aws-inventory-manager 0.2.0__py3-none-any.whl

src/snapshot/resource_collectors/stepfunctions.py

@@ -0,0 +1,74 @@
+"""Step Functions resource collector."""
+
+from typing import List
+
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+
+
+class StepFunctionsCollector(BaseResourceCollector):
+    """Collector for AWS Step Functions resources."""
+
+    @property
+    def service_name(self) -> str:
+        return "stepfunctions"
+
+    def collect(self) -> List[Resource]:
+        """Collect Step Functions state machines.
+
+        Returns:
+            List of Step Functions state machine resources
+        """
+        resources = []
+        client = self._create_client("stepfunctions")
+
+        try:
+            paginator = client.get_paginator("list_state_machines")
+            for page in paginator.paginate():
+                for state_machine in page.get("stateMachines", []):
+                    sm_arn = state_machine["stateMachineArn"]
+                    sm_name = state_machine["name"]
+
+                    try:
+                        # Get detailed state machine info
+                        sm_details = client.describe_state_machine(stateMachineArn=sm_arn)
+
+                        # Get tags
+                        tags = {}
+                        try:
+                            tag_response = client.list_tags_for_resource(resourceArn=sm_arn)
+                            for tag in tag_response.get("tags", []):
+                                tags[tag["key"]] = tag["value"]
+                        except Exception as e:
+                            self.logger.debug(f"Could not get tags for state machine {sm_name}: {e}")
+
+                        # Extract creation date
+                        created_at = sm_details.get("creationDate")
+
+                        # Remove the definition for config hash (can be large)
+                        # but keep key metadata
+                        config = {k: v for k, v in sm_details.items() if k != "definition"}
+
+                        # Create resource
+                        resource = Resource(
+                            arn=sm_arn,
+                            resource_type="AWS::StepFunctions::StateMachine",
+                            name=sm_name,
+                            region=self.region,
+                            tags=tags,
+                            config_hash=compute_config_hash(config),
+                            created_at=created_at,
+                            raw_config=config,
+                        )
+                        resources.append(resource)
+
+                    except Exception as e:
+                        self.logger.debug(f"Error processing state machine {sm_name}: {e}")
+                        continue
+
+        except Exception as e:
+            self.logger.error(f"Error collecting Step Functions state machines in {self.region}: {e}")
+
+        self.logger.debug(f"Collected {len(resources)} Step Functions state machines in {self.region}")
+        return resources

src/snapshot/resource_collectors/vpcendpoints.py

@@ -0,0 +1,79 @@
+"""VPC Endpoints resource collector."""
+
+from typing import List
+
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+
+
+class VPCEndpointsCollector(BaseResourceCollector):
+    """Collector for VPC Endpoints (Interface and Gateway endpoints)."""
+
+    @property
+    def service_name(self) -> str:
+        return "vpc-endpoints"
+
+    def collect(self) -> List[Resource]:
+        """Collect VPC Endpoints.
+
+        Collects both Interface and Gateway VPC endpoints.
+
+        Returns:
+            List of VPC Endpoint resources
+        """
+        resources = []
+        client = self._create_client("ec2")
+
+        try:
+            paginator = client.get_paginator("describe_vpc_endpoints")
+            for page in paginator.paginate():
+                for endpoint in page.get("VpcEndpoints", []):
+                    endpoint_id = endpoint["VpcEndpointId"]
+                    service_name = endpoint.get("ServiceName", "unknown")
+                    endpoint_type = endpoint.get("VpcEndpointType", "Unknown")
+
+                    # Extract tags
+                    tags = {}
+                    for tag in endpoint.get("Tags", []):
+                        tags[tag["Key"]] = tag["Value"]
+
+                    # Get account ID for ARN
+                    sts_client = self.session.client("sts")
+                    account_id = sts_client.get_caller_identity()["Account"]
+
+                    # Build ARN
+                    arn = f"arn:aws:ec2:{self.region}:{account_id}:vpc-endpoint/{endpoint_id}"
+
+                    # Extract creation date
+                    created_at = endpoint.get("CreationTimestamp")
+
+                    # Determine resource type based on endpoint type
+                    if endpoint_type == "Interface":
+                        resource_type = "AWS::EC2::VPCEndpoint::Interface"
+                    elif endpoint_type == "Gateway":
+                        resource_type = "AWS::EC2::VPCEndpoint::Gateway"
+                    else:
+                        resource_type = f"AWS::EC2::VPCEndpoint::{endpoint_type}"
+
+                    # Use service name as the friendly name
+                    name = f"{endpoint_id} ({service_name.split('.')[-1]})"
+
+                    # Create resource
+                    resource = Resource(
+                        arn=arn,
+                        resource_type=resource_type,
+                        name=name,
+                        region=self.region,
+                        tags=tags,
+                        config_hash=compute_config_hash(endpoint),
+                        created_at=created_at,
+                        raw_config=endpoint,
+                    )
+                    resources.append(resource)
+
+        except Exception as e:
+            self.logger.error(f"Error collecting VPC endpoints in {self.region}: {e}")
+
+        self.logger.debug(f"Collected {len(resources)} VPC endpoints in {self.region}")
+        return resources

src/snapshot/resource_collectors/waf.py

@@ -0,0 +1,159 @@
+"""WAF resource collector."""
+
+from typing import List
+
+from ...models.resource import Resource
+from ...utils.hash import compute_config_hash
+from .base import BaseResourceCollector
+
+
+class WAFCollector(BaseResourceCollector):
+    """Collector for AWS WAF (Web Application Firewall) resources."""
+
+    @property
+    def service_name(self) -> str:
+        return "waf"
+
+    def collect(self) -> List[Resource]:
+        """Collect WAF resources.
+
+        Collects WAFv2 Web ACLs (regional and global/CloudFront).
+
+        Returns:
+            List of WAF Web ACL resources
+        """
+        resources = []
+
+        # Collect regional Web ACLs
+        resources.extend(self._collect_regional_web_acls())
+
+        # Collect CloudFront Web ACLs (global, only from us-east-1)
+        if self.region == "us-east-1":
+            resources.extend(self._collect_cloudfront_web_acls())
+
+        self.logger.debug(f"Collected {len(resources)} WAF Web ACLs in {self.region}")
+        return resources
+
+    def _collect_regional_web_acls(self) -> List[Resource]:
+        """Collect regional WAFv2 Web ACLs.
+
+        Returns:
+            List of regional Web ACL resources
+        """
+        resources = []
+
+        try:
+            client = self._create_client("wafv2")
+
+            paginator = client.get_paginator("list_web_acls")
+            for page in paginator.paginate(Scope="REGIONAL"):
+                for web_acl_summary in page.get("WebACLs", []):
+                    web_acl_name = web_acl_summary["Name"]
+                    web_acl_id = web_acl_summary["Id"]
+                    web_acl_arn = web_acl_summary["ARN"]
+
+                    try:
+                        # Get detailed Web ACL info
+                        web_acl_response = client.get_web_acl(Name=web_acl_name, Scope="REGIONAL", Id=web_acl_id)
+                        web_acl = web_acl_response.get("WebACL", {})
+
+                        # Get tags
+                        tags = {}
+                        try:
+                            tag_response = client.list_tags_for_resource(ResourceARN=web_acl_arn)
+                            for tag_info in tag_response.get("TagInfoForResource", {}).get("TagList", []):
+                                tags[tag_info["Key"]] = tag_info["Value"]
+                        except Exception as e:
+                            self.logger.debug(f"Could not get tags for Web ACL {web_acl_name}: {e}")
+
+                        # WAFv2 doesn't provide creation timestamp
+                        created_at = None
+
+                        # Remove large rule definitions for config hash
+                        config = {k: v for k, v in web_acl.items() if k not in ["Rules"]}
+                        config["RuleCount"] = len(web_acl.get("Rules", []))
+
+                        # Create resource
+                        resource = Resource(
+                            arn=web_acl_arn,
+                            resource_type="AWS::WAFv2::WebACL::Regional",
+                            name=web_acl_name,
+                            region=self.region,
+                            tags=tags,
+                            config_hash=compute_config_hash(config),
+                            created_at=created_at,
+                            raw_config=config,
+                        )
+                        resources.append(resource)
+
+                    except Exception as e:
+                        self.logger.debug(f"Error processing Web ACL {web_acl_name}: {e}")
+                        continue
+
+        except Exception as e:
+            self.logger.error(f"Error collecting regional WAF Web ACLs in {self.region}: {e}")
+
+        return resources
+
+    def _collect_cloudfront_web_acls(self) -> List[Resource]:
+        """Collect CloudFront (global) WAFv2 Web ACLs.
+
+        Only collects when in us-east-1 since CloudFront resources are global.
+
+        Returns:
+            List of CloudFront Web ACL resources
+        """
+        resources = []
+
+        try:
+            client = self._create_client("wafv2")
+
+            paginator = client.get_paginator("list_web_acls")
+            for page in paginator.paginate(Scope="CLOUDFRONT"):
+                for web_acl_summary in page.get("WebACLs", []):
+                    web_acl_name = web_acl_summary["Name"]
+                    web_acl_id = web_acl_summary["Id"]
+                    web_acl_arn = web_acl_summary["ARN"]
+
+                    try:
+                        # Get detailed Web ACL info
+                        web_acl_response = client.get_web_acl(Name=web_acl_name, Scope="CLOUDFRONT", Id=web_acl_id)
+                        web_acl = web_acl_response.get("WebACL", {})
+
+                        # Get tags
+                        tags = {}
+                        try:
+                            tag_response = client.list_tags_for_resource(ResourceARN=web_acl_arn)
+                            for tag_info in tag_response.get("TagInfoForResource", {}).get("TagList", []):
+                                tags[tag_info["Key"]] = tag_info["Value"]
+                        except Exception as e:
+                            self.logger.debug(f"Could not get tags for CloudFront Web ACL {web_acl_name}: {e}")
+
+                        # WAFv2 doesn't provide creation timestamp
+                        created_at = None
+
+                        # Remove large rule definitions for config hash
+                        config = {k: v for k, v in web_acl.items() if k not in ["Rules"]}
+                        config["RuleCount"] = len(web_acl.get("Rules", []))
+
+                        # Create resource
+                        resource = Resource(
+                            arn=web_acl_arn,
+                            resource_type="AWS::WAFv2::WebACL::CloudFront",
+                            name=web_acl_name,
+                            region="global",  # CloudFront is global
+                            tags=tags,
+                            config_hash=compute_config_hash(config),
+                            created_at=created_at,
+                            raw_config=config,
+                        )
+                        resources.append(resource)
+
+                    except Exception as e:
+                        self.logger.debug(f"Error processing CloudFront Web ACL {web_acl_name}: {e}")
+                        continue
+
+        except Exception as e:
+            self.logger.error(f"Error collecting CloudFront WAF Web ACLs: {e}")
+
+        return resources

src/snapshot/storage.py

@@ -0,0 +1,259 @@
+"""Snapshot storage manager for saving and loading snapshots."""
+
+import gzip
+import logging
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Dict, List, Optional, Union
+
+import yaml
+
+from ..models.snapshot import Snapshot
+from ..utils.paths import get_snapshot_storage_path
+
+logger = logging.getLogger(__name__)
+
+
+class SnapshotStorage:
+    """Manages snapshot persistence to local filesystem."""
+
+    def __init__(self, storage_dir: Optional[Union[str, Path]] = None):
+        """Initialize snapshot storage.
+
+        Args:
+            storage_dir: Directory to store snapshots (default: ~/.snapshots via get_snapshot_storage_path())
+        """
+        self.storage_dir = get_snapshot_storage_path(storage_dir)
+        self.storage_dir.mkdir(parents=True, exist_ok=True)
+        self.active_file = self.storage_dir / ".active"
+        self.index_file = self.storage_dir / ".index.yaml"
+
+    def save_snapshot(self, snapshot: Snapshot, compress: bool = False) -> Path:
+        """Save snapshot to YAML file, optionally compressed.
+
+        Args:
+            snapshot: Snapshot instance to save
+            compress: Whether to compress with gzip (default: False)
+
+        Returns:
+            Path to saved snapshot file
+        """
+        filename = f"{snapshot.name}.yaml"
+        if compress:
+            filename += ".gz"
+
+        filepath = self.storage_dir / filename
+
+        # Convert snapshot to dict
+        snapshot_dict = snapshot.to_dict()
+
+        # Serialize to YAML
+        yaml_str = yaml.dump(
+            snapshot_dict,
+            default_flow_style=False,  # Block style (more readable)
+            sort_keys=False,  # Preserve insertion order
+            allow_unicode=True,
+        )
+
+        # Save (compressed or uncompressed)
+        if compress:
+            with gzip.open(filepath, "wt", encoding="utf-8") as f:
+                f.write(yaml_str)
+            logger.debug(f"Saved compressed snapshot to {filepath}")
+        else:
+            with open(filepath, "w", encoding="utf-8") as f:
+                f.write(yaml_str)
+            logger.debug(f"Saved snapshot to {filepath}")
+
+        # Update index
+        self._update_index(snapshot)
+
+        # Set as active if requested
+        if snapshot.is_active:
+            self.set_active_snapshot(snapshot.name)
+
+        return filepath
+
+    def load_snapshot(self, snapshot_name: str) -> Snapshot:
+        """Load snapshot from YAML file (auto-detects compression).
+
+        Args:
+            snapshot_name: Name of snapshot to load
+
+        Returns:
+            Snapshot instance
+
+        Raises:
+            FileNotFoundError: If snapshot file doesn't exist
+        """
+        # Try compressed first
+        filepath_gz = self.storage_dir / f"{snapshot_name}.yaml.gz"
+        if filepath_gz.exists():
+            with gzip.open(filepath_gz, "rt", encoding="utf-8") as f:
+                snapshot_dict = yaml.safe_load(f)
+            logger.debug(f"Loaded compressed snapshot from {filepath_gz}")
+            return Snapshot.from_dict(snapshot_dict)
+
+        # Try uncompressed
+        filepath = self.storage_dir / f"{snapshot_name}.yaml"
+        if filepath.exists():
+            with open(filepath, "r", encoding="utf-8") as f:
+                snapshot_dict = yaml.safe_load(f)
+            logger.debug(f"Loaded snapshot from {filepath}")
+            return Snapshot.from_dict(snapshot_dict)
+
+        raise FileNotFoundError(f"Snapshot '{snapshot_name}' not found")
+
+    def list_snapshots(self) -> List[Dict[str, Any]]:
+        """List all available snapshots with metadata.
+
+        Returns:
+            List of snapshot metadata dictionaries
+        """
+        snapshots = []
+        active_name = self.get_active_snapshot_name()
+
+        # Find all snapshot files
+        for filepath in self.storage_dir.glob("*.yaml*"):
+            if filepath.name.startswith("."):
+                continue  # Skip hidden files
+
+            name = filepath.stem
+            if name.endswith(".yaml"):  # Handle .yaml.gz case
+                name = name[:-5]
+
+            # Get file stats
+            stats = filepath.stat()
+            size_mb = stats.st_size / (1024 * 1024)
+
+            snapshots.append(
+                {
+                    "name": name,
+                    "filepath": str(filepath),
+                    "size_mb": round(size_mb, 2),
+                    "modified": datetime.fromtimestamp(stats.st_mtime),
+                    "is_active": (name == active_name),
+                }
+            )
+
+        # Sort by modified date (newest first)
+        snapshots.sort(key=lambda x: x["modified"], reverse=True)  # type: ignore
+
+        logger.debug(f"Found {len(snapshots)} snapshots")
+        return snapshots
+
+    def delete_snapshot(self, snapshot_name: str) -> bool:
+        """Delete a snapshot file.
+
+        Args:
+            snapshot_name: Name of snapshot to delete
+
+        Returns:
+            True if deleted successfully
+
+        Raises:
+            ValueError: If trying to delete active snapshot
+            FileNotFoundError: If snapshot doesn't exist
+        """
+        # Check if it's the active snapshot
+        if snapshot_name == self.get_active_snapshot_name():
+            raise ValueError(
+                f"Cannot delete active snapshot '{snapshot_name}'. " "Set another snapshot as active first."
+            )
+
+        # Try to delete both compressed and uncompressed versions
+        deleted = False
+
+        filepath_gz = self.storage_dir / f"{snapshot_name}.yaml.gz"
+        if filepath_gz.exists():
+            filepath_gz.unlink()
+            deleted = True
+            logger.debug(f"Deleted {filepath_gz}")
+
+        filepath = self.storage_dir / f"{snapshot_name}.yaml"
+        if filepath.exists():
+            filepath.unlink()
+            deleted = True
+            logger.debug(f"Deleted {filepath}")
+
+        if not deleted:
+            raise FileNotFoundError(f"Snapshot '{snapshot_name}' not found")
+
+        # Update index
+        self._remove_from_index(snapshot_name)
+
+        return True
+
+    def get_active_snapshot_name(self) -> Optional[str]:
+        """Get the name of the currently active snapshot.
+
+        Returns:
+            Active snapshot name, or None if no active snapshot
+        """
+        if self.active_file.exists():
+            return self.active_file.read_text().strip()
+        return None
+
+    def set_active_snapshot(self, snapshot_name: str) -> None:
+        """Set a snapshot as the active baseline.
+
+        Args:
+            snapshot_name: Name of snapshot to set as active
+
+        Raises:
+            FileNotFoundError: If snapshot doesn't exist
+        """
+        # Verify snapshot exists
+        try:
+            self.load_snapshot(snapshot_name)
+        except FileNotFoundError:
+            raise FileNotFoundError(f"Cannot set active: snapshot '{snapshot_name}' not found")
+
+        # Update active file
+        self.active_file.write_text(snapshot_name)
+        logger.debug(f"Set active snapshot to: {snapshot_name}")
+
+    def _update_index(self, snapshot: Snapshot) -> None:
+        """Update the snapshot index file.
+
+        Args:
+            snapshot: Snapshot to add/update in index
+        """
+        # Load existing index
+        index = self._load_index()
+
+        # Update entry
+        index[snapshot.name] = {
+            "name": snapshot.name,
+            "created_at": snapshot.created_at.isoformat(),
+            "account_id": snapshot.account_id,
+            "regions": snapshot.regions,
+            "resource_count": snapshot.resource_count,
+            "service_counts": snapshot.service_counts,
+        }
+
+        # Save index
+        self._save_index(index)
+
+    def _remove_from_index(self, snapshot_name: str) -> None:
+        """Remove snapshot from index.
+
+        Args:
+            snapshot_name: Name of snapshot to remove
+        """
+        index = self._load_index()
+        if snapshot_name in index:
+            del index[snapshot_name]
+            self._save_index(index)
+
+    def _load_index(self) -> Dict[str, Any]:
+        """Load snapshot index from file."""
+        if self.index_file.exists():
+            with open(self.index_file, "r") as f:
+                return yaml.safe_load(f) or {}
+        return {}
+
+    def _save_index(self, index: Dict[str, Any]) -> None:
+        """Save snapshot index to file."""
+        with open(self.index_file, "w") as f:
+            yaml.dump(index, f, default_flow_style=False)

src/utils/__init__.py

@@ -0,0 +1,12 @@
+"""Utility modules for AWS Baseline Snapshot tool."""
+
+from .export import export_to_csv, export_to_json
+from .hash import compute_config_hash
+from .logging import setup_logging
+
+__all__ = [
+    "setup_logging",
+    "compute_config_hash",
+    "export_to_json",
+    "export_to_csv",
+]

src/utils/export.py

@@ -0,0 +1,87 @@
+"""Export utilities for JSON and CSV formats."""
+
+import csv
+import json
+import logging
+from pathlib import Path
+from typing import Any, Dict, List
+
+logger = logging.getLogger(__name__)
+
+
+def export_to_json(data: Any, filepath: str) -> Path:
+    """Export data to JSON file.
+
+    Args:
+        data: Data to export (must be JSON-serializable)
+        filepath: Destination file path
+
+    Returns:
+        Path to exported file
+    """
+    path = Path(filepath)
+
+    with open(path, "w", encoding="utf-8") as f:
+        json.dump(data, f, indent=2, default=str)
+
+    logger.info(f"Exported data to JSON: {path}")
+    return path
+
+
+def export_to_csv(data: List[Dict[str, Any]], filepath: str) -> Path:
+    """Export list of dictionaries to CSV file.
+
+    Args:
+        data: List of dictionaries to export
+        filepath: Destination file path
+
+    Returns:
+        Path to exported file
+
+    Raises:
+        ValueError: If data is empty or not a list of dicts
+    """
+    if not data:
+        raise ValueError("Cannot export empty data to CSV")
+
+    if not isinstance(data, list) or not isinstance(data[0], dict):
+        raise ValueError("Data must be a list of dictionaries for CSV export")
+
+    path = Path(filepath)
+
+    # Get fieldnames from first item
+    fieldnames = list(data[0].keys())
+
+    with open(path, "w", newline="", encoding="utf-8") as f:
+        writer = csv.DictWriter(f, fieldnames=fieldnames)
+        writer.writeheader()
+        writer.writerows(data)
+
+    logger.info(f"Exported {len(data)} rows to CSV: {path}")
+    return path
+
+
+def flatten_dict(d: Dict[str, Any], parent_key: str = "", sep: str = "_") -> Dict[str, Any]:
+    """Flatten a nested dictionary for CSV export.
+
+    Args:
+        d: Dictionary to flatten
+        parent_key: Parent key for nested items
+        sep: Separator for concatenating keys
+
+    Returns:
+        Flattened dictionary
+    """
+    from typing import Any, List, Tuple
+
+    items: List[Tuple[str, Any]] = []
+    for k, v in d.items():
+        new_key = f"{parent_key}{sep}{k}" if parent_key else k
+        if isinstance(v, dict):
+            items.extend(flatten_dict(v, new_key, sep=sep).items())
+        elif isinstance(v, list):
+            # Convert lists to comma-separated strings
+            items.append((new_key, ", ".join(str(x) for x in v)))
+        else:
+            items.append((new_key, v))
+    return dict(items)