RubyGems - aws_recon - Versions diffs - 0.5.2 → 0.5.7 - Mend

aws_recon 0.5.2 → 0.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.github/workflows/check-aws-regions.yml +3 -2
data/Dockerfile +1 -1
data/aws_recon.gemspec +1 -1
data/lib/aws_recon/collectors/wafv2.rb +1 -4
data/lib/aws_recon/services.yaml +5 -14
data/lib/aws_recon/version.rb +1 -1
data/readme.md +5 -5
data/utils/aws/check_region_exclusions.rb +26 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7481b13d21571402935b0ce2b67a7cdaaf3d3fc245b49f5569ab249b00a80769
-  data.tar.gz: d755e86dbe27036c6db5aec7a10497f1cf85c4ad64265f673ec10fd1490d9566
+  metadata.gz: e99a96f3054a14b9908d0f4e57a498783804f73cb2fc8f81846da7fae8d6a60d
+  data.tar.gz: 125a0f69e1ee9e45d8f5cd1b8eedd067155fb53d68cb9271ba98da34d963b23b
 SHA512:
-  metadata.gz: a97a2b0b84fd34a79be57dac06caefa77231a7098d2ee221e3d6587d57c51aa181aff4aefeb13bfcfd52578b2f30285ce3e1a2f5f70ed8cff6c37d426f2daaa4
-  data.tar.gz: 7fdab7b7ddebb23fd28d28721966ff1d29a7b3a07c351e6319d3c6cdeb08fc4788869b8c30e2ea5f38a180bfe4cbf55dda05206a9985e568d0ea564d1c7eb19b
+  metadata.gz: 340361ade00fffcfe97cf18c86dae1afee9489464efdb2d686135682d155f7d416d66d5675d550badd82d0625665334b19b005c5e93bbbb473d154f859e6d039
+  data.tar.gz: 608ab989fe2a129690eb64d1adac67bfc99575ba1c5dfec75cbcb75734a4298c2eb9a3abc44c7cb94148b2ae10c81ac944a961db9f2a7c17035869f3da40b2eb

data/.github/workflows/check-aws-regions.yml CHANGED Viewed

@@ -1,8 +1,9 @@
 name: check-service-regions
 on:
+  workflow_dispatch:
   schedule:
-    - cron: '40 15 * * *'
+    - cron: '0 10 * * *'
 jobs:
   region-check:
@@ -12,6 +13,6 @@ jobs:
         uses: actions/checkout@v2
         with:
           fetch-depth: 1
-      - name: Set version tag
+      - name: Check AWS service regions
         run: |
           cd utils/aws ; ruby check_region_exclusions.rb

data/Dockerfile CHANGED Viewed

@@ -1,4 +1,4 @@
-ARG RUBY_VERSION=2.6.6
+ARG RUBY_VERSION=2.7.3
 FROM ruby:${RUBY_VERSION}-alpine
 LABEL maintainer="Darkbit <info@darkbit.io>"

data/aws_recon.gemspec CHANGED Viewed

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.name          = 'aws_recon'
   spec.version       = AwsRecon::VERSION
   spec.authors       = ['Josh Larsen', 'Darkbit']
-  spec.required_ruby_version = '>= 2.5.0'
+  spec.required_ruby_version = '>= 2.6.0'
   spec.summary       = 'A multi-threaded AWS security-focused inventory collection tool.'
   spec.description   = 'AWS Recon is a command line tool to collect resources from an Amazon Web Services (AWS) account. The tool outputs JSON suitable for processing with other tools.'
   spec.homepage      = 'https://github.com/darkbitio/aws-recon'

data/lib/aws_recon/collectors/wafv2.rb CHANGED Viewed

@@ -7,9 +7,7 @@ class WAFV2 < Mapper
   #
   # Returns an array of resources.
   #
-  # TODO: test live
   # TODO: resolve scope (e.g. CLOUDFRONT supported?)
-  # TODO: confirm paging behavior
   #
   def collect
     resources = []
@@ -25,7 +23,6 @@ class WAFV2 < Mapper
         response.web_acls.each do |acl|
           struct = OpenStruct.new(acl.to_h)
           struct.type = 'web_acl'
-          # struct.arn = "arn:aws:#{@service}:#{@region}::web_acl/#{acl.id}"
           params = {
             name: acl.name,
@@ -40,7 +37,7 @@ class WAFV2 < Mapper
           end
           # list_resources_for_web_acl
-          @client.list_resources_for_web_acl({ web_acl_arn: 'ResourceArn' }).each do |r|
+          @client.list_resources_for_web_acl({ web_acl_arn: acl.arn }).each do |r|
             struct.resources = r.resource_arns.map(&:to_h)
           end

data/lib/aws_recon/services.yaml CHANGED Viewed

@@ -37,8 +37,6 @@
   alias: ecs
 - name: ElasticLoadBalancing
   alias: elb
-  excluded_regions:
-    - ap-southeast-1
 - name: ElasticLoadBalancingV2
   alias: elbv2
 - name: ElastiCache
@@ -58,7 +56,7 @@
 - name: ECR
   alias: ecr
 - name: DynamoDB
-  alias: ddb
+  alias: dynamodb
 - name: KMS
   alias: kms
 - name: Kinesis
@@ -85,15 +83,15 @@
 - name: Shield
   global: true
   alias: shield
+  excluded_regions:
+    - ap-northeast-3
 - name: CloudFormation
   alias: cloudformation
 - name: SES
   alias: ses
   excluded_regions:
-    - af-south-1
     - ap-east-1
     - ap-northeast-3
-    - eu-south-1
 - name: CloudWatch
   alias: cloudwatch
 - name: CloudWatchLogs
@@ -104,11 +102,9 @@
     - af-south-1
     - ap-northeast-3
 - name: SecretsManager
-  alias: sm
+  alias: secretsmanager
 - name: SecurityHub
   alias: securityhub
-  excluded_regions:
-    - ap-northeast-3
 - name: Support
   global: true
   alias: support
@@ -116,16 +112,12 @@
   alias: ssm
 - name: GuardDuty
   alias: guardduty
-  excluded_regions:
-    - ap-northeast-3
 - name: Athena
   alias: athena
   excluded_regions:
     - ap-northeast-3
 - name: EFS
   alias: efs
-  excluded_regions:
-    - ap-northeast-3
 - name: Firehose
   alias: firehose
 - name: Lightsail
@@ -145,7 +137,6 @@
     - af-south-1
     - ap-east-1
     - ap-northeast-3
-    - ap-south-1
     - eu-north-1
     - eu-south-1
     - eu-west-3
@@ -164,7 +155,7 @@
     - ap-northeast-3
     - eu-south-1
 - name: DirectConnect
-  alias: dc
+  alias: directconnect
 - name: DirectoryService
   alias: ds
   excluded_regions:

data/lib/aws_recon/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AwsRecon
-  VERSION = "0.5.2"
+  VERSION = "0.5.7"
 end

data/readme.md CHANGED Viewed

@@ -1,6 +1,6 @@
 [![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/darkbitio/aws-recon/smoke-test/main)](https://github.com/darkbitio/aws-recon/actions?query=branch%3Amain)
 [![Gem Version](https://badge.fury.io/rb/aws_recon.svg)](https://rubygems.org/gems/aws_recon)
+[![AWS Service Regions](https://github.com/darkbitio/aws-recon/actions/workflows/check-aws-regions.yml/badge.svg?branch=main&event=schedule)](https://github.com/darkbitio/aws-recon/actions/workflows/check-aws-regions.yml)
 # AWS Recon
 A multi-threaded AWS security-focused inventory collection tool written in Ruby.
@@ -54,13 +54,13 @@ To run locally, first install the gem:
 ```
 $ gem install aws_recon
-Fetching aws_recon-0.4.5.gem
+Fetching aws_recon-0.5.2.gem
 Fetching aws-sdk-3.0.1.gem
 Fetching parallel-1.20.1.gem
 ...
 Successfully installed aws-sdk-3.0.1
 Successfully installed parallel-1.20.1
-Successfully installed aws_recon-0.4.5
+Successfully installed aws_recon-0.5.2
 ```
 Or add it to your Gemfile using `bundle`:
@@ -72,7 +72,7 @@ Resolving dependencies...
 ...
 Using aws-sdk 3.0.1
 Using parallel-1.20.1
-Using aws_recon 0.4.5
+Using aws_recon 0.5.2
 ```
 ## Usage
@@ -249,7 +249,7 @@ Most users will want to limit collection to relevant services and regions. Runni
 ```
 $ aws_recon -h
-AWS Recon - AWS Inventory Collector (0.4.5)
+AWS Recon - AWS Inventory Collector (0.5.2)
 Usage: aws_recon [options]
     -r, --regions [REGIONS]          Regions to scan, separated by comma (default: all)

data/utils/aws/check_region_exclusions.rb CHANGED Viewed

@@ -3,13 +3,24 @@
 #
 # Check regional service availability against services.yaml exclusions.
 #
+# AWS updates the regional service table daily. By checking regional service
+# coverage, we can identify regions that should be excluded from AWS Recon
+# checks. We exclude non-supported regions because service APIs handle non-
+# availability differently. Some will respond with an error that can be handled
+# by the errors defined in the AWS Ruby SDK client. Others will fail at the
+# network level (i.e. there is no API endpoint even available). We could handle
+# those errors and silently fail, but we choose not to so we can identify cases
+# where there is a lack of service availability in a particular region.
+#
 require 'net/http'
 require 'json'
 require 'yaml'
 TS = Time.now.to_i
+# AWS Regional services table
 URL = "https://api.regional-table.region-services.aws.a2z.com/index.json?timestamp=#{TS}000"
+service_to_query = ARGV[0]
 region_exclusion_mistmatch = nil
 #
@@ -41,6 +52,21 @@ map = {}
 data = res.body
 json = JSON.parse(data)
+#
+# query regions for a single service
+#
+if service_to_query
+  single_service_regions = []
+  json['prices'].each do |p|
+    single_service_regions << p['id'].split(':').last
+  end
+  single_service_regions.uniq.sort.each { |r| puts r }
+  exit 0
+end
 # iterate through AWS provided services & regions
 json['prices'].each do |p|
   at = p['attributes']

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws_recon
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.5.7
 platform: ruby
 authors:
 - Josh Larsen
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-04-13 00:00:00.000000000 Z
+date: 2021-04-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -270,7 +270,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="