aws_recon 0.2.1

data/lib/aws_recon/collectors/kafka.rb

@@ -0,0 +1,27 @@
+class Kafka < Mapper
+  #
+  # Returns an array of resources.
+  #
+  # TODO: test live
+  #
+  def collect
+    resources = []
+
+    #
+    # list_clusters
+    #
+    @client.list_clusters.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.cluster_info_list.each do |cluster|
+        struct = OpenStruct.new(cluster.to_h)
+        struct.type = 'cluster'
+        struct.arn = cluster.cluster_arn
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/kinesis.rb

@@ -0,0 +1,26 @@
+class Kinesis < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # list_streams
+    #
+    @client.list_streams.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      # describe_stream
+      response.stream_names.each do |stream|
+        struct = OpenStruct.new(@client.describe_stream({ stream_name: stream }).stream_description.to_h)
+        struct.type = 'stream'
+        struct.arn = struct.stream_arn
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/kms.rb

@@ -0,0 +1,71 @@
+class KMS < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # list_keys
+    #
+    @client.list_keys.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      # describe_key
+      response.keys.each do |key|
+        log(response.context.operation_name, 'describe_key', page)
+        struct = OpenStruct.new(@client
+                                .describe_key({ key_id: key.key_id })
+                                .key_metadata.to_h)
+        struct.type = 'key'
+        struct.grants = []
+
+        # get_key_rotation_status
+        log(response.context.operation_name, 'get_key_rotation_status')
+        # The default master key rotation status can't be queried
+        begin
+          struct.rotation_enabled = @client
+                                    .get_key_rotation_status({ key_id: key.key_id })
+                                    .key_rotation_enabled
+        rescue Aws::KMS::Errors::ServiceError => e
+          log_error(e.code)
+          raise e unless suppressed_errors.include?(e.code)
+        end
+
+        # list_grants
+        @client.list_grants({ key_id: key.key_id }).each_with_index do |response, page|
+          log(response.context.operation_name, 'list_grants', page)
+
+          response.grants.each do |grant|
+            struct.grants.push(grant.to_h)
+          end
+        end
+
+        # get_key_policy - 'default' is the only valid policy
+        log(response.context.operation_name, 'get_key_policy')
+        struct.policy = @client
+                        .get_key_policy({ key_id: key.key_id, policy_name: 'default' })
+                        .policy
+
+        # list_aliases
+        log(response.context.operation_name, 'list_aliases')
+        struct.aliases = @client
+                         .list_aliases({ key_id: key.key_id })
+                         .aliases.map(&:to_h)
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+
+  private
+
+  # not an error
+  def suppressed_errors
+    %w[
+      AccessDeniedException
+    ]
+  end
+end

data/lib/aws_recon/collectors/lambda.rb

@@ -0,0 +1,42 @@
+class Lambda < Mapper
+  def collect
+    service = self.class.to_s.downcase
+    resources = []
+
+    #
+    # list_functions
+    #
+    @client.list_functions.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.functions.each do |function|
+        struct = OpenStruct.new(function)
+        struct.type = 'function'
+        struct.arn = function.function_arn
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    #
+    # list_layers
+    #
+    @client.list_layers.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.layers.each do |layer|
+        struct = OpenStruct.new(layer)
+        struct.type = 'layer'
+        struct.arn = layer.layer_arn
+
+        # list_layer_versions
+        struct.versions = @client.list_layer_versions({ layer_name: layer.layer_name }).layer_versions.map(&:to_h)
+        log(response.context.operation_name, 'list_layer_versions')
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/lightsail.rb

@@ -0,0 +1,38 @@
+class Lightsail < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # get_instances
+    #
+    @client.get_instances.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.instances.each do |instance|
+        struct = OpenStruct.new(instance.to_h)
+        struct.type = 'instance'
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    #
+    # get_load_balancers
+    #
+    @client.get_load_balancers.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.load_balancers.each do |load_balancer|
+        struct = OpenStruct.new(load_balancer.to_h)
+        struct.type = 'load_balancer'
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/organizations.rb

@@ -0,0 +1,36 @@
+class Organizations < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # describe_organization
+    #
+    @client.describe_organization.each do |response|
+      log(response.context.operation_name)
+
+      struct = OpenStruct.new(response.organization.to_h)
+      struct.type = 'organization'
+
+      resources.push(struct.to_h)
+    end
+
+    #
+    # list_handshakes_for_account
+    #
+    @client.list_handshakes_for_account.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.handshakes.each do |handshake|
+        struct = OpenStruct.new(handshake.to_h)
+        struct.type = 'handshake'
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/rds.rb

@@ -0,0 +1,81 @@
+class RDS < Mapper
+  #
+  # Returns an array of resources.
+  #
+  # describe_db_engine_versions is skipped with @options.skip_slow
+  #
+  def collect
+    resources = []
+
+    #
+    # describe_db_clusters
+    #
+    @client.describe_db_clusters.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.db_clusters.each do |cluster|
+        log(response.context.operation_name, cluster.db_cluster_identifier)
+
+        struct = OpenStruct.new(cluster.to_h)
+        struct.type = 'db_cluster'
+        struct.arn = cluster.db_cluster_arn
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    #
+    # describe_db_instances
+    #
+    @client.describe_db_instances.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.db_instances.each do |instance|
+        log(response.context.operation_name, instance.db_instance_identifier)
+
+        struct = OpenStruct.new(instance.to_h)
+        struct.type = 'db_instance'
+        struct.arn = instance.db_instance_arn
+        struct.parent_id = instance.db_cluster_identifier
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    #
+    # describe_db_snapshots
+    #
+    @client.describe_db_snapshots.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.db_snapshots.each do |snapshot|
+        log(response.context.operation_name, snapshot.db_snapshot_identifier)
+
+        struct = OpenStruct.new(snapshot.to_h)
+        struct.type = 'db_snapshot'
+        struct.arn = snapshot.db_snapshot_arn
+        struct.parent_id = snapshot.db_instance_identifier
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    #
+    # describe_db_engine_versions
+    #
+    unless @options.skip_slow
+      @client.describe_db_engine_versions.each_with_index do |response, page|
+        log(response.context.operation_name, page)
+
+        response.db_engine_versions.each do |version|
+          struct = OpenStruct.new(version.to_h)
+          struct.type = 'db_engine_version'
+
+          resources.push(struct.to_h)
+        end
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/redshift.rb

@@ -0,0 +1,40 @@
+class Redshift < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # describe_clusters
+    #
+    @client.describe_clusters.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.clusters.each do |cluster|
+        struct = OpenStruct.new(cluster.to_h)
+        struct.type = 'cluster'
+        struct.arn = cluster.cluster_identifier
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    #
+    # describe_cluster_subnet_groups
+    #
+    @client.describe_cluster_subnet_groups.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.cluster_subnet_groups.each do |group|
+        struct = OpenStruct.new(group.to_h)
+        struct.type = 'subnet_group'
+        struct.arn = group.cluster_subnet_group_name
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/route53.rb

@@ -0,0 +1,28 @@
+class Route53 < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # list_hosted_zones
+    #
+    @client.list_hosted_zones.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.hosted_zones.each do |zone|
+        struct = OpenStruct.new(zone.to_h)
+        struct.type = 'zone'
+        struct.arn = zone.id
+        struct.logging_config = @client
+                                .list_query_logging_configs({ hosted_zone_id: zone.id })
+                                .query_logging_configs.first.to_h
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/route53domains.rb

@@ -0,0 +1,25 @@
+class Route53Domains < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # list_domains
+    #
+    @client.list_domains.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.domains.each do |domain|
+        struct = OpenStruct.new(domain.to_h)
+        struct.type = 'domain'
+        struct.arn = "arn:aws:#{@service}:#{@region}::domain/#{domain.domain_name}"
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+end

data/lib/aws_recon/collectors/s3.rb

@@ -0,0 +1,80 @@
+class S3 < Mapper
+  #
+  # Returns an array of resources.
+  #
+  # Since S3 is a global service, the bucket operation calls
+  # can be parallelized.
+  #
+  def collect
+    resources = []
+
+    #
+    # list_buckets
+    #
+    @client.list_buckets.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      Parallel.map(response.buckets.each, in_threads: @options.threads) do |bucket|
+        # use shared client instance
+        client = @client
+        @thread = Parallel.worker_number
+        log(response.context.operation_name, bucket.name)
+
+        struct = OpenStruct.new(bucket)
+        struct.type = 'bucket'
+        struct.arn = "arn:aws:s3:::#{bucket.name}"
+
+        # check bucket region constraint
+        location = @client.get_bucket_location({ bucket: bucket.name }).location_constraint
+
+        # reset client if needed
+        unless location.empty?
+          client = Aws::S3::Client.new({ region: location })
+        end
+
+        operations = [
+          { func: 'get_bucket_acl', key: 'acl', field: nil },
+          { func: 'get_bucket_encryption', key: 'encryption', field: 'server_side_encryption_configuration' },
+          { func: 'get_bucket_policy', key: 'policy', field: 'policy' },
+          { func: 'get_bucket_policy_status', key: 'public', field: 'policy_status' },
+          { func: 'get_bucket_tagging', key: 'tagging', field: nil },
+          { func: 'get_bucket_logging', key: 'logging', field: 'logging_enabled' },
+          { func: 'get_bucket_versioning', key: 'versioning', field: nil },
+          { func: 'get_bucket_website', key: 'website', field: nil }
+        ]
+
+        operations.each do |operation|
+          op = OpenStruct.new(operation)
+
+          resp = client.send(op.func, { bucket: bucket.name })
+
+          struct[op.key] = if op.key == 'policy'
+                             resp.policy.string
+                           else
+                             op.field ? resp.send(op.field).to_h : resp.to_h
+                           end
+
+        rescue Aws::S3::Errors::ServiceError => e
+          raise e unless suppressed_errors.include?(e.code)
+        end
+
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+
+  private
+
+  # not an error
+  def suppressed_errors
+    %w[
+      AccessDenied
+      ServerSideEncryptionConfigurationNotFoundError
+      NoSuchBucketPolicy
+      NoSuchTagSet
+      NoSuchWebsiteConfiguration
+    ]
+  end
+end