aws_recon 0.2.26 → 0.2.31
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +17 -1
- data/lib/aws_recon/collectors/accessanalyzer.rb +5 -0
- data/lib/aws_recon/collectors/acm.rb +5 -0
- data/lib/aws_recon/collectors/apigateway.rb +5 -0
- data/lib/aws_recon/collectors/apigatewayv2.rb +5 -0
- data/lib/aws_recon/collectors/applicationautoscaling.rb +5 -0
- data/lib/aws_recon/collectors/athena.rb +5 -0
- data/lib/aws_recon/collectors/autoscaling.rb +5 -0
- data/lib/aws_recon/collectors/backup.rb +5 -0
- data/lib/aws_recon/collectors/cloudformation.rb +5 -0
- data/lib/aws_recon/collectors/cloudfront.rb +5 -0
- data/lib/aws_recon/collectors/cloudtrail.rb +6 -1
- data/lib/aws_recon/collectors/cloudwatch.rb +6 -0
- data/lib/aws_recon/collectors/cloudwatchlogs.rb +5 -0
- data/lib/aws_recon/collectors/codebuild.rb +5 -0
- data/lib/aws_recon/collectors/codepipeline.rb +6 -3
- data/lib/aws_recon/collectors/configservice.rb +6 -1
- data/lib/aws_recon/collectors/directconnect.rb +5 -0
- data/lib/aws_recon/collectors/{directyservice.rb → directoryservice.rb} +5 -0
- data/lib/aws_recon/collectors/dms.rb +5 -0
- data/lib/aws_recon/collectors/dynamodb.rb +5 -0
- data/lib/aws_recon/collectors/ec2.rb +8 -5
- data/lib/aws_recon/collectors/ecr.rb +6 -3
- data/lib/aws_recon/collectors/ecs.rb +5 -2
- data/lib/aws_recon/collectors/efs.rb +5 -0
- data/lib/aws_recon/collectors/eks.rb +5 -0
- data/lib/aws_recon/collectors/elasticache.rb +5 -0
- data/lib/aws_recon/collectors/elasticloadbalancing.rb +5 -0
- data/lib/aws_recon/collectors/elasticloadbalancingv2.rb +5 -0
- data/lib/aws_recon/collectors/elasticsearch.rb +6 -0
- data/lib/aws_recon/collectors/emr.rb +5 -0
- data/lib/aws_recon/collectors/firehose.rb +5 -0
- data/lib/aws_recon/collectors/guardduty.rb +5 -2
- data/lib/aws_recon/collectors/iam.rb +8 -7
- data/lib/aws_recon/collectors/kafka.rb +5 -0
- data/lib/aws_recon/collectors/kinesis.rb +5 -0
- data/lib/aws_recon/collectors/kms.rb +7 -4
- data/lib/aws_recon/collectors/lambda.rb +5 -0
- data/lib/aws_recon/collectors/lightsail.rb +5 -0
- data/lib/aws_recon/collectors/organizations.rb +6 -3
- data/lib/aws_recon/collectors/rds.rb +5 -0
- data/lib/aws_recon/collectors/redshift.rb +5 -0
- data/lib/aws_recon/collectors/route53.rb +5 -0
- data/lib/aws_recon/collectors/route53domains.rb +5 -0
- data/lib/aws_recon/collectors/s3.rb +6 -3
- data/lib/aws_recon/collectors/sagemaker.rb +25 -1
- data/lib/aws_recon/collectors/secretsmanager.rb +5 -0
- data/lib/aws_recon/collectors/securityhub.rb +6 -3
- data/lib/aws_recon/collectors/servicequotas.rb +6 -3
- data/lib/aws_recon/collectors/ses.rb +5 -0
- data/lib/aws_recon/collectors/shield.rb +7 -4
- data/lib/aws_recon/collectors/sns.rb +5 -0
- data/lib/aws_recon/collectors/sqs.rb +5 -0
- data/lib/aws_recon/collectors/ssm.rb +5 -0
- data/lib/aws_recon/collectors/support.rb +6 -3
- data/lib/aws_recon/collectors/transfer.rb +5 -0
- data/lib/aws_recon/collectors/wafv2.rb +5 -0
- data/lib/aws_recon/collectors/workspaces.rb +5 -0
- data/lib/aws_recon/collectors/xray.rb +5 -0
- data/lib/aws_recon/lib/mapper.rb +8 -6
- data/lib/aws_recon/lib/patch.rb +2 -0
- data/lib/aws_recon/options.rb +5 -6
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +10 -7
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1057bb503b9bb209296e646212a72f4f18d974143455396f97635c0f584cb548
|
|
4
|
+
data.tar.gz: c77f77f73d77451771f8a8589b68a3787b3084fb54cfe97a6e2833c9c32d96bf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 99f9d4bb4af09f223fb624065a99cd2a5f3b7f7cd2e44ff02c7b42b02b13e380462a067e0e20d5b76bccad41fc7a4dc50f2e06b09a5ad45db65aca2beb3c196a
|
|
7
|
+
data.tar.gz: a2029d5ef893133b631c0939cb6fd78556fde610c58261a085a54d338210609f0b2d12d1757738846a85a9b7f934437e185a17e922b60eace4eaaec6e8781bef
|
data/.rubocop.yml
CHANGED
|
@@ -9,4 +9,20 @@
|
|
|
9
9
|
#
|
|
10
10
|
# See https://docs.rubocop.org/rubocop/configuration
|
|
11
11
|
Layout/LineLength:
|
|
12
|
-
Max:
|
|
12
|
+
Max: 100
|
|
13
|
+
Style/FrozenStringLiteralComment:
|
|
14
|
+
EnforcedStyle: always_true
|
|
15
|
+
Safe: true
|
|
16
|
+
SafeAutoCorrect: true
|
|
17
|
+
Style/ClassAndModuleChildren:
|
|
18
|
+
Enabled: false
|
|
19
|
+
Metrics/BlockLength:
|
|
20
|
+
Enabled: false
|
|
21
|
+
Metrics/MethodLength:
|
|
22
|
+
Enabled: false
|
|
23
|
+
Metrics/PerceivedComplexity:
|
|
24
|
+
Enabled: false
|
|
25
|
+
Metrics/CyclomaticComplexity:
|
|
26
|
+
Enabled: false
|
|
27
|
+
Metrics/AbcSize:
|
|
28
|
+
Enabled: false
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect CloudTrail resources
|
|
5
|
+
#
|
|
1
6
|
class CloudTrail < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -19,7 +24,7 @@ class CloudTrail < Mapper
|
|
|
19
24
|
end
|
|
20
25
|
|
|
21
26
|
struct = OpenStruct.new(trail.to_h)
|
|
22
|
-
struct.tags = client.list_tags({ resource_id_list: [trail.trail_arn] }).resource_tag_list.first.tags_list
|
|
27
|
+
struct.tags = client.list_tags({ resource_id_list: [trail.trail_arn] }).resource_tag_list.first.tags_list.map(&:to_h)
|
|
23
28
|
struct.type = 'cloud_trail'
|
|
24
29
|
struct.event_selectors = client.get_event_selectors({ trail_name: trail.name }).to_h
|
|
25
30
|
struct.status = client.get_trail_status({ name: trail.name }).to_h
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect CloudWatch resources
|
|
5
|
+
#
|
|
1
6
|
class CloudWatch < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -23,6 +28,7 @@ class CloudWatch < Mapper
|
|
|
23
28
|
struct = OpenStruct.new(alarm.to_h)
|
|
24
29
|
struct.type = 'metric_alarm'
|
|
25
30
|
struct.arn = alarm.alarm_arn
|
|
31
|
+
struct.state_reason_data = alarm.state_reason_data&.parse_policy
|
|
26
32
|
|
|
27
33
|
resources.push(struct.to_h)
|
|
28
34
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect CodePipeline resources
|
|
5
|
+
#
|
|
1
6
|
class CodePipeline < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -25,9 +30,7 @@ class CodePipeline < Mapper
|
|
|
25
30
|
rescue Aws::CodePipeline::Errors::ServiceError => e
|
|
26
31
|
log_error(e.code)
|
|
27
32
|
|
|
28
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
29
|
-
raise e
|
|
30
|
-
end
|
|
33
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
31
34
|
end
|
|
32
35
|
|
|
33
36
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Config resources
|
|
5
|
+
#
|
|
1
6
|
class ConfigService < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -38,7 +43,7 @@ class ConfigService < Mapper
|
|
|
38
43
|
response.configuration_recorders.each do |recorder|
|
|
39
44
|
struct = OpenStruct.new(recorder.to_h)
|
|
40
45
|
struct.type = 'configuration_recorder'
|
|
41
|
-
struct.arn = "arn:aws:config:#{@region}:configuration_recorder/#{recorder.name}"
|
|
46
|
+
struct.arn = "arn:aws:config:#{@region}:#{@account}:configuration_recorder/#{recorder.name}"
|
|
42
47
|
|
|
43
48
|
# describe_configuration_recorder_status (only accepts one recorder)
|
|
44
49
|
@client.describe_configuration_recorder_status({ configuration_recorder_names: [recorder.name] }).each do |response|
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect EC2 resources
|
|
5
|
+
#
|
|
1
6
|
class EC2 < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -50,8 +55,8 @@ class EC2 < Mapper
|
|
|
50
55
|
log(response.context.operation_name, page)
|
|
51
56
|
|
|
52
57
|
# reservations
|
|
53
|
-
response.reservations.each_with_index do |reservation,
|
|
54
|
-
log(response.context.operation_name, 'reservations',
|
|
58
|
+
response.reservations.each_with_index do |reservation, rpage|
|
|
59
|
+
log(response.context.operation_name, 'reservations', rpage)
|
|
55
60
|
|
|
56
61
|
# instances
|
|
57
62
|
reservation.instances.each do |instance|
|
|
@@ -71,9 +76,7 @@ class EC2 < Mapper
|
|
|
71
76
|
if user_data_raw
|
|
72
77
|
user_data = Base64.decode64(user_data_raw)
|
|
73
78
|
|
|
74
|
-
if user_data.force_encoding('UTF-8').ascii_only?
|
|
75
|
-
struct.user_data = user_data
|
|
76
|
-
end
|
|
79
|
+
struct.user_data = user_data if user_data.force_encoding('UTF-8').ascii_only?
|
|
77
80
|
end
|
|
78
81
|
end
|
|
79
82
|
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ECR resources
|
|
5
|
+
#
|
|
1
6
|
class ECR < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -21,9 +26,7 @@ class ECR < Mapper
|
|
|
21
26
|
rescue Aws::ECR::Errors::ServiceError => e
|
|
22
27
|
log_error(e.code)
|
|
23
28
|
|
|
24
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
25
|
-
raise e
|
|
26
|
-
end
|
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
27
30
|
ensure
|
|
28
31
|
resources.push(struct.to_h)
|
|
29
32
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ElasticSearch resources
|
|
5
|
+
#
|
|
1
6
|
class ElasticsearchService < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -17,6 +22,7 @@ class ElasticsearchService < Mapper
|
|
|
17
22
|
# describe_elasticsearch_domains
|
|
18
23
|
struct = OpenStruct.new(@client.describe_elasticsearch_domain({ domain_name: domain.domain_name }).domain_status.to_h)
|
|
19
24
|
struct.type = 'domain'
|
|
25
|
+
struct.access_policies = struct.access_policies&.parse_policy
|
|
20
26
|
|
|
21
27
|
resources.push(struct.to_h)
|
|
22
28
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect IAM resources
|
|
5
|
+
#
|
|
1
6
|
class IAM < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -80,7 +85,7 @@ class IAM < Mapper
|
|
|
80
85
|
create_date: p.create_date
|
|
81
86
|
}
|
|
82
87
|
end
|
|
83
|
-
|
|
88
|
+
end
|
|
84
89
|
|
|
85
90
|
resources.push(struct.to_h)
|
|
86
91
|
end
|
|
@@ -102,9 +107,7 @@ class IAM < Mapper
|
|
|
102
107
|
rescue Aws::IAM::Errors::ServiceError => e
|
|
103
108
|
log_error(e.code)
|
|
104
109
|
|
|
105
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
106
|
-
raise e
|
|
107
|
-
end
|
|
110
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
108
111
|
end
|
|
109
112
|
|
|
110
113
|
#
|
|
@@ -187,9 +190,7 @@ class IAM < Mapper
|
|
|
187
190
|
rescue Aws::IAM::Errors::ServiceError => e
|
|
188
191
|
log_error(e.code)
|
|
189
192
|
|
|
190
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
191
|
-
raise e
|
|
192
|
-
end
|
|
193
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
193
194
|
end
|
|
194
195
|
|
|
195
196
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect KMS resources
|
|
5
|
+
#
|
|
1
6
|
class KMS < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -30,9 +35,7 @@ class KMS < Mapper
|
|
|
30
35
|
rescue Aws::KMS::Errors::ServiceError => e
|
|
31
36
|
log_error(e.code)
|
|
32
37
|
|
|
33
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
34
|
-
raise e
|
|
35
|
-
end
|
|
38
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
36
39
|
end
|
|
37
40
|
|
|
38
41
|
# list_grants
|
|
@@ -48,7 +51,7 @@ class KMS < Mapper
|
|
|
48
51
|
log(response.context.operation_name, 'get_key_policy')
|
|
49
52
|
struct.policy = @client
|
|
50
53
|
.get_key_policy({ key_id: key.key_id, policy_name: 'default' })
|
|
51
|
-
.policy
|
|
54
|
+
.policy.parse_policy
|
|
52
55
|
|
|
53
56
|
# list_aliases
|
|
54
57
|
log(response.context.operation_name, 'list_aliases')
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Org resources
|
|
5
|
+
#
|
|
1
6
|
class Organizations < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -49,9 +54,7 @@ class Organizations < Mapper
|
|
|
49
54
|
rescue Aws::Organizations::Errors::ServiceError => e
|
|
50
55
|
log_error(e.code)
|
|
51
56
|
|
|
52
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
53
|
-
raise e
|
|
54
|
-
end
|
|
57
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
55
58
|
end
|
|
56
59
|
|
|
57
60
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect S3 Resources
|
|
5
|
+
#
|
|
1
6
|
class S3 < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -63,9 +68,7 @@ class S3 < Mapper
|
|
|
63
68
|
rescue Aws::S3::Errors::ServiceError => e
|
|
64
69
|
log_error(e.code)
|
|
65
70
|
|
|
66
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
67
|
-
raise e
|
|
68
|
-
end
|
|
71
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
69
72
|
end
|
|
70
73
|
|
|
71
74
|
resources.push(struct.to_h)
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect SageMaker Resources
|
|
5
|
+
#
|
|
1
6
|
class SageMaker < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -12,7 +17,9 @@ class SageMaker < Mapper
|
|
|
12
17
|
log(response.context.operation_name, page)
|
|
13
18
|
|
|
14
19
|
response.notebook_instances.each do |instance|
|
|
15
|
-
struct = OpenStruct.new(
|
|
20
|
+
struct = OpenStruct.new(@client.describe_notebook_instance({
|
|
21
|
+
notebook_instance_name: instance.notebook_instance_name
|
|
22
|
+
}).to_h)
|
|
16
23
|
struct.type = 'notebook_instance'
|
|
17
24
|
struct.arn = instance.notebook_instance_arn
|
|
18
25
|
|
|
@@ -20,6 +27,23 @@ class SageMaker < Mapper
|
|
|
20
27
|
end
|
|
21
28
|
end
|
|
22
29
|
|
|
30
|
+
#
|
|
31
|
+
# list_endpoints
|
|
32
|
+
#
|
|
33
|
+
@client.list_endpoints.each_with_index do |response, page|
|
|
34
|
+
log(response.context.operation_name, page)
|
|
35
|
+
|
|
36
|
+
response.endpoints.each do |instance|
|
|
37
|
+
struct = OpenStruct.new(@client.describe_endpoint({
|
|
38
|
+
endpoint_name: instance.endpoint_name
|
|
39
|
+
}).to_h)
|
|
40
|
+
struct.type = 'endpoint'
|
|
41
|
+
struct.arn = instance.endpoint_arn
|
|
42
|
+
|
|
43
|
+
resources.push(struct.to_h)
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
23
47
|
resources
|
|
24
48
|
end
|
|
25
49
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Security Hub resources
|
|
5
|
+
#
|
|
1
6
|
class SecurityHub < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -21,9 +26,7 @@ class SecurityHub < Mapper
|
|
|
21
26
|
rescue Aws::SecurityHub::Errors::ServiceError => e
|
|
22
27
|
log_error(e.code)
|
|
23
28
|
|
|
24
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
25
|
-
raise e
|
|
26
|
-
end
|
|
29
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
27
30
|
end
|
|
28
31
|
|
|
29
32
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect ServiceQuota resources
|
|
5
|
+
#
|
|
1
6
|
class ServiceQuotas < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -28,9 +33,7 @@ class ServiceQuotas < Mapper
|
|
|
28
33
|
rescue Aws::ServiceQuotas::Errors::ServiceError => e
|
|
29
34
|
log_error(e.code, service)
|
|
30
35
|
|
|
31
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
32
|
-
raise e
|
|
33
|
-
end
|
|
36
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
34
37
|
end
|
|
35
38
|
|
|
36
39
|
resources
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Shield resources
|
|
5
|
+
#
|
|
1
6
|
class Shield < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -27,7 +32,7 @@ class Shield < Mapper
|
|
|
27
32
|
struct = OpenStruct.new
|
|
28
33
|
struct.type = 'contact_list'
|
|
29
34
|
struct.arn = "arn:aws:shield:#{@region}:#{@account}:contact_list"
|
|
30
|
-
struct.contacts = response
|
|
35
|
+
struct.contacts = response&.emergency_contact_list&.map(&:to_h)
|
|
31
36
|
|
|
32
37
|
resources.push(struct.to_h)
|
|
33
38
|
end
|
|
@@ -52,9 +57,7 @@ class Shield < Mapper
|
|
|
52
57
|
rescue Aws::Shield::Errors::ServiceError => e
|
|
53
58
|
log_error(e.code)
|
|
54
59
|
|
|
55
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
56
|
-
raise e
|
|
57
|
-
end
|
|
60
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
58
61
|
|
|
59
62
|
[] # no access or service isn't enabled
|
|
60
63
|
end
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Support resources
|
|
5
|
+
#
|
|
1
6
|
class Support < Mapper
|
|
2
7
|
#
|
|
3
8
|
# Returns an array of resources.
|
|
@@ -28,9 +33,7 @@ class Support < Mapper
|
|
|
28
33
|
rescue Aws::Support::Errors::ServiceError => e
|
|
29
34
|
log_error(e.code)
|
|
30
35
|
|
|
31
|
-
unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
32
|
-
raise e
|
|
33
|
-
end
|
|
36
|
+
raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
|
|
34
37
|
|
|
35
38
|
[] # no Support subscription
|
|
36
39
|
end
|
data/lib/aws_recon/lib/mapper.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
#
|
|
2
4
|
# Generic wrapper for service clients.
|
|
3
5
|
#
|
|
@@ -64,14 +66,14 @@ class Mapper
|
|
|
64
66
|
end
|
|
65
67
|
|
|
66
68
|
def log(*msg)
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
69
|
+
return unless @options.verbose
|
|
70
|
+
|
|
71
|
+
puts _msg(msg).map { |x| "\x1b[32m#{x}\x1b[0m" }.join("\x1b[35m.\x1b[0m")
|
|
70
72
|
end
|
|
71
73
|
|
|
72
74
|
def log_error(*msg)
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
75
|
+
return unless @options.verbose
|
|
76
|
+
|
|
77
|
+
puts _msg(msg).map { |x| "\x1b[35m#{x}\x1b[0m" }.join("\x1b[32m.\x1b[0m")
|
|
76
78
|
end
|
|
77
79
|
end
|
data/lib/aws_recon/lib/patch.rb
CHANGED
data/lib/aws_recon/options.rb
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
#
|
|
4
|
+
# Command line options parser
|
|
5
|
+
#
|
|
3
6
|
class Parser
|
|
4
7
|
DEFAULT_CONFIG_FILE = nil
|
|
5
8
|
DEFAULT_OUTPUT_FILE = File.expand_path(File.join(Dir.pwd, 'output.json')).freeze
|
|
@@ -97,16 +100,12 @@ class Parser
|
|
|
97
100
|
|
|
98
101
|
# output format
|
|
99
102
|
opts.on('-f', '--format [FORMAT]', 'Specify output format (default: aws)') do |file|
|
|
100
|
-
if %w[aws custom].include?(file.downcase)
|
|
101
|
-
args.output_format = file.downcase
|
|
102
|
-
end
|
|
103
|
+
args.output_format = file.downcase if %w[aws custom].include?(file.downcase)
|
|
103
104
|
end
|
|
104
105
|
|
|
105
106
|
# threads
|
|
106
107
|
opts.on('-t', '--threads [THREADS]', "Specify max threads (default: #{Parser::DEFAULT_THREADS}, max: 128)") do |threads|
|
|
107
|
-
if (0..Parser::MAX_THREADS).include?(threads.to_i)
|
|
108
|
-
args.threads = threads.to_i
|
|
109
|
-
end
|
|
108
|
+
args.threads = threads.to_i if (0..Parser::MAX_THREADS).include?(threads.to_i)
|
|
110
109
|
end
|
|
111
110
|
|
|
112
111
|
# collect EC2 instance user data
|
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
|
@@ -23,7 +23,7 @@ Enter AWS Recon, multi-threaded AWS inventory collection tool written in plain R
|
|
|
23
23
|
|
|
24
24
|
### Requirements
|
|
25
25
|
|
|
26
|
-
AWS Recon needs AWS account role or credentials with `ReadOnlyAccess`. Full `AdministratorAccess` is over-privileged, but will work as well. The `SecurityAudit` policy is **not** sufficient as it omits access to many services.
|
|
26
|
+
AWS Recon needs an AWS account role or credentials with `ReadOnlyAccess`. Full `AdministratorAccess` is over-privileged, but will work as well. The `SecurityAudit` policy is **not** sufficient as it omits access to many services.
|
|
27
27
|
|
|
28
28
|
#### Running via Docker
|
|
29
29
|
|
|
@@ -54,13 +54,13 @@ To run locally, first install the gem:
|
|
|
54
54
|
|
|
55
55
|
```
|
|
56
56
|
$ gem install aws_recon
|
|
57
|
-
Fetching aws_recon-0.2.
|
|
57
|
+
Fetching aws_recon-0.2.28.gem
|
|
58
58
|
Fetching aws-sdk-3.0.1.gem
|
|
59
59
|
Fetching parallel-1.20.1.gem
|
|
60
60
|
...
|
|
61
61
|
Successfully installed aws-sdk-3.0.1
|
|
62
62
|
Successfully installed parallel-1.20.1
|
|
63
|
-
Successfully installed aws_recon-0.2.
|
|
63
|
+
Successfully installed aws_recon-0.2.28
|
|
64
64
|
```
|
|
65
65
|
|
|
66
66
|
Or add it to your Gemfile using `bundle`:
|
|
@@ -72,7 +72,7 @@ Resolving dependencies...
|
|
|
72
72
|
...
|
|
73
73
|
Using aws-sdk 3.0.1
|
|
74
74
|
Using parallel-1.20.1
|
|
75
|
-
Using aws_recon 0.2.
|
|
75
|
+
Using aws_recon 0.2.28
|
|
76
76
|
```
|
|
77
77
|
|
|
78
78
|
## Usage
|
|
@@ -165,10 +165,13 @@ $ AWS_PROFILE=<profile> aws_recon -s S3,EC2 -r global,us-east-1,us-east-2
|
|
|
165
165
|
$ AWS_PROFILE=<profile> aws_recon --services S3,EC2 --regions global,us-east-1,us-east-2
|
|
166
166
|
```
|
|
167
167
|
|
|
168
|
-
Example [OpenCSPM](https://github.com/OpenCSPM/opencspm) formatted output.
|
|
168
|
+
Example [OpenCSPM](https://github.com/OpenCSPM/opencspm) formatted (NDJSON) output.
|
|
169
169
|
|
|
170
170
|
```
|
|
171
|
-
$ AWS_PROFILE=<profile> aws_recon -
|
|
171
|
+
$ AWS_PROFILE=<profile> aws_recon -j \
|
|
172
|
+
-s S3,EC2 \
|
|
173
|
+
-r global,us-east-1,us-east-2 \
|
|
174
|
+
-f custom > output.json
|
|
172
175
|
```
|
|
173
176
|
|
|
174
177
|
#### Errors
|
|
@@ -222,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
|
|
|
222
225
|
```
|
|
223
226
|
$ aws_recon -h
|
|
224
227
|
|
|
225
|
-
AWS Recon - AWS Inventory Collector (0.2.
|
|
228
|
+
AWS Recon - AWS Inventory Collector (0.2.28)
|
|
226
229
|
|
|
227
230
|
Usage: aws_recon [options]
|
|
228
231
|
-r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws_recon
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.31
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Larsen
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2021-01-28 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: aws-sdk
|
|
@@ -197,7 +197,7 @@ files:
|
|
|
197
197
|
- lib/aws_recon/collectors/codepipeline.rb
|
|
198
198
|
- lib/aws_recon/collectors/configservice.rb
|
|
199
199
|
- lib/aws_recon/collectors/directconnect.rb
|
|
200
|
-
- lib/aws_recon/collectors/
|
|
200
|
+
- lib/aws_recon/collectors/directoryservice.rb
|
|
201
201
|
- lib/aws_recon/collectors/dms.rb
|
|
202
202
|
- lib/aws_recon/collectors/dynamodb.rb
|
|
203
203
|
- lib/aws_recon/collectors/ec2.rb
|