aws_recon 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 233f4b10a4360186449d4046d61bb0ae0e78511483e4dac27ae0dfee89a8ff04
-  data.tar.gz: 1cde6970d7f06cdfa0d52cefd9d931794c832cceeb98c7b8fe5e2f7aa5a447ab
+  metadata.gz: ac6fae11753e715682d656eba8c922267831fe7324d9a44bd96296543cf9653e
+  data.tar.gz: 900bf49cc999b1fd9d227067609ad85c3b6a462886156c94e7dfb5d5e1c0a982
 SHA512:
-  metadata.gz: 38ee33272bf5980f4c4e5a764790e29222febaf435bab4c7a7b478a688b07211432a281b762ec94565d052be2f7496a45b028b501f1c741446b06a87da75611f
-  data.tar.gz: 5691d204c31c2423e92c86bcb05b27406c95285ef5777d1f5225496750aae35a6642c52f3b4b92ac36859c05692bced6c0968f11d41ee12a43ed628a98f74afc
+  metadata.gz: 6c76cf3f96cbf58501c61861361be27e76cc95e1c60cf83ae141d2e4aa0a4d12efe7ed9b1dae74094fff2a5a157a2d17a49ef37ecc471de7f985156b4228e608
+  data.tar.gz: 93341c804a9daf7c4f849927ff429a34b72af74acdbe741e324829e938d01aa805550e7a41b0aeeeb68c2dc80ec37e14cb83e7c5ef1f9406c7c94815eca6757e

data/Gemfile.lock

@@ -947,7 +947,7 @@ GEM
       coderay (~> 1.1)
       method_source (~> 1.0)
     rainbow (3.0.0)
-    rake (10.5.0)
+    rake (13.0.1)
     regexp_parser (1.7.1)
     reverse_markdown (2.0.0)
       nokogiri
@@ -992,7 +992,7 @@ DEPENDENCIES
   gem-release (~> 2.1)
   minitest (~> 5.0)
   pry (~> 0.13.1)
-  rake (~> 10.0)
+  rake (>= 12.3.3)
   rubocop (~> 0.87.1)
   solargraph (~> 0.39.11)
 

data/aws_recon.gemspec

@@ -7,10 +7,10 @@ require 'aws_recon/version'
 Gem::Specification.new do |spec|
   spec.name          = 'aws_recon'
   spec.version       = AwsRecon::VERSION
-  spec.authors       = ['Josh Larsen']
+  spec.authors       = ['Josh Larsen', 'Darkbit']
   spec.required_ruby_version = '>= 2.5.0'
-  spec.summary       = 'A multi-threaded AWS inventory collection tool.'
-  spec.description   = spec.summary
+  spec.summary       = 'A multi-threaded AWS inventory collection cli tool.'
+  spec.description   = 'AWS Recon is a command line tool to collect resources from an Amazon Web Services (AWS) account. The tool outputs JSON suitable for processing with other tools.'
   spec.homepage      = 'https://github.com/darkbitio/aws-recon'
   spec.license       = 'MIT'
 
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency 'bundler', '~> 1.17'
   spec.add_development_dependency 'gem-release', '~> 2.1'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '>= 12.3.3'
   spec.add_development_dependency 'minitest', '~> 5.0'
   spec.add_development_dependency 'solargraph', '~> 0.39.11'
   spec.add_development_dependency 'rubocop', '~> 0.87.1'

data/bin/aws_recon

@@ -1,5 +1,8 @@
 #!/usr/bin/env ruby
 
+# for local testing
+$LOAD_PATH.unshift(File.expand_path(File.join('..', '..', 'lib'), __FILE__))
+
 require 'aws_recon'
 
 AwsRecon::CLI.new.start(ARGV)

data/lib/aws_recon/aws_recon.rb

@@ -88,7 +88,7 @@ module AwsRecon
       @regions.filter { |x| x != 'global' }.each do |region|
         Parallel.map(@aws_services.map { |x| OpenStruct.new(x) }.filter { |s| !s.global }.each, in_threads: @options.threads) do |service|
           # some services aren't available in some regions
-          skip_region = @service&.excluded_regions&.include?(region)
+          skip_region = service&.excluded_regions&.include?(region)
 
           # user included this region in the args
           next unless @regions.include?(region) && !skip_region

data/lib/aws_recon/collectors/s3.rb

@@ -15,8 +15,6 @@ class S3 < Mapper
       log(response.context.operation_name, page)
 
       Parallel.map(response.buckets.each, in_threads: @options.threads) do |bucket|
-        # use shared client instance
-        client = @client
         @thread = Parallel.worker_number
         log(response.context.operation_name, bucket.name)
 
@@ -27,10 +25,14 @@ class S3 < Mapper
         # check bucket region constraint
         location = @client.get_bucket_location({ bucket: bucket.name }).location_constraint
 
-        # reset client if needed
-        unless location.empty?
-          client = Aws::S3::Client.new({ region: location })
-        end
+        # if you use a region other than the us-east-1 endpoint
+        # to create a bucket, you must set the location_constraint
+        # bucket parameter to the same region. (https://docs.aws.amazon.com/general/latest/gr/s3.html)
+        client = if location.empty?
+                   @client
+                 else
+                   Aws::S3::Client.new({ region: location })
+                 end
 
         operations = [
           { func: 'get_bucket_acl', key: 'acl', field: nil },

data/lib/aws_recon/lib/mapper.rb

@@ -15,6 +15,13 @@
 # to add 5 seconds delay on each retry for a total max of 55 seconds.
 #
 class Mapper
+  # Services that use us-east-1 endpoint only:
+  #   Organizations
+  #   Route53Domains
+  #   Shield
+  #   S3 (unless the bucket was created in another region)
+  SINGLE_REGION_SERVICES = %w[route53domains s3 shield support organizations].freeze
+
   def initialize(service, region, options)
     @service = service
     @region = region
@@ -39,8 +46,8 @@ class Mapper
     # regional service
     client_options.merge!({ region: region }) unless region == 'global'
 
-    # organizations only uses us-east-1 in non cn/gov regions
-    client_options.merge!({ region: 'us-east-1' }) if service.downcase == 'organizations' # rubocop:disable Layout/LineLength
+    # single region services
+    client_options.merge!({ region: 'us-east-1' }) if SINGLE_REGION_SERVICES.include?(service.downcase) # rubocop:disable Layout/LineLength
 
     # debug with wire trace
     client_options.merge!({ http_wire_trace: true }) if @options.debug

data/lib/aws_recon/options.rb

@@ -47,7 +47,7 @@ class Parser
     )
 
     opt_parser = OptionParser.new do |opts|
-      opts.banner = "\n\x1b[32mAWS Recon\x1b[0m - AWS Inventory Collector\n\nUsage: aws_recon [options]"
+      opts.banner = "\n\x1b[32mAWS Recon\x1b[0m - AWS Inventory Collector (#{AwsRecon::VERSION})\n\nUsage: aws_recon [options]"
 
       # regions
       opts.on('-r', '--regions [REGIONS]', 'Regions to scan, separated by comma (default: all)') do |regions|

data/lib/aws_recon/version.rb

@@ -1,3 +1,3 @@
 module AwsRecon
-  VERSION = "0.2.2"
+  VERSION = "0.2.3"
 end

data/readme.md

@@ -1,3 +1,5 @@
+[![Gem Version](https://badge.fury.io/rb/aws_recon.svg)](https://badge.fury.io/rb/aws_recon)
+
 # AWS Recon
 
 A multi-threaded AWS inventory collection tool.
@@ -24,17 +26,30 @@ Ruby 2.5.x or 2.6.x (developed and tested with 2.6.5)
 
 ### Installation
 
-Clone this repository, then install the required gems using `bundle`:
+Install the gem:
 
 ```
-$ git clone git@github.com:darkbitio/aws-recon.git
-$ cd aws-recon
-$ bundle
+$ gem install aws_recon
+Fetching aws_recon-0.2.2.gem
+Fetching aws-sdk-resources-3.76.0.gem
+Fetching aws-sdk-3.0.1.gem
+Fetching parallel-1.19.2.gem
 ...
-Using aws-sdk-core 3.103.0
+Successfully installed aws-sdk-3.0.1
+Successfully installed parallel-1.19.2
+Successfully installed aws_recon-0.2.2
+```
+
+Or add it to your Gemfile using `bundle`:
+
+```
+$ bundle add aws_recon
+Fetching gem metadata from https://rubygems.org/
+Resolving dependencies...
 ...
-Bundle complete! 5 Gemfile dependencies, 259 gems now installed.
-Use `bundle info [gemname]` to see where a bundled gem is installed.
+Using aws-sdk 3.0.1
+Using parallel 1.19.2
+Using aws_recon 0.2.2
 ```
 
 ## Usage
@@ -42,13 +57,13 @@ Use `bundle info [gemname]` to see where a bundled gem is installed.
 AWS Recon will leverage any AWS credentials currently available to the environment it runs in. If you are collecting from multiple accounts, you may want to leverage something like [aws-vault](https://github.com/99designs/aws-vault) to manage different credentials. 
 
 ```
-$ aws-vault exec profile -- ./recon.rb
+$ aws-vault exec profile -- aws_recon
 ```
 
 Plain environment variables will work fine too.
 
 ```
-$ AWS_PROFILE=<profile> ./recon.rb
+$ AWS_PROFILE=<profile> aws_recon
 ```
 
 You may want to use the `-v` or `--verbose` flag initially to see status and activity while collection is running. 
@@ -62,7 +77,7 @@ In verbose mode, the console output will show:
 The `t` prefix indicates which thread a particular request is running under. Region, service, and operation indicate which request operation is currently in progress and where.
 
 ```
-$ ./recon.rb -v
+$ aws_recon -v
 
 t0.global.EC2.describe_account_attributes
 t2.global.S3.list_buckets
@@ -87,11 +102,11 @@ Finished in 46 seconds. Saving resources to output.json.
 #### Example command line options
 
 ```
-$ AWS_PROFILE=<profile> ./recon.rb -s S3,EC2 -r global,us-east-1,us-east-2
+$ AWS_PROFILE=<profile> aws_recon -s S3,EC2 -r global,us-east-1,us-east-2
 ```
 
 ```
-$ AWS_PROFILE=<profile> ./recon.rb --services S3,EC2 --regions global,us-east-1,us-east-2
+$ AWS_PROFILE=<profile> aws_recon --services S3,EC2 --regions global,us-east-1,us-east-2
 ```
 
 #### Errors
@@ -118,11 +133,11 @@ For regional services, a thread (up to the thread limit) is spawned for each ser
 Most users will want to limit collection to relevant services and regions. Running without any options will attempt to collect all resources from all 16 regular regions.
 
 ```
-$ ./recon.rb -h
+$ aws_recon -h
 
 AWS Recon - AWS Inventory Collector
 
-Usage: ./recon.rb [options]
+Usage: aws_recon [options]
     -r, --regions [REGIONS]          Regions to scan, separated by comma (default: all)
     -n, --not-regions [REGIONS]      Regions to skip, separated by comma (default: none)
     -s, --services [SERVICES]        Services to scan, separated by comma (default: all)
@@ -210,6 +225,21 @@ AWS Recon aims to collect all resources and metadata that are relevant in determ
 
 One of the primary motivations for AWS Recon was to build a tool that is easy to maintain and extend. If you feel like coverage could be improved for a particular service, we would welcome PRs to that effect. Anyone with a moderate familiarity with Ruby will be able to mimic the pattern used by the existing collectors to query a specific service and add the results to the resource collection.
 
+### Development
+
+Clone this repository, then install the required gems using `bundle`:
+
+```
+$ git clone git@github.com:darkbitio/aws-recon.git
+$ cd aws-recon
+$ bundle
+...
+Using aws-sdk-core 3.103.0
+...
+Bundle complete! 5 Gemfile dependencies, 259 gems now installed.
+Use `bundle info [gemname]` to see where a bundled gem is installed.
+```
+
 ### TODO
 
 - [ ] Optionally suppress AWS API errors instead of re-raising them

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: aws_recon
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Josh Larsen
+- Darkbit
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-10 00:00:00.000000000 Z
+date: 2020-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -70,16 +71,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -136,7 +137,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.13.1
-description: A multi-threaded AWS inventory collection tool.
+description: AWS Recon is a command line tool to collect resources from an Amazon
+  Web Services (AWS) account. The tool outputs JSON suitable for processing with other
+  tools.
 email:
 executables:
 - aws_recon
@@ -241,5 +244,5 @@ requirements: []
 rubygems_version: 3.0.8
 signing_key:
 specification_version: 4
-summary: A multi-threaded AWS inventory collection tool.
+summary: A multi-threaded AWS inventory collection cli tool.
 test_files: []