aws-inventory-manager 0.17.12__py3-none-any.whl

src/snapshot/resource_collectors/rds.py

@@ -0,0 +1,109 @@
+"""RDS resource collector."""
+
+from typing import List
+
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+
+
+class RDSCollector(BaseResourceCollector):
+    """Collector for AWS RDS resources (instances, clusters, snapshots)."""
+
+    @property
+    def service_name(self) -> str:
+        return "rds"
+
+    def collect(self) -> List[Resource]:
+        """Collect RDS resources.
+
+        Returns:
+            List of RDS resources
+        """
+        resources = []
+        account_id = self._get_account_id()
+
+        # Collect DB instances
+        resources.extend(self._collect_db_instances(account_id))
+
+        # Collect DB clusters (Aurora)
+        resources.extend(self._collect_db_clusters(account_id))
+
+        self.logger.debug(f"Collected {len(resources)} RDS resources in {self.region}")
+        return resources
+
+    def _collect_db_instances(self, account_id: str) -> List[Resource]:
+        """Collect RDS DB instances."""
+        resources = []
+        client = self._create_client()
+
+        try:
+            paginator = client.get_paginator("describe_db_instances")
+            for page in paginator.paginate():
+                for db_instance in page["DBInstances"]:
+                    db_id = db_instance["DBInstanceIdentifier"]
+                    db_arn = db_instance["DBInstanceArn"]
+
+                    # Extract tags
+                    tags = {}
+                    try:
+                        tag_response = client.list_tags_for_resource(ResourceName=db_arn)
+                        tags = {tag["Key"]: tag["Value"] for tag in tag_response.get("TagList", [])}
+                    except Exception as e:
+                        self.logger.debug(f"Could not get tags for DB instance {db_id}: {e}")
+
+                    # Create resource
+                    resource = Resource(
+                        arn=db_arn,
+                        resource_type="AWS::RDS::DBInstance",
+                        name=db_id,
+                        region=self.region,
+                        tags=tags,
+                        config_hash=compute_config_hash(db_instance),
+                        created_at=db_instance.get("InstanceCreateTime"),
+                        raw_config=db_instance,
+                    )
+                    resources.append(resource)
+
+        except Exception as e:
+            self.logger.error(f"Error collecting RDS DB instances in {self.region}: {e}")
+
+        return resources
+
+    def _collect_db_clusters(self, account_id: str) -> List[Resource]:
+        """Collect RDS DB clusters (Aurora)."""
+        resources = []
+        client = self._create_client()
+
+        try:
+            paginator = client.get_paginator("describe_db_clusters")
+            for page in paginator.paginate():
+                for db_cluster in page["DBClusters"]:
+                    cluster_id = db_cluster["DBClusterIdentifier"]
+                    cluster_arn = db_cluster["DBClusterArn"]
+
+                    # Extract tags
+                    tags = {}
+                    try:
+                        tag_response = client.list_tags_for_resource(ResourceName=cluster_arn)
+                        tags = {tag["Key"]: tag["Value"] for tag in tag_response.get("TagList", [])}
+                    except Exception as e:
+                        self.logger.debug(f"Could not get tags for DB cluster {cluster_id}: {e}")
+
+                    # Create resource
+                    resource = Resource(
+                        arn=cluster_arn,
+                        resource_type="AWS::RDS::DBCluster",
+                        name=cluster_id,
+                        region=self.region,
+                        tags=tags,
+                        config_hash=compute_config_hash(db_cluster),
+                        created_at=db_cluster.get("ClusterCreateTime"),
+                        raw_config=db_cluster,
+                    )
+                    resources.append(resource)
+
+        except Exception as e:
+            self.logger.error(f"Error collecting RDS DB clusters in {self.region}: {e}")
+
+        return resources

src/snapshot/resource_collectors/route53.py

@@ -0,0 +1,86 @@
+"""Route53 resource collector."""
+
+from typing import List
+
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+
+
+class Route53Collector(BaseResourceCollector):
+    """Collector for Amazon Route53 resources (Hosted Zones)."""
+
+    @property
+    def service_name(self) -> str:
+        return "route53"
+
+    @property
+    def is_global_service(self) -> bool:
+        """Route53 is a global service."""
+        return True
+
+    def collect(self) -> List[Resource]:
+        """Collect Route53 resources.
+
+        Collects:
+        - Hosted Zones (public and private)
+        - Resource Record Sets within each zone
+
+        Returns:
+            List of Route53 hosted zone resources
+        """
+        resources = []
+        client = self._create_client()
+
+        try:
+            # Collect hosted zones
+            paginator = client.get_paginator("list_hosted_zones")
+            for page in paginator.paginate():
+                for zone in page.get("HostedZones", []):
+                    zone_id = zone["Id"].split("/")[-1]  # Extract ID from '/hostedzone/Z123'
+                    zone_name = zone["Name"]
+
+                    # Get tags
+                    tags = {}
+                    try:
+                        tag_response = client.list_tags_for_resource(ResourceType="hostedzone", ResourceId=zone_id)
+                        for tag in tag_response.get("Tags", []):
+                            tags[tag["Key"]] = tag["Value"]
+                    except Exception as e:
+                        self.logger.debug(f"Could not get tags for hosted zone {zone_id}: {e}")
+
+                    # Get record count and additional details
+                    try:
+                        zone_details = client.get_hosted_zone(Id=zone["Id"])
+                        hosted_zone_info = zone_details.get("HostedZone", {})
+                        # Merge basic info with detailed info
+                        full_zone = {**zone, **hosted_zone_info}
+                    except Exception as e:
+                        self.logger.debug(f"Could not get details for hosted zone {zone_id}: {e}")
+                        full_zone = zone
+
+                    # Build ARN (Route53 hosted zones use a specific ARN format)
+                    # Note: ARNs for Route53 are not standard across all operations
+                    arn = f"arn:aws:route53:::hostedzone/{zone_id}"
+
+                    # Route53 doesn't provide creation timestamp, use None
+                    created_at = None
+
+                    # Create resource
+                    resource = Resource(
+                        arn=arn,
+                        resource_type="AWS::Route53::HostedZone",
+                        name=zone_name,
+                        region="global",  # Route53 is global
+                        tags=tags,
+                        config_hash=compute_config_hash(full_zone),
+                        created_at=created_at,
+                        raw_config=full_zone,
+                    )
+                    resources.append(resource)
+
+        except Exception as e:
+            self.logger.error(f"Error collecting Route53 hosted zones: {e}")
+
+        self.logger.debug(f"Collected {len(resources)} Route53 hosted zones")
+        return resources

src/snapshot/resource_collectors/s3.py

@@ -0,0 +1,105 @@
+"""S3 resource collector."""
+
+from typing import List
+
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+
+
+class S3Collector(BaseResourceCollector):
+    """Collector for AWS S3 buckets.
+
+    Note: S3 is a global service but buckets are accessed via regional endpoints.
+    We only collect once (in us-east-1) to avoid duplicates.
+    """
+
+    @property
+    def service_name(self) -> str:
+        return "s3"
+
+    @property
+    def is_global_service(self) -> bool:
+        # S3 is global, so only collect once
+        return True
+
+    def collect(self) -> List[Resource]:
+        """Collect S3 buckets.
+
+        Returns:
+            List of S3 bucket resources
+        """
+        resources = []
+        client = self._create_client()
+
+        try:
+            # List all buckets
+            response = client.list_buckets()
+
+            for bucket in response.get("Buckets", []):
+                bucket_name = bucket["Name"]
+                creation_date = bucket.get("CreationDate")
+
+                # Get bucket location to determine region
+                try:
+                    location_response = client.get_bucket_location(Bucket=bucket_name)
+                    location = location_response.get("LocationConstraint")
+                    # None means us-east-1
+                    bucket_region = location if location else "us-east-1"
+                except Exception as e:
+                    self.logger.debug(f"Could not get location for bucket {bucket_name}: {e}")
+                    bucket_region = "unknown"
+
+                # Get bucket tags
+                tags = {}
+                try:
+                    tag_response = client.get_bucket_tagging(Bucket=bucket_name)
+                    tags = {tag["Key"]: tag["Value"] for tag in tag_response.get("TagSet", [])}
+                except client.exceptions.NoSuchTagSet:
+                    # Bucket has no tags
+                    pass
+                except Exception as e:
+                    self.logger.debug(f"Could not get tags for bucket {bucket_name}: {e}")
+
+                # Get additional bucket configuration for config hash
+                bucket_config = {
+                    "Name": bucket_name,
+                    "CreationDate": creation_date,
+                    "Region": bucket_region,
+                }
+
+                # Try to get versioning, encryption, etc.
+                try:
+                    versioning = client.get_bucket_versioning(Bucket=bucket_name)
+                    bucket_config["Versioning"] = versioning.get("Status", "Disabled")
+                except Exception:
+                    pass
+
+                try:
+                    encryption = client.get_bucket_encryption(Bucket=bucket_name)
+                    bucket_config["Encryption"] = encryption.get("ServerSideEncryptionConfiguration")
+                except Exception:
+                    # No encryption configured
+                    pass
+
+                # Build ARN
+                arn = f"arn:aws:s3:::{bucket_name}"
+
+                # Create resource
+                resource = Resource(
+                    arn=arn,
+                    resource_type="AWS::S3::Bucket",
+                    name=bucket_name,
+                    region=bucket_region,
+                    tags=tags,
+                    config_hash=compute_config_hash(bucket_config),
+                    created_at=creation_date,
+                    raw_config=bucket_config,
+                )
+                resources.append(resource)
+
+        except Exception as e:
+            self.logger.error(f"Error collecting S3 buckets: {e}")
+
+        self.logger.debug(f"Collected {len(resources)} S3 buckets")
+        return resources

src/snapshot/resource_collectors/secretsmanager.py

@@ -0,0 +1,70 @@
+"""Secrets Manager resource collector."""
+
+from typing import List
+
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+
+
+class SecretsManagerCollector(BaseResourceCollector):
+    """Collector for AWS Secrets Manager resources."""
+
+    @property
+    def service_name(self) -> str:
+        return "secretsmanager"
+
+    def collect(self) -> List[Resource]:
+        """Collect Secrets Manager secrets.
+
+        Returns:
+            List of Secrets Manager secret resources
+        """
+        resources = []
+        client = self._create_client()
+
+        try:
+            paginator = client.get_paginator("list_secrets")
+            for page in paginator.paginate():
+                for secret in page.get("SecretList", []):
+                    secret_name = secret["Name"]
+                    secret_arn = secret["ARN"]
+
+                    # Get full secret details (but not the actual secret value)
+                    try:
+                        secret_details = client.describe_secret(SecretId=secret_arn)
+                        # Use detailed info for config hash
+                        config_data = secret_details
+                    except Exception as e:
+                        self.logger.debug(f"Could not get details for secret {secret_name}: {e}")
+                        config_data = secret
+
+                    # Extract tags
+                    tags = {}
+                    for tag in secret.get("Tags", []):
+                        tags[tag["Key"]] = tag["Value"]
+
+                    # Extract creation date
+                    created_at = secret.get("CreatedDate")
+
+                    # Create resource (without secret value for security)
+                    # Remove sensitive fields if present
+                    safe_config = {k: v for k, v in config_data.items() if k not in ["SecretString", "SecretBinary"]}
+
+                    resource = Resource(
+                        arn=secret_arn,
+                        resource_type="AWS::SecretsManager::Secret",
+                        name=secret_name,
+                        region=self.region,
+                        tags=tags,
+                        config_hash=compute_config_hash(safe_config),
+                        created_at=created_at,
+                        raw_config=safe_config,
+                    )
+                    resources.append(resource)
+
+        except Exception as e:
+            self.logger.error(f"Error collecting Secrets Manager secrets in {self.region}: {e}")
+
+        self.logger.debug(f"Collected {len(resources)} Secrets Manager secrets in {self.region}")
+        return resources

src/snapshot/resource_collectors/sns.py

@@ -0,0 +1,68 @@
+"""SNS resource collector."""
+
+from typing import List
+
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+
+
+class SNSCollector(BaseResourceCollector):
+    """Collector for AWS SNS resources (topics)."""
+
+    @property
+    def service_name(self) -> str:
+        return "sns"
+
+    def collect(self) -> List[Resource]:
+        """Collect SNS resources.
+
+        Returns:
+            List of SNS topics
+        """
+        resources = []
+        client = self._create_client()
+
+        try:
+            paginator = client.get_paginator("list_topics")
+            for page in paginator.paginate():
+                for topic in page.get("Topics", []):
+                    topic_arn = topic["TopicArn"]
+
+                    # Get topic name from ARN
+                    topic_name = topic_arn.split(":")[-1]
+
+                    # Get topic attributes
+                    try:
+                        attrs_response = client.get_topic_attributes(TopicArn=topic_arn)
+                        attributes = attrs_response.get("Attributes", {})
+
+                        # Get tags
+                        tags = {}
+                        try:
+                            tag_response = client.list_tags_for_resource(ResourceArn=topic_arn)
+                            tags = {tag["Key"]: tag["Value"] for tag in tag_response.get("Tags", [])}
+                        except Exception as e:
+                            self.logger.debug(f"Could not get tags for SNS topic {topic_name}: {e}")
+
+                        # Create resource
+                        resource = Resource(
+                            arn=topic_arn,
+                            resource_type="AWS::SNS::Topic",
+                            name=topic_name,
+                            region=self.region,
+                            tags=tags,
+                            config_hash=compute_config_hash(attributes),
+                            created_at=None,  # SNS topics don't expose creation date
+                            raw_config=attributes,
+                        )
+                        resources.append(resource)
+
+                    except Exception as e:
+                        self.logger.debug(f"Could not get attributes for SNS topic {topic_name}: {e}")
+
+        except Exception as e:
+            self.logger.error(f"Error collecting SNS topics in {self.region}: {e}")
+
+        self.logger.debug(f"Collected {len(resources)} SNS topics in {self.region}")
+        return resources

src/snapshot/resource_collectors/sqs.py

@@ -0,0 +1,82 @@
+"""SQS resource collector."""
+
+from datetime import datetime, timezone
+from typing import List
+
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+
+
+class SQSCollector(BaseResourceCollector):
+    """Collector for AWS SQS resources (queues)."""
+
+    @property
+    def service_name(self) -> str:
+        return "sqs"
+
+    def collect(self) -> List[Resource]:
+        """Collect SQS resources.
+
+        Returns:
+            List of SQS queues
+        """
+        resources = []
+        account_id = self._get_account_id()
+        client = self._create_client()
+
+        try:
+            # List all queue URLs
+            response = client.list_queues()
+            queue_urls = response.get("QueueUrls", [])
+
+            for queue_url in queue_urls:
+                try:
+                    # Get queue attributes
+                    attrs_response = client.get_queue_attributes(QueueUrl=queue_url, AttributeNames=["All"])
+                    attributes = attrs_response.get("Attributes", {})
+
+                    # Get queue name from URL
+                    queue_name = queue_url.split("/")[-1]
+
+                    # Build ARN
+                    queue_arn = attributes.get("QueueArn", f"arn:aws:sqs:{self.region}:{account_id}:{queue_name}")
+
+                    # Get tags
+                    tags = {}
+                    try:
+                        tag_response = client.list_queue_tags(QueueUrl=queue_url)
+                        tags = tag_response.get("Tags", {})
+                    except Exception as e:
+                        self.logger.debug(f"Could not get tags for SQS queue {queue_name}: {e}")
+
+                    # Convert CreatedTimestamp from epoch seconds to datetime
+                    created_at = None
+                    created_timestamp = attributes.get("CreatedTimestamp")
+                    if created_timestamp:
+                        try:
+                            created_at = datetime.fromtimestamp(int(created_timestamp), tz=timezone.utc)
+                        except (ValueError, OSError) as e:
+                            self.logger.debug(f"Could not parse CreatedTimestamp for {queue_name}: {e}")
+
+                    # Create resource
+                    resource = Resource(
+                        arn=queue_arn,
+                        resource_type="AWS::SQS::Queue",
+                        name=queue_name,
+                        region=self.region,
+                        tags=tags,
+                        config_hash=compute_config_hash(attributes),
+                        created_at=created_at,
+                        raw_config=attributes,
+                    )
+                    resources.append(resource)
+
+                except Exception as e:
+                    self.logger.debug(f"Could not get attributes for SQS queue {queue_url}: {e}")
+
+        except Exception as e:
+            self.logger.error(f"Error collecting SQS queues in {self.region}: {e}")
+
+        self.logger.debug(f"Collected {len(resources)} SQS queues in {self.region}")
+        return resources

src/snapshot/resource_collectors/ssm.py

@@ -0,0 +1,160 @@
+"""Systems Manager resource collector."""
+
+from typing import List
+
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+
+
+class SSMCollector(BaseResourceCollector):
+    """Collector for AWS Systems Manager resources (Parameter Store, Documents)."""
+
+    @property
+    def service_name(self) -> str:
+        return "ssm"
+
+    def collect(self) -> List[Resource]:
+        """Collect Systems Manager resources.
+
+        Collects:
+        - Parameter Store parameters
+        - SSM Documents (custom documents only)
+
+        Returns:
+            List of Systems Manager resources
+        """
+        resources = []
+
+        # Collect Parameter Store parameters
+        resources.extend(self._collect_parameters())
+
+        # Collect SSM Documents
+        resources.extend(self._collect_documents())
+
+        self.logger.debug(f"Collected {len(resources)} Systems Manager resources in {self.region}")
+        return resources
+
+    def _collect_parameters(self) -> List[Resource]:
+        """Collect Parameter Store parameters.
+
+        Returns:
+            List of Parameter resources
+        """
+        resources = []
+        client = self._create_client()
+
+        try:
+            paginator = client.get_paginator("describe_parameters")
+            for page in paginator.paginate():
+                for param in page.get("Parameters", []):
+                    param_name = param["Name"]
+                    param_type = param["Type"]
+
+                    # Build ARN
+                    # Get account ID from session
+                    sts_client = self.session.client("sts")
+                    account_id = sts_client.get_caller_identity()["Account"]
+                    arn = f"arn:aws:ssm:{self.region}:{account_id}:parameter{param_name}"
+
+                    # Get tags
+                    tags = {}
+                    try:
+                        tag_response = client.list_tags_for_resource(ResourceType="Parameter", ResourceId=param_name)
+                        for tag in tag_response.get("TagList", []):
+                            tags[tag["Key"]] = tag["Value"]
+                    except Exception as e:
+                        self.logger.debug(f"Could not get tags for parameter {param_name}: {e}")
+
+                    # Get parameter details (metadata only, not the actual value for SecureString)
+                    try:
+                        # For SecureString, we don't want to expose the value
+                        if param_type == "SecureString":
+                            # Use describe_parameters data only
+                            config = param
+                        else:
+                            # For String and StringList, we can get the value
+                            param_details = client.get_parameter(Name=param_name, WithDecryption=False)
+                            config = {
+                                **param,
+                                "Value": param_details["Parameter"].get("Value"),
+                            }
+                    except Exception as e:
+                        self.logger.debug(f"Could not get details for parameter {param_name}: {e}")
+                        config = param
+
+                    # Extract last modified date as creation date proxy
+                    created_at = param.get("LastModifiedDate")
+
+                    # Create resource
+                    resource = Resource(
+                        arn=arn,
+                        resource_type="AWS::SSM::Parameter",
+                        name=param_name,
+                        region=self.region,
+                        tags=tags,
+                        config_hash=compute_config_hash(config),
+                        created_at=created_at,
+                        raw_config=config,
+                    )
+                    resources.append(resource)
+
+        except Exception as e:
+            self.logger.error(f"Error collecting SSM parameters in {self.region}: {e}")
+
+        return resources
+
+    def _collect_documents(self) -> List[Resource]:
+        """Collect SSM Documents (custom documents only).
+
+        Returns:
+            List of SSM Document resources
+        """
+        resources = []
+        client = self._create_client()
+
+        try:
+            # Only collect custom documents (not AWS-owned)
+            paginator = client.get_paginator("list_documents")
+            for page in paginator.paginate(Filters=[{"Key": "Owner", "Values": ["Self"]}]):  # Only user-owned documents
+                for doc in page.get("DocumentIdentifiers", []):
+                    doc_name = doc["Name"]
+
+                    # Get document details
+                    try:
+                        doc_details = client.describe_document(Name=doc_name)["Document"]
+
+                        # Build ARN
+                        arn = doc_details.get("DocumentArn", doc_name)
+
+                        # Get tags
+                        tags = {}
+                        for tag in doc_details.get("Tags", []):
+                            tags[tag["Key"]] = tag["Value"]
+
+                        # Extract creation date
+                        created_at = doc_details.get("CreatedDate")
+
+                        # Create resource (without the actual document content to keep size manageable)
+                        config = {k: v for k, v in doc_details.items() if k != "Content"}
+
+                        resource = Resource(
+                            arn=arn,
+                            resource_type="AWS::SSM::Document",
+                            name=doc_name,
+                            region=self.region,
+                            tags=tags,
+                            config_hash=compute_config_hash(config),
+                            created_at=created_at,
+                            raw_config=config,
+                        )
+                        resources.append(resource)
+
+                    except Exception as e:
+                        self.logger.debug(f"Error processing document {doc_name}: {e}")
+                        continue
+
+        except Exception as e:
+            self.logger.error(f"Error collecting SSM documents in {self.region}: {e}")
+
+        return resources