aws_recon 0.2.36 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws_recon/aws_recon.rb +4 -4
  3. data/lib/aws_recon/collectors/ec2.rb +1 -0
  4. data/lib/aws_recon/collectors/emr.rb +20 -6
  5. data/lib/aws_recon/collectors/guardduty.rb +36 -7
  6. data/lib/aws_recon/collectors/iam.rb +22 -0
  7. data/lib/aws_recon/collectors/rds.rb +12 -12
  8. data/lib/aws_recon/services.yaml +31 -26
  9. data/lib/aws_recon/version.rb +1 -1
  10. data/readme.md +4 -4
  11. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 62093b7a66219dac2bd3ccc799808c28c1581b7e94ea3eebc3f86b7263e8e82c
4
- data.tar.gz: 64f2ff5a86901e57fa5786c180251dd72ba0c8672ca38e1aba93f3eb65d5efec
3
+ metadata.gz: 24978de4c7cf85dc8ed7f4a177caca6f1746ed6de3a877d921c3169817fa036d
4
+ data.tar.gz: f60ebd2d5e072656dfac5e2514edffb95b4bc059f66ed9d540608abd6cad9322
5
5
  SHA512:
6
- metadata.gz: 5611e7a73ebdab34a6b71079d7d59159d4f48317f96a811a91a7f3eef5720941b71f8c8c328a95aaea361c457d47f680dfa80afa79655a439afb8dd616b2d5a4
7
- data.tar.gz: fa6cf46957c186d0808d7932280ce8fba1707fdb71ad68443ddb979f9d89d42cc05c2c54ce6acc4e4c187f74eb5ddd1d26c43e5ca832bbcaaa7087157878eb2e
6
+ metadata.gz: 07fb3311cae4325997aa6b66bf9dd150a8d5a4eccff8a444dceb5a22b6cbdddd597025082afc7c02e96e889e988e23f1939d1ef2bff5772c5b51975a4bc32fdf
7
+ data.tar.gz: d09fb6a88b9e0f8f6565a49c66c302e9725817295eeb2556f292423fda0c66a6fa5975a74444f6c6597ce6703cfe84b4aaf02c62a10e3854f20f73b70b740ee0
data/lib/aws_recon/aws_recon.rb CHANGED
@@ -6,7 +6,7 @@ module AwsRecon
6
6
  class CLI
7
7
  def initialize
8
8
  # parse options
9
- @options = Parser.parse ARGV.length < 1 ? %w[-h] : ARGV
9
+ @options = Parser.parse ARGV.empty? ? %w[-h] : ARGV
10
10
 
11
11
  # timing
12
12
  @starting = Process.clock_gettime(Process::CLOCK_MONOTONIC)
@@ -15,11 +15,11 @@ module AwsRecon
15
15
  @account_id = Aws::STS::Client.new.get_caller_identity.account
16
16
 
17
17
  # AWS services
18
- @aws_services = YAML.load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
18
+ @aws_services = YAML.safe_load(File.read(SERVICES_CONFIG_FILE), symbolize_names: true)
19
19
 
20
20
  # User config services
21
21
  if @options.config_file
22
- user_config = YAML.load(File.read(@options.config_file), symbolize_names: true)
22
+ user_config = YAML.safe_load(File.read(@options.config_file), symbolize_names: true)
23
23
 
24
24
  @services = user_config[:services]
25
25
  @regions = user_config[:regions]
@@ -94,7 +94,7 @@ module AwsRecon
94
94
  next unless @regions.include?(region) && !skip_region
95
95
 
96
96
  # user included this service in the args
97
- next unless @services.include?(service.name) || @services.include?(service.alias) # rubocop:disable Layout/LineLength
97
+ next unless @services.include?(service.name) || @services.include?(service.alias)
98
98
 
99
99
  collect(service, region)
100
100
  end
data/lib/aws_recon/collectors/ec2.rb CHANGED
@@ -29,6 +29,7 @@ class EC2 < Mapper
29
29
  struct = OpenStruct.new
30
30
  struct.attributes = response.account_attributes.map(&:to_h)
31
31
  struct.type = 'account'
32
+ struct.arn = "arn:aws::#{@account}"
32
33
 
33
34
  resources.push(struct.to_h)
34
35
  end
data/lib/aws_recon/collectors/emr.rb CHANGED
@@ -13,14 +13,20 @@ class EMR < Mapper
13
13
  #
14
14
  # get_block_public_access_configuration
15
15
  #
16
- @client.get_block_public_access_configuration.each do |response|
17
- log(response.context.operation_name)
16
+ begin
17
+ @client.get_block_public_access_configuration.each do |response|
18
+ log(response.context.operation_name)
18
19
 
19
- struct = OpenStruct.new(response.block_public_access_configuration.to_h)
20
- struct.type = 'configuration'
21
- struct.arn = "arn:aws:emr:#{@region}:#{@account}/block_public_access_configuration"
20
+ struct = OpenStruct.new(response.block_public_access_configuration.to_h)
21
+ struct.type = 'configuration'
22
+ struct.arn = "arn:aws:emr:#{@region}:#{@account}/block_public_access_configuration"
22
23
 
23
- resources.push(struct.to_h)
24
+ resources.push(struct.to_h)
25
+ end
26
+ rescue Aws::EMR::Errors::ServiceError => e
27
+ log_error(e.code)
28
+
29
+ raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
24
30
  end
25
31
 
26
32
  #
@@ -42,4 +48,12 @@ class EMR < Mapper
42
48
 
43
49
  resources
44
50
  end
51
+
52
+ private
53
+
54
+ def suppressed_errors
55
+ %w[
56
+ InvalidRequestException
57
+ ]
58
+ end
45
59
  end
data/lib/aws_recon/collectors/guardduty.rb CHANGED
@@ -28,14 +28,20 @@ class GuardDuty < Mapper
28
28
  struct.findings_statistics = @client.get_findings_statistics({
29
29
  detector_id: detector,
30
30
  finding_statistic_types: ['COUNT_BY_SEVERITY'],
31
- finding_criteria: {
32
- criterion: {
33
- 'service.archived': {
34
- eq: ['false']
35
- }
36
- }
37
- }
31
+ finding_criteria: finding_criteria
38
32
  }).finding_statistics.to_h
33
+ # get_findings_statistics (only active findings older than 7 days)
34
+ struct.findings_statistics_aged_short = @client.get_findings_statistics({
35
+ detector_id: detector,
36
+ finding_statistic_types: ['COUNT_BY_SEVERITY'],
37
+ finding_criteria: finding_criteria(7)
38
+ }).finding_statistics.to_h
39
+ # get_findings_statistics (only active findings older than 30 days)
40
+ struct.findings_statistics_aged_long = @client.get_findings_statistics({
41
+ detector_id: detector,
42
+ finding_statistic_types: ['COUNT_BY_SEVERITY'],
43
+ finding_criteria: finding_criteria(30)
44
+ }).finding_statistics.to_h
39
45
 
40
46
  # get_master_account
41
47
  struct.master_account = @client.get_master_account({ detector_id: detector }).master.to_h
@@ -46,4 +52,27 @@ class GuardDuty < Mapper
46
52
 
47
53
  resources
48
54
  end
55
+
56
+ private
57
+
58
+ def finding_criteria(days = 1)
59
+ criteria = {
60
+ criterion: {
61
+ 'service.archived': { eq: ['false'] }
62
+ }
63
+ }
64
+
65
+ if days > 1
66
+ days_ago = (Time.now.to_f * 1000).to_i - (60 * 60 * 24 * 1000 * days) # with miliseconds
67
+
68
+ criteria = {
69
+ criterion: {
70
+ 'service.archived': { eq: ['false'] },
71
+ 'updatedAt': { less_than: days_ago }
72
+ }
73
+ }
74
+ end
75
+
76
+ criteria
77
+ end
49
78
  end
data/lib/aws_recon/collectors/iam.rb CHANGED
@@ -91,6 +91,28 @@ class IAM < Mapper
91
91
  end
92
92
  end
93
93
 
94
+ #
95
+ # list_instance_profiles
96
+ #
97
+ @client.list_instance_profiles.each_with_index do |response, page|
98
+ log(response.context.operation_name, page)
99
+
100
+ # instance_profiles
101
+ response.instance_profiles.each do |profile|
102
+ struct = OpenStruct.new(profile.to_h)
103
+ struct.type = 'instance_profile'
104
+ struct.arn = profile.arn
105
+ struct.roles = []
106
+
107
+ profile.roles&.each do |role|
108
+ role.assume_role_policy_document = role.assume_role_policy_document.parse_policy
109
+ struct.roles.push(role.to_h)
110
+ end
111
+
112
+ resources.push(struct.to_h)
113
+ end
114
+ end
115
+
94
116
  #
95
117
  # get_account_password_policy
96
118
  #
data/lib/aws_recon/collectors/rds.rb CHANGED
@@ -88,18 +88,18 @@ class RDS < Mapper
88
88
  #
89
89
  # describe_db_engine_versions
90
90
  #
91
- unless @options.skip_slow
92
- @client.describe_db_engine_versions.each_with_index do |response, page|
93
- log(response.context.operation_name, page)
94
-
95
- response.db_engine_versions.each do |version|
96
- struct = OpenStruct.new(version.to_h)
97
- struct.type = 'db_engine_version'
98
-
99
- resources.push(struct.to_h)
100
- end
101
- end
102
- end
91
+ ### unless @options.skip_slow
92
+ ### @client.describe_db_engine_versions.each_with_index do |response, page|
93
+ ### log(response.context.operation_name, page)
94
+
95
+ ### response.db_engine_versions.each do |version|
96
+ ### struct = OpenStruct.new(version.to_h)
97
+ ### struct.type = 'db_engine_version'
98
+
99
+ ### resources.push(struct.to_h)
100
+ ### end
101
+ ### end
102
+ ### end
103
103
 
104
104
  resources
105
105
  end
data/lib/aws_recon/services.yaml CHANGED
@@ -13,11 +13,12 @@
13
13
  - name: CodeBuild
14
14
  alias: codebuild
15
15
  excluded_regions:
16
- - af-south-1
16
+ - ap-northeast-3
17
17
  - name: CodePipeline
18
18
  alias: codepipeline
19
19
  excluded_regions:
20
20
  - af-south-1
21
+ - ap-northeast-3
21
22
  - me-south-1
22
23
  - name: AutoScaling
23
24
  alias: autoscaling
@@ -40,17 +41,10 @@
40
41
  - ap-southeast-1
41
42
  - name: ElasticLoadBalancingV2
42
43
  alias: elbv2
43
- excluded_regions:
44
- - ap-southeast-1
45
44
  - name: ElastiCache
46
45
  alias: elasticache
47
46
  - name: EMR
48
47
  alias: emr
49
- excluded_regions:
50
- - ap-east-1
51
- - af-south-1
52
- - eu-south-1
53
- - me-south-1
54
48
  - name: IAM
55
49
  global: true
56
50
  alias: iam
@@ -96,11 +90,9 @@
96
90
  - name: SES
97
91
  alias: ses
98
92
  excluded_regions:
99
- - eu-north-1
100
- - eu-west-3
101
- - us-west-1
102
- - ap-east-1
103
93
  - af-south-1
94
+ - ap-east-1
95
+ - ap-northeast-3
104
96
  - eu-south-1
105
97
  - name: CloudWatch
106
98
  alias: cloudwatch
@@ -110,65 +102,78 @@
110
102
  alias: kafka
111
103
  excluded_regions:
112
104
  - af-south-1
105
+ - ap-northeast-3
113
106
  - name: SecretsManager
114
107
  alias: sm
115
108
  - name: SecurityHub
116
109
  alias: sh
110
+ excluded_regions:
111
+ - ap-northeast-3
117
112
  - name: Support
118
113
  global: true
119
114
  alias: support
120
115
  - name: SSM
121
116
  alias: ssm
122
- excluded_regions:
123
- - ap-southeast-1
124
117
  - name: GuardDuty
125
118
  alias: guardduty
119
+ excluded_regions:
120
+ - ap-northeast-3
126
121
  - name: Athena
127
122
  alias: athena
123
+ excluded_regions:
124
+ - ap-northeast-3
128
125
  - name: EFS
129
126
  alias: efs
127
+ excluded_regions:
128
+ - ap-northeast-3
130
129
  - name: Firehose
131
130
  alias: firehose
132
131
  - name: Lightsail
133
132
  alias: lightsail
134
133
  excluded_regions:
135
- - eu-north-1
136
- - us-west-1
137
- - sa-east-1
138
- - ap-east-1
139
134
  - af-south-1
135
+ - ap-east-1
136
+ - ap-northeast-3
137
+ - eu-north-1
140
138
  - eu-south-1
141
139
  - me-south-1
140
+ - sa-east-1
141
+ - us-west-1
142
142
  - name: WorkSpaces
143
143
  alias: workspaces
144
144
  excluded_regions:
145
- - eu-north-1
145
+ - af-south-1
146
+ - ap-east-1
147
+ - ap-northeast-3
146
148
  - ap-south-1
149
+ - eu-north-1
150
+ - eu-south-1
147
151
  - eu-west-3
152
+ - me-south-1
148
153
  - us-east-2
149
154
  - us-west-1
150
- - ap-east-1
151
- - af-south-1
152
- - eu-south-1
153
- - me-south-1
154
155
  - name: SageMaker
155
156
  alias: sagemaker
157
+ excluded_regions:
158
+ - ap-northeast-3
156
159
  - name: ServiceQuotas
157
160
  alias: servicequotas
158
161
  - name: Transfer
159
162
  alias: transfer
160
163
  excluded_regions:
161
- - ap-east-1
162
- - af-south-1
164
+ - ap-northeast-3
163
165
  - eu-south-1
164
- - me-south-1
165
166
  - name: DirectConnect
166
167
  alias: dc
167
168
  - name: DirectoryService
168
169
  alias: ds
170
+ excluded_regions:
171
+ - ap-northeast-3
169
172
  - name: DatabaseMigrationService
170
173
  alias: dms
171
174
  - name: XRay
172
175
  alias: xray
173
176
  - name: WAFV2
174
177
  alias: wafv2
178
+ excluded_regions:
179
+ - ap-northeast-3
data/lib/aws_recon/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AwsRecon
2
- VERSION = "0.2.36"
2
+ VERSION = "0.3.4"
3
3
  end
data/readme.md CHANGED
@@ -54,13 +54,13 @@ To run locally, first install the gem:
54
54
 
55
55
  ```
56
56
  $ gem install aws_recon
57
- Fetching aws_recon-0.2.28.gem
57
+ Fetching aws_recon-0.3.0.gem
58
58
  Fetching aws-sdk-3.0.1.gem
59
59
  Fetching parallel-1.20.1.gem
60
60
  ...
61
61
  Successfully installed aws-sdk-3.0.1
62
62
  Successfully installed parallel-1.20.1
63
- Successfully installed aws_recon-0.2.28
63
+ Successfully installed aws_recon-0.3.0
64
64
  ```
65
65
 
66
66
  Or add it to your Gemfile using `bundle`:
@@ -72,7 +72,7 @@ Resolving dependencies...
72
72
  ...
73
73
  Using aws-sdk 3.0.1
74
74
  Using parallel-1.20.1
75
- Using aws_recon 0.2.28
75
+ Using aws_recon 0.3.0
76
76
  ```
77
77
 
78
78
  ## Usage
@@ -225,7 +225,7 @@ Most users will want to limit collection to relevant services and regions. Runni
225
225
  ```
226
226
  $ aws_recon -h
227
227
 
228
- AWS Recon - AWS Inventory Collector (0.2.28)
228
+ AWS Recon - AWS Inventory Collector (0.3.0)
229
229
 
230
230
  Usage: aws_recon [options]
231
231
  -r, --regions [REGIONS] Regions to scan, separated by comma (default: all)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws_recon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.36
4
+ version: 0.3.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Larsen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-02-03 00:00:00.000000000 Z
12
+ date: 2021-03-02 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk