PyPI - runbooks - Versions diffs - 0.2.3__py3-none-any.whl → 0.6.1__py3-none-any.whl - Mend

runbooks 0.2.3py3-none-any.whl → 0.6.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (221) hide show

conftest.py +26 -0
jupyter-agent/.env.template +2 -0
jupyter-agent/.gitattributes +35 -0
jupyter-agent/README.md +16 -0
jupyter-agent/app.py +256 -0
jupyter-agent/cloudops-agent.png +0 -0
jupyter-agent/ds-system-prompt.txt +154 -0
jupyter-agent/jupyter-agent.png +0 -0
jupyter-agent/llama3_template.jinja +123 -0
jupyter-agent/requirements.txt +9 -0
jupyter-agent/utils.py +409 -0
runbooks/__init__.py +71 -3
runbooks/__main__.py +13 -0
runbooks/aws/ec2_describe_instances.py +1 -1
runbooks/aws/ec2_run_instances.py +8 -2
runbooks/aws/ec2_start_stop_instances.py +17 -4
runbooks/aws/ec2_unused_volumes.py +5 -1
runbooks/aws/s3_create_bucket.py +4 -2
runbooks/aws/s3_list_objects.py +6 -1
runbooks/aws/tagging_lambda_handler.py +13 -2
runbooks/aws/tags.json +12 -0
runbooks/base.py +353 -0
runbooks/cfat/README.md +49 -0
runbooks/cfat/__init__.py +74 -0
runbooks/cfat/app.ts +644 -0
runbooks/cfat/assessment/__init__.py +40 -0
runbooks/cfat/assessment/asana-import.csv +39 -0
runbooks/cfat/assessment/cfat-checks.csv +31 -0
runbooks/cfat/assessment/cfat.txt +520 -0
runbooks/cfat/assessment/collectors.py +200 -0
runbooks/cfat/assessment/jira-import.csv +39 -0
runbooks/cfat/assessment/runner.py +387 -0
runbooks/cfat/assessment/validators.py +290 -0
runbooks/cfat/cli.py +103 -0
runbooks/cfat/docs/asana-import.csv +24 -0
runbooks/cfat/docs/cfat-checks.csv +31 -0
runbooks/cfat/docs/cfat.txt +335 -0
runbooks/cfat/docs/checks-output.png +0 -0
runbooks/cfat/docs/cloudshell-console-run.png +0 -0
runbooks/cfat/docs/cloudshell-download.png +0 -0
runbooks/cfat/docs/cloudshell-output.png +0 -0
runbooks/cfat/docs/downloadfile.png +0 -0
runbooks/cfat/docs/jira-import.csv +24 -0
runbooks/cfat/docs/open-cloudshell.png +0 -0
runbooks/cfat/docs/report-header.png +0 -0
runbooks/cfat/models.py +1026 -0
runbooks/cfat/package-lock.json +5116 -0
runbooks/cfat/package.json +38 -0
runbooks/cfat/report.py +496 -0
runbooks/cfat/reporting/__init__.py +46 -0
runbooks/cfat/reporting/exporters.py +337 -0
runbooks/cfat/reporting/formatters.py +496 -0
runbooks/cfat/reporting/templates.py +135 -0
runbooks/cfat/run-assessment.sh +23 -0
runbooks/cfat/runner.py +69 -0
runbooks/cfat/src/actions/check-cloudtrail-existence.ts +43 -0
runbooks/cfat/src/actions/check-config-existence.ts +37 -0
runbooks/cfat/src/actions/check-control-tower.ts +37 -0
runbooks/cfat/src/actions/check-ec2-existence.ts +46 -0
runbooks/cfat/src/actions/check-iam-users.ts +50 -0
runbooks/cfat/src/actions/check-legacy-cur.ts +30 -0
runbooks/cfat/src/actions/check-org-cloudformation.ts +30 -0
runbooks/cfat/src/actions/check-vpc-existence.ts +43 -0
runbooks/cfat/src/actions/create-asanaimport.ts +14 -0
runbooks/cfat/src/actions/create-backlog.ts +372 -0
runbooks/cfat/src/actions/create-jiraimport.ts +15 -0
runbooks/cfat/src/actions/create-report.ts +616 -0
runbooks/cfat/src/actions/define-account-type.ts +51 -0
runbooks/cfat/src/actions/get-enabled-org-policy-types.ts +40 -0
runbooks/cfat/src/actions/get-enabled-org-services.ts +26 -0
runbooks/cfat/src/actions/get-idc-info.ts +34 -0
runbooks/cfat/src/actions/get-org-da-accounts.ts +34 -0
runbooks/cfat/src/actions/get-org-details.ts +35 -0
runbooks/cfat/src/actions/get-org-member-accounts.ts +44 -0
runbooks/cfat/src/actions/get-org-ous.ts +35 -0
runbooks/cfat/src/actions/get-regions.ts +22 -0
runbooks/cfat/src/actions/zip-assessment.ts +27 -0
runbooks/cfat/src/types/index.d.ts +147 -0
runbooks/cfat/tests/__init__.py +141 -0
runbooks/cfat/tests/test_cli.py +340 -0
runbooks/cfat/tests/test_integration.py +290 -0
runbooks/cfat/tests/test_models.py +505 -0
runbooks/cfat/tests/test_reporting.py +354 -0
runbooks/cfat/tsconfig.json +16 -0
runbooks/cfat/webpack.config.cjs +27 -0
runbooks/config.py +260 -0
runbooks/finops/__init__.py +88 -0
runbooks/finops/aws_client.py +245 -0
runbooks/finops/cli.py +151 -0
runbooks/finops/cost_processor.py +410 -0
runbooks/finops/dashboard_runner.py +448 -0
runbooks/finops/helpers.py +355 -0
runbooks/finops/main.py +14 -0
runbooks/finops/profile_processor.py +174 -0
runbooks/finops/types.py +66 -0
runbooks/finops/visualisations.py +80 -0
runbooks/inventory/.gitignore +354 -0
runbooks/inventory/ArgumentsClass.py +261 -0
runbooks/inventory/Inventory_Modules.py +6130 -0
runbooks/inventory/LandingZone/delete_lz.py +1075 -0
runbooks/inventory/README.md +1320 -0
runbooks/inventory/__init__.py +62 -0
runbooks/inventory/account_class.py +532 -0
runbooks/inventory/all_my_instances_wrapper.py +123 -0
runbooks/inventory/aws_decorators.py +201 -0
runbooks/inventory/cfn_move_stack_instances.py +1526 -0
runbooks/inventory/check_cloudtrail_compliance.py +614 -0
runbooks/inventory/check_controltower_readiness.py +1107 -0
runbooks/inventory/check_landingzone_readiness.py +711 -0
runbooks/inventory/cloudtrail.md +727 -0
runbooks/inventory/collectors/__init__.py +20 -0
runbooks/inventory/collectors/aws_compute.py +518 -0
runbooks/inventory/collectors/aws_networking.py +275 -0
runbooks/inventory/collectors/base.py +222 -0
runbooks/inventory/core/__init__.py +19 -0
runbooks/inventory/core/collector.py +303 -0
runbooks/inventory/core/formatter.py +296 -0
runbooks/inventory/delete_s3_buckets_objects.py +169 -0
runbooks/inventory/discovery.md +81 -0
runbooks/inventory/draw_org_structure.py +748 -0
runbooks/inventory/ec2_vpc_utils.py +341 -0
runbooks/inventory/find_cfn_drift_detection.py +272 -0
runbooks/inventory/find_cfn_orphaned_stacks.py +719 -0
runbooks/inventory/find_cfn_stackset_drift.py +733 -0
runbooks/inventory/find_ec2_security_groups.py +669 -0
runbooks/inventory/find_landingzone_versions.py +201 -0
runbooks/inventory/find_vpc_flow_logs.py +1221 -0
runbooks/inventory/inventory.sh +659 -0
runbooks/inventory/list_cfn_stacks.py +558 -0
runbooks/inventory/list_cfn_stackset_operation_results.py +252 -0
runbooks/inventory/list_cfn_stackset_operations.py +734 -0
runbooks/inventory/list_cfn_stacksets.py +453 -0
runbooks/inventory/list_config_recorders_delivery_channels.py +681 -0
runbooks/inventory/list_ds_directories.py +354 -0
runbooks/inventory/list_ec2_availability_zones.py +286 -0
runbooks/inventory/list_ec2_ebs_volumes.py +244 -0
runbooks/inventory/list_ec2_instances.py +425 -0
runbooks/inventory/list_ecs_clusters_and_tasks.py +562 -0
runbooks/inventory/list_elbs_load_balancers.py +411 -0
runbooks/inventory/list_enis_network_interfaces.py +526 -0
runbooks/inventory/list_guardduty_detectors.py +568 -0
runbooks/inventory/list_iam_policies.py +404 -0
runbooks/inventory/list_iam_roles.py +518 -0
runbooks/inventory/list_iam_saml_providers.py +359 -0
runbooks/inventory/list_lambda_functions.py +882 -0
runbooks/inventory/list_org_accounts.py +446 -0
runbooks/inventory/list_org_accounts_users.py +354 -0
runbooks/inventory/list_rds_db_instances.py +406 -0
runbooks/inventory/list_route53_hosted_zones.py +318 -0
runbooks/inventory/list_servicecatalog_provisioned_products.py +575 -0
runbooks/inventory/list_sns_topics.py +360 -0
runbooks/inventory/list_ssm_parameters.py +402 -0
runbooks/inventory/list_vpc_subnets.py +433 -0
runbooks/inventory/list_vpcs.py +422 -0
runbooks/inventory/lockdown_cfn_stackset_role.py +224 -0
runbooks/inventory/models/__init__.py +24 -0
runbooks/inventory/models/account.py +192 -0
runbooks/inventory/models/inventory.py +309 -0
runbooks/inventory/models/resource.py +247 -0
runbooks/inventory/recover_cfn_stack_ids.py +205 -0
runbooks/inventory/requirements.txt +12 -0
runbooks/inventory/run_on_multi_accounts.py +211 -0
runbooks/inventory/tests/common_test_data.py +3661 -0
runbooks/inventory/tests/common_test_functions.py +204 -0
runbooks/inventory/tests/script_test_data.py +0 -0
runbooks/inventory/tests/setup.py +24 -0
runbooks/inventory/tests/src.py +18 -0
runbooks/inventory/tests/test_cfn_describe_stacks.py +208 -0
runbooks/inventory/tests/test_ec2_describe_instances.py +162 -0
runbooks/inventory/tests/test_inventory_modules.py +55 -0
runbooks/inventory/tests/test_lambda_list_functions.py +86 -0
runbooks/inventory/tests/test_moto_integration_example.py +273 -0
runbooks/inventory/tests/test_org_list_accounts.py +49 -0
runbooks/inventory/update_aws_actions.py +173 -0
runbooks/inventory/update_cfn_stacksets.py +1215 -0
runbooks/inventory/update_cloudwatch_logs_retention_policy.py +294 -0
runbooks/inventory/update_iam_roles_cross_accounts.py +478 -0
runbooks/inventory/update_s3_public_access_block.py +539 -0
runbooks/inventory/utils/__init__.py +23 -0
runbooks/inventory/utils/aws_helpers.py +510 -0
runbooks/inventory/utils/threading_utils.py +493 -0
runbooks/inventory/utils/validation.py +682 -0
runbooks/inventory/verify_ec2_security_groups.py +1430 -0
runbooks/main.py +785 -0
runbooks/organizations/__init__.py +12 -0
runbooks/organizations/manager.py +374 -0
runbooks/security_baseline/README.md +324 -0
runbooks/security_baseline/checklist/alternate_contacts.py +8 -1
runbooks/security_baseline/checklist/bucket_public_access.py +4 -1
runbooks/security_baseline/checklist/cloudwatch_alarm_configuration.py +9 -2
runbooks/security_baseline/checklist/guardduty_enabled.py +9 -2
runbooks/security_baseline/checklist/multi_region_instance_usage.py +5 -1
runbooks/security_baseline/checklist/root_access_key.py +6 -1
runbooks/security_baseline/config-origin.json +1 -1
runbooks/security_baseline/config.json +1 -1
runbooks/security_baseline/permission.json +1 -1
runbooks/security_baseline/report_generator.py +10 -2
runbooks/security_baseline/report_template_en.html +8 -8
runbooks/security_baseline/report_template_jp.html +8 -8
runbooks/security_baseline/report_template_kr.html +13 -13
runbooks/security_baseline/report_template_vn.html +8 -8
runbooks/security_baseline/requirements.txt +7 -0
runbooks/security_baseline/run_script.py +8 -2
runbooks/security_baseline/security_baseline_tester.py +10 -2
runbooks/security_baseline/utils/common.py +5 -1
runbooks/utils/__init__.py +204 -0
runbooks-0.6.1.dist-info/METADATA +373 -0
runbooks-0.6.1.dist-info/RECORD +237 -0
{runbooks-0.2.3.dist-info → runbooks-0.6.1.dist-info}/WHEEL +1 -1
runbooks-0.6.1.dist-info/entry_points.txt +7 -0
runbooks-0.6.1.dist-info/licenses/LICENSE +201 -0
runbooks-0.6.1.dist-info/top_level.txt +3 -0
runbooks/python101/calculator.py +0 -34
runbooks/python101/config.py +0 -1
runbooks/python101/exceptions.py +0 -16
runbooks/python101/file_manager.py +0 -218
runbooks/python101/toolkit.py +0 -153
runbooks-0.2.3.dist-info/METADATA +0 -435
runbooks-0.2.3.dist-info/RECORD +0 -61
runbooks-0.2.3.dist-info/entry_points.txt +0 -3
runbooks-0.2.3.dist-info/top_level.txt +0 -1

runbooks/inventory/list_org_accounts_users.py ADDED Viewed

@@ -0,0 +1,354 @@
+#!/usr/bin/env python3
+"""
+AWS Organizations User Inventory Discovery Script
+This script provides comprehensive discovery and enumeration capabilities for user accounts
+across AWS Organizations environments, supporting both traditional IAM users and modern
+AWS Identity Center (formerly AWS SSO) user management. It's designed for enterprise
+identity and access management teams who need complete visibility into user distribution,
+access patterns, and identity governance across large-scale multi-account deployments.
+Key Features:
+- Multi-account user discovery using assume role capabilities across AWS Organizations
+- Dual identity source support: IAM users and AWS Identity Center users
+- Comprehensive user metadata extraction with last access tracking
+- Cross-account user enumeration with organizational hierarchy mapping
+- Identity Center directory deduplication for efficient discovery
+- Enterprise reporting with CSV export and structured output
+- Profile-based authentication with support for federated access
+Enterprise Use Cases:
+- Identity governance and user access auditing across organizations
+- User lifecycle management and access certification processes
+- Security compliance reporting for identity and access management
+- Identity consolidation analysis and migration planning
+- Multi-account user access patterns and behavioral analysis
+- Identity Center adoption tracking and governance oversight
+- User account sprawl detection and cleanup initiatives
+Identity Management Features:
+- IAM user discovery with comprehensive metadata extraction including:
+  - User creation dates and last password usage tracking
+  - Access key status and last activity monitoring
+  - Policy attachments and group membership analysis
+- AWS Identity Center user enumeration with directory awareness including:
+  - Identity Center user profiles and attributes
+  - Directory instance discovery and deduplication
+  - User provisioning status and access tracking
+- Cross-account identity correlation for governance oversight
+Security Considerations:
+- Uses IAM assume role capabilities for cross-account user discovery
+- Implements proper error handling for authorization failures
+- Supports read-only operations with no user modification capabilities
+- Respects identity service permissions and regional access constraints
+- Provides comprehensive audit trail through detailed logging
+- Sensitive user information handling with appropriate access controls
+Identity Center Integration:
+- Automatic discovery of Identity Center directory instances
+- Directory deduplication to prevent duplicate user enumeration
+- Support for multiple Identity Center instances across organization
+- Integration with Identity Center user provisioning and lifecycle management
+- Identity Center user attribute and profile extraction
+Performance Considerations:
+- Sequential processing for reliable user discovery operations
+- Progress tracking for operational visibility during large-scale enumeration
+- Efficient credential management for cross-account user access
+- Memory-optimized data structures for large user inventories
+- Directory deduplication to optimize Identity Center discovery performance
+Threading Architecture:
+- Currently uses sequential processing for reliable operations
+- TODO: Multi-threading enhancement planned for improved performance
+- Thread-safe error handling and progress tracking architecture
+- Graceful degradation for account access failures
+Dependencies:
+- boto3/botocore for AWS IAM and Identity Center API interactions
+- ArgumentsClass for standardized CLI argument parsing
+- Inventory_Modules for common utility functions and credential management
+- colorama for enhanced output formatting
+- tqdm for progress tracking during user discovery
+Compliance and Audit Features:
+- Comprehensive user discovery for identity governance auditing
+- User access pattern analysis for compliance validation
+- Cross-account user visibility for organizational security oversight
+- Identity lifecycle tracking for governance and compliance management
+- User attribute and metadata extraction for compliance reporting
+Future Enhancements:
+- Multi-threading for improved performance across large organizations
+- User access pattern analysis and behavioral analytics
+- Integration with AWS CloudTrail for user activity correlation
+- User optimization recommendations for identity governance
+Author: AWS CloudOps Team
+Version: 2024.05.09
+"""
+import logging
+import sys
+from os.path import split
+from time import time
+from ArgumentsClass import CommonArguments
+from botocore.exceptions import ClientError
+from colorama import Fore, init
+from Inventory_Modules import (
+    display_results,
+    find_iam_users2,
+    find_idc_directory_id2,
+    find_idc_users2,
+    get_all_credentials,
+)
+from tqdm.auto import tqdm
+init()
+__version__ = "2024.05.09"
+ERASE_LINE = "\x1b[2K"
+begin_time = time()
+##################
+# Functions
+##################
+def parse_args(arguments):
+    """
+    Parse command line arguments for AWS Organizations user discovery operations.
+    Configures comprehensive argument parsing for multi-account, multi-region user inventory
+    operations. Supports enterprise identity and access management with profile management,
+    region targeting, organizational access controls, and identity source selection for both
+    traditional IAM users and modern AWS Identity Center user management.
+    Args:
+        arguments (list): Command line arguments from sys.argv[1:]
+    Returns:
+        argparse.Namespace: Parsed arguments containing:
+            - Profiles: List of AWS profiles to process
+            - Regions: Target regions for user discovery
+            - SkipProfiles/SkipAccounts: Exclusion filters
+            - RootOnly: Limit to organization root accounts
+            - AccessRoles: Cross-account roles for Organizations access
+            - Filename: Output file for CSV export
+            - Time: Enable performance timing metrics
+            - loglevel: Logging verbosity configuration
+            - pIdentityCenter: Enable AWS Identity Center user discovery
+            - pIAM: Enable IAM user discovery
+    Configuration Options:
+        - Multi-region scanning with region filters for targeted user analysis
+        - Multi-profile support for federated access across identity infrastructure
+        - Extended arguments for advanced filtering and account selection
+        - Root-only mode for organization-level user inventory
+        - Role-based access for cross-account user discovery
+        - File output for integration with identity management tools
+        - Timing metrics for performance optimization and monitoring
+        - Verbose logging for debugging and identity governance audit
+    Identity Source Selection:
+        - IAM flag (--iam): Enable traditional IAM user discovery and enumeration
+        - Identity Center flag (--idc): Enable AWS Identity Center user discovery
+        - Default behavior: Both identity sources enabled when neither flag specified
+        - Selective discovery for focused identity analysis and governance
+    Enterprise Identity Management:
+        - Multi-account user discovery across organizational boundaries
+        - Identity source flexibility for migration and governance planning
+        - Cross-account user enumeration with organizational hierarchy mapping
+        - Identity governance and compliance reporting capabilities
+    """
+    script_path, script_name = split(sys.argv[0])
+    parser = CommonArguments()
+    parser.my_parser.description = "Discover and enumerate both IAM users and AWS Identity Center users across AWS Organizations for enterprise identity governance and access management."
+    parser.multiprofile()
+    parser.multiregion()
+    parser.extendedargs()
+    parser.rootOnly()
+    parser.rolestouse()
+    parser.save_to_file()
+    parser.verbosity()
+    parser.timing()
+    parser.version(__version__)
+    local = parser.my_parser.add_argument_group(script_name, "Parameters specific to this script")
+    local.add_argument(
+        "--idc",
+        dest="pIdentityCenter",
+        action="store_true",  # Defaults to False
+        help="Enable AWS Identity Center user discovery only - supports modern centralized identity management with directory integration",
+    )
+    local.add_argument(
+        "--iam",
+        dest="pIAM",
+        action="store_true",  # Defaults to False
+        help="Enable traditional IAM user discovery only - supports legacy identity management and direct account access patterns",
+    )
+    return parser.my_parser.parse_args(arguments)
+def find_all_org_users(f_credentials, f_IDC: bool, f_IAM: bool) -> list:
+    """
+    Discover and enumerate user accounts across AWS Organizations supporting both IAM and Identity Center.
+    Performs comprehensive user discovery using sequential processing to efficiently inventory
+    users across enterprise AWS environments. Supports dual identity sources with directory
+    deduplication and comprehensive metadata extraction for enterprise identity governance.
+    Args:
+        f_credentials (list): List of credential dictionaries for cross-account access containing:
+            - AccountId: AWS account number
+            - Success: Boolean indicating credential validity
+            - ErrorMessage: Error details for failed credential attempts
+            - RolesTried: List of roles attempted for access
+        f_IDC (bool): Enable AWS Identity Center user discovery
+        f_IAM (bool): Enable traditional IAM user discovery
+    Returns:
+        list: Comprehensive list of user dictionaries containing:
+            - MgmtAccount: Management account identifier for organizational hierarchy
+            - AccountId: AWS account containing the user
+            - Region: AWS region where user is managed
+            - UserName: User account name or identifier
+            - PasswordLastUsed: Last password usage timestamp (IAM users)
+            - Type: User source type (IAM or Identity Center)
+            - Additional metadata based on user type and source
+    Identity Discovery Features:
+        - IAM user enumeration with comprehensive metadata extraction
+        - Identity Center user discovery with directory awareness
+        - Directory instance deduplication for efficient discovery
+        - Cross-account user correlation for governance oversight
+        - User access pattern tracking for compliance analysis
+    Performance Considerations:
+        - Sequential processing for reliable user discovery operations
+        - Progress tracking for operational visibility during enumeration
+        - Directory deduplication to optimize Identity Center discovery
+        - Memory-optimized data structures for large user inventories
+        - TODO: Multi-threading enhancement planned for improved performance
+    Error Handling:
+        - Authorization failure detection with appropriate logging
+        - AWS API error management with graceful degradation
+        - Credential validation and failure tracking
+        - Comprehensive error reporting for troubleshooting
+    Identity Center Integration:
+        - Automatic discovery of Identity Center directory instances
+        - Directory deduplication to prevent duplicate user enumeration
+        - Support for multiple Identity Center instances across organization
+        - Integration with Identity Center user provisioning and lifecycle
+    Enterprise Identity Governance:
+        - Cross-account user visibility for organizational security oversight
+        - User lifecycle tracking for governance and compliance management
+        - Identity source correlation for migration and governance planning
+        - User attribute and metadata extraction for compliance reporting
+    """
+    User_List = []
+    directories_seen = set()
+    # TODO: Enhance with multi-threading for improved performance across large organizations
+    for credential in tqdm(
+        f_credentials, desc=f"Looking for users across {len(f_credentials)} Accounts", unit=" accounts"
+    ):
+        # Skip credentials that failed validation
+        if not credential["Success"]:
+            logging.info(f"{credential['ErrorMessage']} with roles: {credential['RolesTried']}")
+            continue
+        # Discover traditional IAM users if requested
+        if f_IAM:
+            try:
+                # Call inventory module to discover IAM users in this account
+                User_List.extend(find_iam_users2(credential))
+                # Optional verbose logging for user discovery progress (currently commented)
+                # logging.info(f"{ERASE_LINE}Account: {credential['AccountId']} Found {len(User_List)} users")
+            except ClientError as my_Error:
+                # Handle IAM API authorization failures gracefully
+                if "AuthFailure" in str(my_Error):
+                    logging.error(f"{ERASE_LINE}{credential}: Authorization Failure")
+        # Discover AWS Identity Center users if requested
+        if f_IDC:
+            try:
+                # Find out if this account hosts an Identity Center with a user directory
+                directory_ids = find_idc_directory_id2(credential)
+                for directory_instance_id in directory_ids:
+                    # Directory deduplication: if we've already interrogated this directory, skip it
+                    if directory_instance_id in directories_seen:
+                        continue
+                    else:
+                        # Mark this directory as processed and discover users
+                        directories_seen.update(directory_ids)
+                        User_List.extend(find_idc_users2(credential, directory_instance_id))
+                # Optional verbose logging for user discovery progress (currently commented)
+                # logging.info(f"{ERASE_LINE}Account: {credential['AccountId']} Found {len(User_List)} users")
+            except ClientError as my_Error:
+                # Handle Identity Center API authorization failures gracefully
+                if "AuthFailure" in str(my_Error):
+                    logging.error(f"{ERASE_LINE}{credential}: Authorization Failure")
+    return User_List
+##################
+# Main
+##################
+if __name__ == "__main__":
+    args = parse_args(sys.argv[1:])
+    pProfiles = args.Profiles
+    pRegionList = args.Regions
+    pAccounts = args.Accounts
+    pSkipAccounts = args.SkipAccounts
+    pSkipProfiles = args.SkipProfiles
+    pAccessRoles = args.AccessRoles
+    pFilename = args.Filename
+    pIdentityCenter = args.pIdentityCenter
+    pIAM = args.pIAM
+    # Although I want to the flags to remain
+    if not pIAM and not pIdentityCenter:
+        pIdentityCenter = True
+        pIAM = True
+    pRootOnly = args.RootOnly
+    pTiming = args.Time
+    verbose = args.loglevel
+    logging.basicConfig(level=verbose, format="[%(filename)s:%(lineno)s - %(funcName)20s() ] %(message)s")
+    logging.getLogger("boto3").setLevel(logging.CRITICAL)
+    logging.getLogger("botocore").setLevel(logging.CRITICAL)
+    logging.getLogger("s3transfer").setLevel(logging.CRITICAL)
+    logging.getLogger("urllib3").setLevel(logging.CRITICAL)
+    CredentialList = get_all_credentials(
+        pProfiles, pTiming, pSkipProfiles, pSkipAccounts, pRootOnly, pAccounts, pRegionList, pAccessRoles
+    )
+    SuccessfulAccountAccesses = [x for x in CredentialList if x["Success"]]
+    UserListing = find_all_org_users(CredentialList, pIdentityCenter, pIAM)
+    sorted_UserListing = sorted(
+        UserListing, key=lambda k: (k["MgmtAccount"], k["AccountId"], k["Region"], k["UserName"])
+    )
+    display_dict = {
+        "MgmtAccount": {"DisplayOrder": 1, "Heading": "Mgmt Acct"},
+        "AccountId": {"DisplayOrder": 2, "Heading": "Acct Number"},
+        "Region": {"DisplayOrder": 3, "Heading": "Region"},
+        "UserName": {"DisplayOrder": 4, "Heading": "User Name"},
+        "PasswordLastUsed": {"DisplayOrder": 5, "Heading": "Last Used"},
+        "Type": {"DisplayOrder": 6, "Heading": "Source"},
+    }
+    display_results(sorted_UserListing, display_dict, "N/A", pFilename)
+    if pTiming:
+        print(ERASE_LINE)
+        print(f"{Fore.GREEN}This script took {time() - begin_time:.2f} seconds{Fore.RESET}")
+    print(ERASE_LINE)
+    print(
+        f"Found {len(UserListing)} users across {len(SuccessfulAccountAccesses)} account{'' if len(SuccessfulAccountAccesses) == 1 else 's'}"
+    )
+    print()
+    print("Thank you for using this script")
+    print()

runbooks 0.2.3__py3-none-any.whl → 0.6.1__py3-none-any.whl

runbooks 0.2.3py3-none-any.whl → 0.6.1py3-none-any.whl