {} -> Subnet id(s): {} - VpcId {}".format( + instances["InstanceId"], + instances["PrivateIpAddress"], + instances['SubnetId'], + instances['VpcId'] + ) + message_handler("Found {0} EC2 Instances using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True class EKS(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('eks') - - response = client.list_clusters() - - message_handler("\nChecking EKS CLUSTERS...", "HEADER") - - if len(response["clusters"]) == 0: - message_handler("Found 0 EKS Clusters in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" - for data in response["clusters"]: - - cluster = client.describe_cluster(name=data) - - if cluster['cluster']['resourcesVpcConfig']['vpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\ncluster: {} - VpcId {}".format( - data, - self.vpc_options.vpc_id - ) - - message_handler("Found {0} EKS Clusters using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + client = self.vpc_options.client('eks') + + response = client.list_clusters() - except Exception as e: - message = "Can't list EKS Clusters\nError {0}".format(str(e)) - exit_critical(message) + message_handler("\nChecking EKS CLUSTERS...", "HEADER") + + if len(response["clusters"]) == 0: + message_handler("Found 0 EKS Clusters in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["clusters"]: + + cluster = client.describe_cluster(name=data) + + if cluster['cluster']['resourcesVpcConfig']['vpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\ncluster: {} - VpcId {}".format( + data, + self.vpc_options.vpc_id + ) + + message_handler("Found {0} EKS Clusters using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True class EMR(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('emr') - - response = client.list_clusters() - message_handler("\nChecking EMR CLUSTERS...", "HEADER") + client = self.vpc_options.client('emr') + + response = client.list_clusters() - if len(response["Clusters"]) == 0: - message_handler("Found 0 EMR Clusters in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" - for data in response["Clusters"]: + message_handler("\nChecking EMR CLUSTERS...", "HEADER") - cluster = client.describe_cluster(ClusterId=data['Id']) + if len(response["Clusters"]) == 0: + message_handler("Found 0 EMR Clusters in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["Clusters"]: - """ Using subnet to check VPC """ - ec2 = self.vpc_options.client('ec2') - - subnets = ec2.describe_subnets(SubnetIds=[cluster['Cluster']['Ec2InstanceAttributes']['Ec2SubnetId']]) + cluster = client.describe_cluster(ClusterId=data['Id']) + """ Using subnet to check VPC """ + ec2 = self.vpc_options.client('ec2') + + subnets = ec2.describe_subnets(SubnetIds=[cluster['Cluster']['Ec2InstanceAttributes']['Ec2SubnetId']]) - if subnets['Subnets'][0]['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nClusterId: {} - VpcId {}".format( - data['Id'], - self.vpc_options.vpc_id - ) - message_handler("Found {0} EMR Clusters using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - - except Exception as e: - message = "Can't list EMR Clusters\nError {0}".format(str(e)) - exit_critical(message) \ No newline at end of file + if subnets['Subnets'][0]['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nClusterId: {} - VpcId {}".format( + data['Id'], + self.vpc_options.vpc_id + ) + + message_handler("Found {0} EMR Clusters using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True \ No newline at end of file diff --git a/shared/internal/database.py b/shared/internal/database.py index 5993452..c73fced 100644 --- a/shared/internal/database.py +++ b/shared/internal/database.py @@ -1,42 +1,42 @@ from shared.common import * - +from shared.error_handler import exception class RDS(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('rds') - - response = client.describe_db_instances(Filters=[ - {'Name': 'engine', - 'Values': ['aurora','aurora-mysql','aurora-postgresql', - 'mariadb','mysql','oracle-ee','oracle-se2', - 'oracle-se1','oracle-se','postgres','sqlserver-ee', - 'sqlserver-se','sqlserver-ex','sqlserver-web'] - }]) - - message_handler("\nChecking RDS INSTANCES...", "HEADER") - - if len(response["DBInstances"]) == 0: - message_handler("Found 0 RDS Instances in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" - for data in response["DBInstances"]: - if data['DBSubnetGroup']['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nDBInstanceIdentifier: {0} - Engine: {1} - VpcId {2}".format( - data["DBInstanceIdentifier"], - data["Engine"], - data['DBSubnetGroup']['VpcId'] - ) - message_handler("Found {0} RDS Instances using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list RDS Instances\nError {0}".format(str(e)) - exit_critical(message) + + client = self.vpc_options.client('rds') + + response = client.describe_db_instances(Filters=[ + {'Name': 'engine', + 'Values': ['aurora','aurora-mysql','aurora-postgresql', + 'mariadb','mysql','oracle-ee','oracle-se2', + 'oracle-se1','oracle-se','postgres','sqlserver-ee', + 'sqlserver-se','sqlserver-ex','sqlserver-web'] + }]) + + message_handler("\nChecking RDS INSTANCES...", "HEADER") + + if len(response["DBInstances"]) == 0: + message_handler("Found 0 RDS Instances in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["DBInstances"]: + if data['DBSubnetGroup']['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nDBInstanceIdentifier: {0} - Engine: {1} - VpcId {2}".format( + data["DBInstanceIdentifier"], + data["Engine"], + data['DBSubnetGroup']['VpcId'] + ) + message_handler("Found {0} RDS Instances using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True class ELASTICACHE(object): @@ -44,38 +44,38 @@ class ELASTICACHE(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('elasticache') - - """ get all cache clusters """ - response = client.describe_cache_clusters() - - message_handler("\nChecking ELASTICACHE CLUSTERS...", "HEADER") - if len(response['CacheClusters']) == 0: - message_handler("Found 0 Elasticache Clusters in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" + client = self.vpc_options.client('elasticache') + + """ get all cache clusters """ + response = client.describe_cache_clusters() + + message_handler("\nChecking ELASTICACHE CLUSTERS...", "HEADER") - """ iterate cache clusters to get subnet groups """ - for data in response['CacheClusters']: + if len(response['CacheClusters']) == 0: + message_handler("Found 0 Elasticache Clusters in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" - cachesubnet = client.describe_cache_subnet_groups(CacheSubnetGroupName=data['CacheSubnetGroupName']) + """ iterate cache clusters to get subnet groups """ + for data in response['CacheClusters']: - if cachesubnet['CacheSubnetGroups'][0]['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nCacheClusterId: {0} - CacheSubnetGroupName: {1} - Engine: {2} - VpcId: {3}".format( - data["CacheClusterId"], - data["CacheSubnetGroupName"], - data["Engine"], - cachesubnet['CacheSubnetGroups'][0]['VpcId'] - ) - message_handler("Found {0} Elasticache Clusters using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list Elasticache Clusters\nError {0}".format(str(e)) - exit_critical(message) + cachesubnet = client.describe_cache_subnet_groups(CacheSubnetGroupName=data['CacheSubnetGroupName']) + + if cachesubnet['CacheSubnetGroups'][0]['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nCacheClusterId: {0} - CacheSubnetGroupName: {1} - Engine: {2} - VpcId: {3}".format( + data["CacheClusterId"], + data["CacheSubnetGroupName"], + data["Engine"], + cachesubnet['CacheSubnetGroups'][0]['VpcId'] + ) + message_handler("Found {0} Elasticache Clusters using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True class DOCUMENTDB(object): @@ -83,35 +83,35 @@ class DOCUMENTDB(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('docdb') - - response = client.describe_db_instances(Filters=[ - {'Name': 'engine', - 'Values': ['docdb'] - }]) - - message_handler("\nChecking DOCUMENTDB INSTANCES...", "HEADER") - - if len(response['DBInstances']) == 0: - message_handler("Found 0 DocumentoDB Instances in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" - - """ iterate cache clusters to get subnet groups """ - for data in response['DBInstances']: - - if data['DBSubnetGroup']['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nDBInstanceIdentifier: {0} - DBInstanceClass: {1} - Engine: {2} - VpcId: {3}".format( - data['DBInstanceIdentifier'], - data["DBInstanceClass"], - data["Engine"], - self.vpc_options.vpc_id - ) - message_handler("Found {0} DocumentoDB Instances using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list DocumentoDB Instances\nError {0}".format(str(e)) - exit_critical(message) \ No newline at end of file + + client = self.vpc_options.client('docdb') + + response = client.describe_db_instances(Filters=[ + {'Name': 'engine', + 'Values': ['docdb'] + }]) + + message_handler("\nChecking DOCUMENTDB INSTANCES...", "HEADER") + + if len(response['DBInstances']) == 0: + message_handler("Found 0 DocumentoDB Instances in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + + """ iterate cache clusters to get subnet groups """ + for data in response['DBInstances']: + + if data['DBSubnetGroup']['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nDBInstanceIdentifier: {0} - DBInstanceClass: {1} - Engine: {2} - VpcId: {3}".format( + data['DBInstanceIdentifier'], + data["DBInstanceClass"], + data["Engine"], + self.vpc_options.vpc_id + ) + message_handler("Found {0} DocumentoDB Instances using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True \ No newline at end of file diff --git a/shared/internal/management.py b/shared/internal/management.py index 8f19c46..398eee9 100644 --- a/shared/internal/management.py +++ b/shared/internal/management.py @@ -1,83 +1,82 @@ from shared.common import * import json +from shared.error_handler import exception class CLOUDFORMATION(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('cloudformation') - - response = client.describe_stacks() - - message_handler("\nChecking CLOUDFORMATION STACKS...", "HEADER") - if len(response["Stacks"]) == 0: - message_handler("Found 0 Cloudformation Stacks in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" - for data in response["Stacks"]: + client = self.vpc_options.client('cloudformation') + + response = client.describe_stacks() + + message_handler("\nChecking CLOUDFORMATION STACKS...", "HEADER") - template = client.get_template(StackName=data['StackName']) + if len(response["Stacks"]) == 0: + message_handler("Found 0 Cloudformation Stacks in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["Stacks"]: - documenttemplate = template['TemplateBody'] + template = client.get_template(StackName=data['StackName']) - document = json.dumps(documenttemplate, default=datetime_to_string) + documenttemplate = template['TemplateBody'] - """ check either vpc_id or potencial subnet ip are found """ - ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) + document = json.dumps(documenttemplate, default=datetime_to_string) - """ elasticsearch uses accesspolicies too, so check both situation """ - if ipvpc_found is True: - found += 1 - message = message + "\nStackName: {} -> VpcId {}".format( - data['StackName'], - self.vpc_options.vpc_id - ) + """ check either vpc_id or potencial subnet ip are found """ + ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) + + """ elasticsearch uses accesspolicies too, so check both situation """ + if ipvpc_found is True: + found += 1 + message = message + "\nStackName: {} -> VpcId {}".format( + data['StackName'], + self.vpc_options.vpc_id + ) - message_handler("Found {0} Cloudformation Stacks using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} Cloudformation Stacks using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list Cloudformation Stacks\nError {0}".format(str(e)) - exit_critical(message) + return True class SYNTHETICSCANARIES(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('synthetics') - - response = client.describe_canaries() - - message_handler("\nChecking SYNTHETICS CANARIES...", "HEADER") - - if len(response["Canaries"]) == 0: - message_handler("Found 0 Synthetic Canaries in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" - for data in response["Canaries"]: - - """ Check if VpcConfig is in dict """ - if "VpcConfig" in data: - - if data['VpcConfig']['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nCanariesName: {} -> VpcId {}".format( - data['Name'], - self.vpc_options.vpc_id - ) - - message_handler("Found {0} Synthetic Canaries using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + client = self.vpc_options.client('synthetics') + + response = client.describe_canaries() - except Exception as e: - message = "Can't list Synthetic Canaries\nError {0}".format(str(e)) - exit_critical(message) + message_handler("\nChecking SYNTHETICS CANARIES...", "HEADER") + + if len(response["Canaries"]) == 0: + message_handler("Found 0 Synthetic Canaries in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["Canaries"]: + + """ Check if VpcConfig is in dict """ + if "VpcConfig" in data: + + if data['VpcConfig']['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nCanariesName: {} -> VpcId {}".format( + data['Name'], + self.vpc_options.vpc_id + ) + + message_handler("Found {0} Synthetic Canaries using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True CANARIES = SYNTHETICSCANARIES \ No newline at end of file diff --git a/shared/internal/network.py b/shared/internal/network.py index aa5173a..f0f48c4 100644 --- a/shared/internal/network.py +++ b/shared/internal/network.py @@ -1,413 +1,392 @@ from shared.common import * - +from shared.error_handler import exception class VPC(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('ec2') - response = client.describe_vpcs( - VpcIds=[self.vpc_options.vpc_id] - ) - - dataresponse = response['Vpcs'][0] - message = "VPC: {0}\nCIDR Block: {1}\nTenancy: {2}".format(self.vpc_options.vpc_id, - dataresponse['CidrBlock'], - dataresponse['InstanceTenancy']) - print(message) - except Exception as e: - message = "There is no VpcID \"{0}\" in region {1}.\nError {2}".format(self.vpc_options.vpc_id, self.vpc_options.region_name, str(e)) - exit_critical(message) + + client = self.vpc_options.client('ec2') + response = client.describe_vpcs( + VpcIds=[self.vpc_options.vpc_id] + ) + + dataresponse = response['Vpcs'][0] + message = "VPC: {0}\nCIDR Block: {1}\nTenancy: {2}".format(self.vpc_options.vpc_id, + dataresponse['CidrBlock'], + dataresponse['InstanceTenancy']) + print(message) + + return True class INTERNETGATEWAY(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('ec2') - - filters = [{'Name': 'attachment.vpc-id', - 'Values': [self.vpc_options.vpc_id]}] + client = self.vpc_options.client('ec2') - response = client.describe_internet_gateways(Filters=filters) + filters = [{'Name': 'attachment.vpc-id', + 'Values': [self.vpc_options.vpc_id]}] - message_handler("\nChecking INTERNET GATEWAYS...", "HEADER") + response = client.describe_internet_gateways(Filters=filters) - """ One VPC has only 1 IGW then it's a direct check """ - if len(response["InternetGateways"]) == 0: - message_handler("Found 0 Internet Gateway in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - - found = 1 + message_handler("\nChecking INTERNET GATEWAYS...", "HEADER") - message = "\nInternetGatewayId: {} -> VPC id {}".format( - response['InternetGateways'][0]['InternetGatewayId'], - self.vpc_options.vpc_id - ) - - message_handler("Found {0} Internet Gateway using VPC {1} {2}".format(str(found), \ - self.vpc_options.vpc_id, message), \ - 'OKBLUE') + """ One VPC has only 1 IGW then it's a direct check """ + if len(response["InternetGateways"]) == 0: + message_handler("Found 0 Internet Gateway in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + + found = 1 - except Exception as e: - message = "Can't list Internet Gateway\nError {0}".format(str(e)) - exit_critical(message) + message = "\nInternetGatewayId: {} -> VPC id {}".format( + response['InternetGateways'][0]['InternetGatewayId'], + self.vpc_options.vpc_id + ) + + message_handler("Found {0} Internet Gateway using VPC {1} {2}".format(str(found), \ + self.vpc_options.vpc_id, message), \ + 'OKBLUE') + return True class NATGATEWAY(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('ec2') + client = self.vpc_options.client('ec2') - filters = [{'Name': 'vpc-id', - 'Values': [self.vpc_options.vpc_id]}] + filters = [{'Name': 'vpc-id', + 'Values': [self.vpc_options.vpc_id]}] - response = client.describe_nat_gateways(Filters=filters) + response = client.describe_nat_gateways(Filters=filters) - message_handler("\nChecking NAT GATEWAYS...", "HEADER") + message_handler("\nChecking NAT GATEWAYS...", "HEADER") - if len(response["NatGateways"]) == 0: - message_handler("Found 0 NAT Gateways in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - - found = 0 - message = "" + if len(response["NatGateways"]) == 0: + message_handler("Found 0 NAT Gateways in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + + found = 0 + message = "" - for data in response["NatGateways"]: + for data in response["NatGateways"]: - if data['VpcId'] == self.vpc_options.vpc_id: + if data['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nNatGatewayId: {} -> VPC id {}".format( - data['NatGatewayId'], - self.vpc_options.vpc_id - ) + found += 1 + message = message + "\nNatGatewayId: {} -> VPC id {}".format( + data['NatGatewayId'], + self.vpc_options.vpc_id + ) - message_handler("Found {0} NAT Gateways using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} NAT Gateways using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list NAT Gateways\nError {0}".format(str(e)) - exit_critical(message) + return True class ELASTICLOADBALANCING(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('elb') + client = self.vpc_options.client('elb') - response = client.describe_load_balancers() + response = client.describe_load_balancers() - message_handler("\nChecking CLASSIC LOAD BALANCING...", "HEADER") + message_handler("\nChecking CLASSIC LOAD BALANCING...", "HEADER") - if len(response['LoadBalancerDescriptions']) == 0: - message_handler("Found 0 Classic Load Balancing in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - - found = 0 - message = "" + if len(response['LoadBalancerDescriptions']) == 0: + message_handler("Found 0 Classic Load Balancing in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + + found = 0 + message = "" - for data in response['LoadBalancerDescriptions']: + for data in response['LoadBalancerDescriptions']: - if data['VPCId'] == self.vpc_options.vpc_id: + if data['VPCId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nLoadBalancerName: {} -> VPC id {}".format( - data['LoadBalancerName'], - self.vpc_options.vpc_id - ) + found += 1 + message = message + "\nLoadBalancerName: {} -> VPC id {}".format( + data['LoadBalancerName'], + self.vpc_options.vpc_id + ) - message_handler("Found {0} Classic Load Balancing using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} Classic Load Balancing using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list Classic Load Balancing\nError {0}".format(str(e)) - exit_critical(message) + return True class ELASTICLOADBALANCINGV2(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('elbv2') + client = self.vpc_options.client('elbv2') - response = client.describe_load_balancers() + response = client.describe_load_balancers() - message_handler("\nChecking APPLICATION LOAD BALANCING...", "HEADER") + message_handler("\nChecking APPLICATION LOAD BALANCING...", "HEADER") - if len(response['LoadBalancers']) == 0: - message_handler("Found 0 Application Load Balancing in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - - found = 0 - message = "" + if len(response['LoadBalancers']) == 0: + message_handler("Found 0 Application Load Balancing in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + + found = 0 + message = "" - for data in response['LoadBalancers']: + for data in response['LoadBalancers']: - if data['VpcId'] == self.vpc_options.vpc_id: + if data['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nLoadBalancerName: {} -> VPC id {}".format( - data['LoadBalancerName'], - self.vpc_options.vpc_id - ) + found += 1 + message = message + "\nLoadBalancerName: {} -> VPC id {}".format( + data['LoadBalancerName'], + self.vpc_options.vpc_id + ) - message_handler("Found {0} Application Load Balancing using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} Application Load Balancing using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list Application Load Balancing\nError {0}".format(str(e)) - exit_critical(message) + return True class ROUTETABLE(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('ec2') + client = self.vpc_options.client('ec2') - filters = [{'Name': 'vpc-id', - 'Values': [self.vpc_options.vpc_id]}] + filters = [{'Name': 'vpc-id', + 'Values': [self.vpc_options.vpc_id]}] - response = client.describe_route_tables(Filters=filters) + response = client.describe_route_tables(Filters=filters) - message_handler("\nChecking ROUTE TABLES...", "HEADER") + message_handler("\nChecking ROUTE TABLES...", "HEADER") - if len(response['RouteTables']) == 0: - message_handler("Found 0 Route Table in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - - found = 0 - message = "" + if len(response['RouteTables']) == 0: + message_handler("Found 0 Route Table in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + + found = 0 + message = "" - """ Iterate to get all route table filtered """ - for data in response['RouteTables']: + """ Iterate to get all route table filtered """ + for data in response['RouteTables']: - found += 1 - message = message + "\nRouteTableId: {} -> VPC id {}".format( - data['RouteTableId'], - self.vpc_options.vpc_id - ) + found += 1 + message = message + "\nRouteTableId: {} -> VPC id {}".format( + data['RouteTableId'], + self.vpc_options.vpc_id + ) - message_handler("Found {0} Route Tables using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} Route Tables using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list Route Table\nError {0}".format(str(e)) - exit_critical(message) + return True class SUBNET(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('ec2') + client = self.vpc_options.client('ec2') - filters = [{'Name': 'vpc-id', - 'Values': [self.vpc_options.vpc_id]}] + filters = [{'Name': 'vpc-id', + 'Values': [self.vpc_options.vpc_id]}] - response = client.describe_subnets(Filters=filters) + response = client.describe_subnets(Filters=filters) - message_handler("\nChecking SUBNETS...", "HEADER") + message_handler("\nChecking SUBNETS...", "HEADER") - if len(response['Subnets']) == 0: - message_handler("Found 0 Subnets in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - - found = 0 - message = "" + if len(response['Subnets']) == 0: + message_handler("Found 0 Subnets in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + + found = 0 + message = "" - """ Iterate to get all route table filtered """ - for data in response['Subnets']: + """ Iterate to get all route table filtered """ + for data in response['Subnets']: - found += 1 - message = message + "\nSubnetId: {} -> VPC id {}".format( - data['SubnetId'], - self.vpc_options.vpc_id - ) + found += 1 + message = message + "\nSubnetId: {} -> VPC id {}".format( + data['SubnetId'], + self.vpc_options.vpc_id + ) - message_handler("Found {0} Subnets using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} Subnets using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list Subnets\nError {0}".format(str(e)) - exit_critical(message) + return True class NACL(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('ec2') + client = self.vpc_options.client('ec2') - filters = [{'Name': 'vpc-id', - 'Values': [self.vpc_options.vpc_id]}] + filters = [{'Name': 'vpc-id', + 'Values': [self.vpc_options.vpc_id]}] - response = client.describe_network_acls(Filters=filters) + response = client.describe_network_acls(Filters=filters) - message_handler("\nChecking NACLs...", "HEADER") + message_handler("\nChecking NACLs...", "HEADER") - if len(response['NetworkAcls']) == 0: - message_handler("Found 0 NACL in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - - found = 0 - message = "" + if len(response['NetworkAcls']) == 0: + message_handler("Found 0 NACL in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + + found = 0 + message = "" - """ Iterate to get all NACL filtered """ - for data in response['NetworkAcls']: + """ Iterate to get all NACL filtered """ + for data in response['NetworkAcls']: - found += 1 - message = message + "\nNetworkAclId: {} -> VPC id {}".format( - data['NetworkAclId'], - self.vpc_options.vpc_id - ) + found += 1 + message = message + "\nNetworkAclId: {} -> VPC id {}".format( + data['NetworkAclId'], + self.vpc_options.vpc_id + ) - message_handler("Found {0} NACL using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} NACL using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list NACL\nError {0}".format(str(e)) - exit_critical(message) + return True class SECURITYGROUP(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('ec2') + client = self.vpc_options.client('ec2') - filters = [{'Name': 'vpc-id', - 'Values': [self.vpc_options.vpc_id]}] + filters = [{'Name': 'vpc-id', + 'Values': [self.vpc_options.vpc_id]}] - response = client.describe_security_groups(Filters=filters) + response = client.describe_security_groups(Filters=filters) - message_handler("\nChecking SECURITY GROUPS...", "HEADER") + message_handler("\nChecking SECURITY GROUPS...", "HEADER") - if len(response['SecurityGroups']) == 0: - message_handler("Found 0 Security Group in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - - found = 0 - message = "" + if len(response['SecurityGroups']) == 0: + message_handler("Found 0 Security Group in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + + found = 0 + message = "" - """ Iterate to get all SG filtered """ - for data in response['SecurityGroups']: + """ Iterate to get all SG filtered """ + for data in response['SecurityGroups']: - found += 1 - message = message + "\nGroupName: {} -> VPC id {}".format( - data['GroupName'], - self.vpc_options.vpc_id - ) + found += 1 + message = message + "\nGroupName: {} -> VPC id {}".format( + data['GroupName'], + self.vpc_options.vpc_id + ) - message_handler("Found {0} Security Groups using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} Security Groups using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list SECURITY GROUPS\nError {0}".format(str(e)) - exit_critical(message) + return True class VPCPEERING(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('ec2') + client = self.vpc_options.client('ec2') - response = client.describe_vpc_peering_connections() + response = client.describe_vpc_peering_connections() - message_handler("\nChecking VPC PEERING...", "HEADER") + message_handler("\nChecking VPC PEERING...", "HEADER") - if len(response['VpcPeeringConnections']) == 0: - message_handler("Found 0 VPC Peering in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - - found = 0 - message = "" + if len(response['VpcPeeringConnections']) == 0: + message_handler("Found 0 VPC Peering in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + + found = 0 + message = "" - """ Iterate to get all vpc peering and check either accepter or requester """ - for data in response['VpcPeeringConnections']: + """ Iterate to get all vpc peering and check either accepter or requester """ + for data in response['VpcPeeringConnections']: - if data['AccepterVpcInfo']['VpcId'] == self.vpc_options.vpc_id \ - or data['RequesterVpcInfo']['VpcId'] == self.vpc_options.vpc_id: - - found += 1 - message = message + "\nVpcPeeringConnectionId: {} -> VPC id {}".format( - data['VpcPeeringConnectionId'], - self.vpc_options.vpc_id - ) + if data['AccepterVpcInfo']['VpcId'] == self.vpc_options.vpc_id \ + or data['RequesterVpcInfo']['VpcId'] == self.vpc_options.vpc_id: + + found += 1 + message = message + "\nVpcPeeringConnectionId: {} -> VPC id {}".format( + data['VpcPeeringConnectionId'], + self.vpc_options.vpc_id + ) - message_handler("Found {0} VPC Peering using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} VPC Peering using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list VPC PEERING\nError {0}".format(str(e)) - exit_critical(message) + return True class VPCENDPOINT(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('ec2') + client = self.vpc_options.client('ec2') - filters = [{'Name': 'vpc-id', - 'Values': [self.vpc_options.vpc_id]}] + filters = [{'Name': 'vpc-id', + 'Values': [self.vpc_options.vpc_id]}] - response = client.describe_vpc_endpoints(Filters=filters) + response = client.describe_vpc_endpoints(Filters=filters) - message_handler("\nChecking VPC ENDPOINTS...", "HEADER") + message_handler("\nChecking VPC ENDPOINTS...", "HEADER") - if len(response['VpcEndpoints']) == 0: - message_handler("Found 0 VPC Endpoints in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - - found = 0 - message = "" + if len(response['VpcEndpoints']) == 0: + message_handler("Found 0 VPC Endpoints in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + + found = 0 + message = "" - """ Iterate to get all VPCE filtered """ - for data in response['VpcEndpoints']: + """ Iterate to get all VPCE filtered """ + for data in response['VpcEndpoints']: - if data['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nVpcEndpointId: {} -> VPC id {}".format( - data['VpcEndpointId'], - self.vpc_options.vpc_id - ) + if data['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nVpcEndpointId: {} -> VPC id {}".format( + data['VpcEndpointId'], + self.vpc_options.vpc_id + ) - message_handler("Found {0} VPC Endpoints using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + message_handler("Found {0} VPC Endpoints using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list VPC ENDPOINTS\nError {0}".format(str(e)) - exit_critical(message) + return True """ aliases """ IGW = INTERNETGATEWAY diff --git a/shared/internal/security.py b/shared/internal/security.py index 237135a..3fa2c36 100644 --- a/shared/internal/security.py +++ b/shared/internal/security.py @@ -1,5 +1,5 @@ from concurrent.futures.thread import ThreadPoolExecutor - +from shared.error_handler import exception from shared.common import * import json @@ -9,66 +9,69 @@ class IAM(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.session.client('ec2') - - regions = [region['RegionName'] for region in client.describe_regions()['Regions']] - - if self.vpc_options.region_name not in regions: - message = "There is no region named: {0}".format(self.vpc_options.region_name) - exit_critical(message) - - except Exception as e: - message = "Can't connect to AWS API\nError: {0}".format(str(e)) + + client = self.vpc_options.session.client('ec2') + + regions = [region['RegionName'] for region in client.describe_regions()['Regions']] + + if self.vpc_options.region_name not in regions: + message = "There is no region named: {0}".format(self.vpc_options.region_name) exit_critical(message) + return True + class IAMPOLICY(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.session.client('iam') - - response = client.list_policies(Scope='Local') - - message_handler("\nChecking IAM POLICY...", "HEADER") - - if len(response['Policies']) == 0: - message_handler("Found 0 Customer managed IAM Policy", "OKBLUE") - else: - found = 0 - message = "" - - with ThreadPoolExecutor(15) as executor: - results = executor.map(lambda data: self.analyze_policy(client, data), response['Policies']) - for result in results: - if result[0] is True: - found += 1 - message += result[1] - - message_handler("Found {0} Customer managed IAM Policy using VPC {1} {2}".format(str(found), - self.vpc_options.vpc_id, message), - 'OKBLUE') - except Exception as e: - message = "Can't list IAM Policy\nError: {0}".format(str(e)) - exit_critical(message) + + client = self.vpc_options.session.client('iam') + + response = client.list_policies(Scope='Local') + + message_handler("\nChecking IAM POLICY...", "HEADER") + + if len(response['Policies']) == 0: + message_handler("Found 0 Customer managed IAM Policy", "OKBLUE") + else: + found = 0 + message = "" + + with ThreadPoolExecutor(15) as executor: + results = executor.map(lambda data: self.analyze_policy(client, data), response['Policies']) + for result in results: + if result[0] is True: + found += 1 + message += result[1] + + message_handler("Found {0} Customer managed IAM Policy using VPC {1} {2}".format(str(found), + self.vpc_options.vpc_id, message), + 'OKBLUE') + return True def analyze_policy(self, client, data): + documentpolicy = client.get_policy_version( PolicyArn=data['Arn'], VersionId=data['DefaultVersionId'] ) + document = json.dumps(documentpolicy, default=datetime_to_string) + """ check either vpc_id or potencial subnet ip are found """ ipvpc_found = check_ipvpc_inpolicy(document=document, vpc_options=self.vpc_options) + if ipvpc_found is True: return True, "\nPolicyName: {0} - DefaultVersionId: {1} - VpcId: {2}".format( data['PolicyName'], data['DefaultVersionId'], self.vpc_options.vpc_id ) + return False, None diff --git a/shared/internal/storage.py b/shared/internal/storage.py index bca5a66..c12957c 100644 --- a/shared/internal/storage.py +++ b/shared/internal/storage.py @@ -1,5 +1,5 @@ from concurrent.futures.thread import ThreadPoolExecutor - +from shared.error_handler import exception from shared.common import * import json @@ -8,78 +8,78 @@ class EFS(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('efs') - - """ get filesystems available """ - response = client.describe_file_systems() - message_handler("\nChecking EFS MOUNT TARGETS...", "HEADER") + client = self.vpc_options.client('efs') + + """ get filesystems available """ + response = client.describe_file_systems() + + message_handler("\nChecking EFS MOUNT TARGETS...", "HEADER") - if len(response["FileSystems"]) == 0: - message_handler("Found 0 EFS File Systems in region {0}".format(self.vpc_options.region_name), "OKBLUE") - else: - found = 0 - message = "" + if len(response["FileSystems"]) == 0: + message_handler("Found 0 EFS File Systems in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + + """ iterate filesystems to get mount targets """ + for data in response["FileSystems"]: + + filesystem = client.describe_mount_targets(FileSystemId=data["FileSystemId"]) """ iterate filesystems to get mount targets """ - for data in response["FileSystems"]: - - filesystem = client.describe_mount_targets(FileSystemId=data["FileSystemId"]) + for datafilesystem in filesystem['MountTargets']: - """ iterate filesystems to get mount targets """ - for datafilesystem in filesystem['MountTargets']: + """ describe subnet to get VpcId """ + ec2 = self.vpc_options.client('ec2') + + subnets = ec2.describe_subnets(SubnetIds=[datafilesystem['SubnetId']]) - """ describe subnet to get VpcId """ - ec2 = self.vpc_options.client('ec2') - - subnets = ec2.describe_subnets(SubnetIds=[datafilesystem['SubnetId']]) + if subnets['Subnets'][0]['VpcId'] == self.vpc_options.vpc_id: + found += 1 + message = message + "\nFileSystemId: {0} - NumberOfMountTargets: {1} - VpcId: {2}".format( + data['FileSystemId'], + data['NumberOfMountTargets'], + subnets['Subnets'][0]['VpcId'] + ) - if subnets['Subnets'][0]['VpcId'] == self.vpc_options.vpc_id: - found += 1 - message = message + "\nFileSystemId: {0} - NumberOfMountTargets: {1} - VpcId: {2}".format( - data['FileSystemId'], - data['NumberOfMountTargets'], - subnets['Subnets'][0]['VpcId'] - ) + message_handler("Found {0} EFS Mount Target using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - message_handler("Found {0} EFS Mount Target using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list EFS MOUNT TARGETS\nError {0}".format(str(e)) - exit_critical(message) + return True class S3POLICY(object): def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options + @exception def run(self): - try: - client = self.vpc_options.client('s3') - - """ get buckets available """ - response = client.list_buckets() - - message_handler("\nChecking S3 BUCKET POLICY...", "HEADER") - - if len(response["Buckets"]) == 0: - message_handler("Found 0 S3 Buckets", "OKBLUE") - else: - found = 0 - message = "" - - """ iterate buckets to get policy """ - with ThreadPoolExecutor(15) as executor: - results = executor.map(lambda data: self.analyze_bucket(client, data), response['Buckets']) - for result in results: - if result[0] is True: - found += 1 - message += result[1] - message_handler("Found {0} S3 Bucket Policy using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - except Exception as e: - message = "Can't list S3 BUCKETS\nError {0}".format(str(e)) - exit_critical(message) + + client = self.vpc_options.client('s3') + + """ get buckets available """ + response = client.list_buckets() + + message_handler("\nChecking S3 BUCKET POLICY...", "HEADER") + + if len(response["Buckets"]) == 0: + message_handler("Found 0 S3 Buckets", "OKBLUE") + else: + found = 0 + message = "" + + """ iterate buckets to get policy """ + with ThreadPoolExecutor(15) as executor: + results = executor.map(lambda data: self.analyze_bucket(client, data), response['Buckets']) + for result in results: + if result[0] is True: + found += 1 + message += result[1] + message_handler("Found {0} S3 Bucket Policy using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True def analyze_bucket(self, client, data): try: From 35ae657e177ba2aa68c1d7e1e82ce9801d5b4f16 Mon Sep 17 00:00:00 2001 From: Leandro Damascena Date: Fri, 22 May 2020 11:39:14 +0100 Subject: [PATCH 5/7] Added ECS support #6 --- shared/awscommands.py | 4 +++ shared/internal/containers.py | 57 +++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 shared/internal/containers.py diff --git a/shared/awscommands.py b/shared/awscommands.py index 049c7a3..ddcfc42 100644 --- a/shared/awscommands.py +++ b/shared/awscommands.py @@ -8,6 +8,7 @@ from shared.internal.analytics import ELASTICSEARCH, MSK from shared.internal.application import SQSPOLICY from shared.internal.management import CLOUDFORMATION, CANARIES +from shared.internal.containers import ECS class AwsCommands(object): @@ -61,4 +62,7 @@ def run(self): """ Management resources """ CLOUDFORMATION(self.vpc_options).run() CANARIES(self.vpc_options).run() + + """ Containers """ + ECS(self.vpc_options).run() \ No newline at end of file diff --git a/shared/internal/containers.py b/shared/internal/containers.py new file mode 100644 index 0000000..061e096 --- /dev/null +++ b/shared/internal/containers.py @@ -0,0 +1,57 @@ +from shared.common import * +from shared.error_handler import exception + + +class ECS(object): + + def __init__(self, vpc_options: VpcOptions): + self.vpc_options = vpc_options + + @exception + def run(self): + + client = self.vpc_options.client('ecs') + + response = client.describe_clusters() + + message_handler("\nChecking ECS CLUSTER...", "HEADER") + + if len(response['clusters']) == 0: + message_handler("Found 0 ECS Cluster in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response['clusters']: + + """ Searching all cluster services """ + services = client.list_services(cluster=data['clusterName']) + + for data_service in services['serviceArns']: + + """ Checking service detail """ + service_detail = client.describe_services(services=[data_service]) + + for data_service_detail in service_detail['services']: + + service_subnets = data_service_detail["networkConfiguration"]["awsvpcConfiguration"]["subnets"] + + """ describe subnet to get VpcId """ + ec2 = self.vpc_options.client('ec2') + + subnets = ec2.describe_subnets(SubnetIds=service_subnets) + + """ Iterate subnet to get VPC """ + for data_subnet in subnets['Subnets']: + + if data_subnet['VpcId'] == self.vpc_options.vpc_id: + + found += 1 + message = message + "\nclusterName: {} -> ServiceName: {} -> VPC id {}".format( + data["clusterName"], + data_service, + self.vpc_options.vpc_id + ) + + message_handler("Found {0} ECS Cluster using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True \ No newline at end of file From 93eba7f12a84ed07ccd8fa4eb9b74840ec40ad6a Mon Sep 17 00:00:00 2001 From: Leandro Damascena Date: Fri, 22 May 2020 23:37:20 +0100 Subject: [PATCH 6/7] Added AUTOSCALING check #6 --- shared/awscommands.py | 5 ++-- shared/internal/compute.py | 48 +++++++++++++++++++++++++++++++++++++- 2 files changed, 50 insertions(+), 3 deletions(-) diff --git a/shared/awscommands.py b/shared/awscommands.py index ddcfc42..53f2cd0 100644 --- a/shared/awscommands.py +++ b/shared/awscommands.py @@ -2,7 +2,7 @@ from shared.internal.security import IAM, IAMPOLICY from shared.internal.network import VPC, IGW, NATGATEWAY, ELB, ELBV2, ROUTETABLE, SUBNET, NACL, SG, VPCPEERING from shared.internal.network import VPCENDPOINT -from shared.internal.compute import LAMBDA, EC2, EKS, EMR +from shared.internal.compute import LAMBDA, EC2, EKS, EMR, ASG from shared.internal.database import RDS, ELASTICACHE, DOCUMENTDB from shared.internal.storage import EFS, S3POLICY from shared.internal.analytics import ELASTICSEARCH, MSK @@ -17,7 +17,7 @@ def __init__(self, vpc_options: VpcOptions): self.vpc_options = vpc_options def run(self): - + """ IAM and VPC validations """ IAM(self.vpc_options).run() VPC(self.vpc_options).run() @@ -27,6 +27,7 @@ def run(self): LAMBDA(self.vpc_options).run() EKS(self.vpc_options).run() EMR(self.vpc_options).run() + ASG(self.vpc_options).run() """ Database resources """ RDS(self.vpc_options).run() diff --git a/shared/internal/compute.py b/shared/internal/compute.py index 32ab626..39356fe 100644 --- a/shared/internal/compute.py +++ b/shared/internal/compute.py @@ -140,4 +140,50 @@ def run(self): message_handler("Found {0} EMR Clusters using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') - return True \ No newline at end of file + return True + +class AUTOSCALING(object): + + def __init__(self, vpc_options: VpcOptions): + self.vpc_options = vpc_options + + @exception + def run(self): + + client = self.vpc_options.client('autoscaling') + + response = client.describe_auto_scaling_groups() + + message_handler("\nChecking AUTOSCALING GROUPS...", "HEADER") + + if len(response["AutoScalingGroups"]) == 0: + message_handler("Found 0 Autoscaling groups in region {0}".format(self.vpc_options.region_name), "OKBLUE") + else: + found = 0 + message = "" + for data in response["AutoScalingGroups"]: + + asg_subnets = data['VPCZoneIdentifier'].split(",") + + """ describe subnet to get VpcId """ + ec2 = self.vpc_options.client('ec2') + + subnets = ec2.describe_subnets(SubnetIds=asg_subnets) + + """ Iterate subnet to get VPC """ + for data_subnet in subnets['Subnets']: + + if data_subnet['VpcId'] == self.vpc_options.vpc_id: + + found += 1 + message = message + "\nAutoScalingGroupName: {} -> LaunchConfigurationName: {} -> VPC id {}".format( + data["AutoScalingGroupName"], + data["LaunchConfigurationName"], + self.vpc_options.vpc_id + ) + + message_handler("Found {0} Autoscaling groups using VPC {1} {2}".format(str(found), self.vpc_options.vpc_id, message),'OKBLUE') + + return True + +ASG = AUTOSCALING \ No newline at end of file From 40fd81bc2f008c02f0a12e191ee6b96b1778eb7f Mon Sep 17 00:00:00 2001 From: Leandro Damascena Date: Fri, 22 May 2020 23:58:48 +0100 Subject: [PATCH 7/7] README issues and version bump --- README.md | 47 ++++++++++++++++++++++------------------ aws-network-discovery.py | 2 +- 2 files changed, 27 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 97ed874..b21d7cd 100644 --- a/README.md +++ b/README.md @@ -8,27 +8,32 @@ AWS Network Discovery helps you analyze what's resources are using a custom VPC. Following services are integrated - - EC2 - - IAM POLICY - - Lambda - - RDS - - EFS - - ELASTICACHE - - S3 POLICY - - ELASTICSEARCH - - DOCUMENTDB - - SQS QUEUE POLICY - - MSK - - NAT GATEWAY - - INTERNET GATEWAY (IGW) - - CLASSIC/NETWORK/APPLICATION LOAD BALANCING - - ROUTE TABLE - - SUBNET - - NACL - - SECURITY GROUP - - VPC PEERING - - VPC ENDPOINT - - EKS +- EC2 +- IAM POLICY +- Lambda +- RDS +- EFS +- ELASTICACHE +- S3 POLICY +- ELASTICSEARCH +- DOCUMENTDB +- SQS QUEUE POLICY +- MSK +- NAT GATEWAY +- INTERNET GATEWAY (IGW) +- CLASSIC/NETWORK/APPLICATION LOAD BALANCING +- ROUTE TABLE +- SUBNET +- NACL +- SECURITY GROUP +- VPC PEERING +- VPC ENDPOINT +- EKS +- CLOUDFORMATION +- SYNTHETIC CANARIES +- EMR +- ECS +- AUTOSCALING ### News diff --git a/aws-network-discovery.py b/aws-network-discovery.py index 5dc3d25..1172ed1 100644 --- a/aws-network-discovery.py +++ b/aws-network-discovery.py @@ -36,7 +36,7 @@ from commands.vpc import Vpc -__version__ = "0.6.0" +__version__ = "0.7.0" AVAILABLE_LANGUAGES = ['en_US','pt_BR']