aws_recon 0.2.23 → 0.2.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws_recon/collectors/dms.rb +1 -1
- data/lib/aws_recon/collectors/iam.rb +12 -6
- data/lib/aws_recon/collectors/organizations.rb +21 -7
- data/lib/aws_recon/collectors/securityhub.rb +20 -6
- data/lib/aws_recon/collectors/support.rb +1 -0
- data/lib/aws_recon/services.yaml +5 -0
- data/lib/aws_recon/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '091d2a7a27fb6c37494ec2bbddfc029c73e915925ea93e4011dbaaf6fbf637e5'
|
|
4
|
+
data.tar.gz: a6f2cfb73e6a667f3d3faff70956d26e065d3f83a6dedcdbdf0cd8eb82102385
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b488755dd29b5d262e2b6775a9de1830f024975874a4f617f0cd01f80a621e2a18e1955b4a590418aa0d1efc203b2427221129ae069c01a038d1ed35bdc0b500
|
|
7
|
+
data.tar.gz: 8997f3f3350fc9c8a6ded6fbd437816005d5a17a7b6db76c2e3e646b9076af210c4b803a68e2b568bff8ea277950bfb99031c6baa767b23138db5da9869c41c0
|
|
@@ -14,7 +14,7 @@ class DatabaseMigrationService < Mapper
|
|
|
14
14
|
response.replication_instances.each do |instance|
|
|
15
15
|
struct = OpenStruct.new(instance.to_h)
|
|
16
16
|
struct.type = 'replication_instance'
|
|
17
|
-
struct.
|
|
17
|
+
struct.arn = "arn:aws:#{@service}:#{@region}::replication_instance/#{instance.replication_instance_identifier}"
|
|
18
18
|
|
|
19
19
|
resources.push(struct.to_h)
|
|
20
20
|
end
|
|
@@ -89,14 +89,19 @@ class IAM < Mapper
|
|
|
89
89
|
#
|
|
90
90
|
# get_account_password_policy
|
|
91
91
|
#
|
|
92
|
-
|
|
93
|
-
|
|
92
|
+
begin
|
|
93
|
+
@client.get_account_password_policy.each do |response|
|
|
94
|
+
log(response.context.operation_name)
|
|
94
95
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
96
|
+
struct = OpenStruct.new(response.password_policy.to_h)
|
|
97
|
+
struct.type = 'password_policy'
|
|
98
|
+
struct.arn = "arn:aws:iam::#{@account}:account_password_policy/global"
|
|
98
99
|
|
|
99
|
-
|
|
100
|
+
resources.push(struct.to_h)
|
|
101
|
+
end
|
|
102
|
+
rescue Aws::IAM::Errors::ServiceError => e
|
|
103
|
+
log_error(e.code)
|
|
104
|
+
raise e unless suppressed_errors.include?(e.code)
|
|
100
105
|
end
|
|
101
106
|
|
|
102
107
|
#
|
|
@@ -190,6 +195,7 @@ class IAM < Mapper
|
|
|
190
195
|
def suppressed_errors
|
|
191
196
|
%w[
|
|
192
197
|
ReportNotPresent
|
|
198
|
+
NoSuchEntity
|
|
193
199
|
]
|
|
194
200
|
end
|
|
195
201
|
end
|
|
@@ -34,18 +34,32 @@ class Organizations < Mapper
|
|
|
34
34
|
#
|
|
35
35
|
# list_policies
|
|
36
36
|
#
|
|
37
|
-
|
|
38
|
-
|
|
37
|
+
begin
|
|
38
|
+
@client.list_policies({ filter: 'SERVICE_CONTROL_POLICY' }).each_with_index do |response, page|
|
|
39
|
+
log(response.context.operation_name, page)
|
|
39
40
|
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
41
|
+
response.policies.each do |policy|
|
|
42
|
+
struct = OpenStruct.new(policy.to_h)
|
|
43
|
+
struct.type = 'service_control_policy'
|
|
44
|
+
struct.content = @client.describe_policy({ policy_id: policy.id }).policy.content.parse_policy
|
|
44
45
|
|
|
45
|
-
|
|
46
|
+
resources.push(struct.to_h)
|
|
47
|
+
end
|
|
46
48
|
end
|
|
49
|
+
rescue Aws::Organizations::Errors::ServiceError => e
|
|
50
|
+
log_error(e.code)
|
|
51
|
+
raise e unless suppressed_errors.include?(e.code)
|
|
47
52
|
end
|
|
48
53
|
|
|
49
54
|
resources
|
|
50
55
|
end
|
|
56
|
+
|
|
57
|
+
private
|
|
58
|
+
|
|
59
|
+
# not an error
|
|
60
|
+
def suppressed_errors
|
|
61
|
+
%w[
|
|
62
|
+
AccessDeniedException
|
|
63
|
+
]
|
|
64
|
+
end
|
|
51
65
|
end
|
|
@@ -8,16 +8,30 @@ class SecurityHub < Mapper
|
|
|
8
8
|
#
|
|
9
9
|
# describe_hub
|
|
10
10
|
#
|
|
11
|
-
|
|
12
|
-
|
|
11
|
+
begin
|
|
12
|
+
@client.describe_hub.each do |response|
|
|
13
|
+
log(response.context.operation_name)
|
|
13
14
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
15
|
+
struct = OpenStruct.new(response.to_h)
|
|
16
|
+
struct.type = 'hub'
|
|
17
|
+
struct.arn = response.hub_arn
|
|
17
18
|
|
|
18
|
-
|
|
19
|
+
resources.push(struct.to_h)
|
|
20
|
+
end
|
|
21
|
+
rescue Aws::SecurityHub::Errors::ServiceError => e
|
|
22
|
+
log_error(e.code)
|
|
23
|
+
raise e unless suppressed_errors.include?(e.code)
|
|
19
24
|
end
|
|
20
25
|
|
|
21
26
|
resources
|
|
22
27
|
end
|
|
28
|
+
|
|
29
|
+
private
|
|
30
|
+
|
|
31
|
+
# not an error
|
|
32
|
+
def suppressed_errors
|
|
33
|
+
%w[
|
|
34
|
+
InvalidAccessException
|
|
35
|
+
]
|
|
36
|
+
end
|
|
23
37
|
end
|
data/lib/aws_recon/services.yaml
CHANGED
data/lib/aws_recon/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws_recon
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.24
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Larsen
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2020-
|
|
12
|
+
date: 2020-12-05 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: aws-sdk
|