PyPI - runbooks - Versions diffs - 0.2.5__py3-none-any.whl → 0.7.0__py3-none-any.whl - Mend

runbooks 0.2.5py3-none-any.whl → 0.7.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (249) hide show

conftest.py +26 -0
jupyter-agent/.env +2 -0
jupyter-agent/.env.template +2 -0
jupyter-agent/.gitattributes +35 -0
jupyter-agent/.gradio/certificate.pem +31 -0
jupyter-agent/README.md +16 -0
jupyter-agent/__main__.log +8 -0
jupyter-agent/app.py +256 -0
jupyter-agent/cloudops-agent.png +0 -0
jupyter-agent/ds-system-prompt.txt +154 -0
jupyter-agent/jupyter-agent.png +0 -0
jupyter-agent/llama3_template.jinja +123 -0
jupyter-agent/requirements.txt +9 -0
jupyter-agent/tmp/4ojbs8a02ir/jupyter-agent.ipynb +68 -0
jupyter-agent/tmp/cm5iasgpm3p/jupyter-agent.ipynb +91 -0
jupyter-agent/tmp/crqbsseag5/jupyter-agent.ipynb +91 -0
jupyter-agent/tmp/hohanq1u097/jupyter-agent.ipynb +57 -0
jupyter-agent/tmp/jns1sam29wm/jupyter-agent.ipynb +53 -0
jupyter-agent/tmp/jupyter-agent.ipynb +27 -0
jupyter-agent/utils.py +409 -0
runbooks/__init__.py +71 -3
runbooks/__main__.py +13 -0
runbooks/aws/ec2_describe_instances.py +1 -1
runbooks/aws/ec2_run_instances.py +8 -2
runbooks/aws/ec2_start_stop_instances.py +17 -4
runbooks/aws/ec2_unused_volumes.py +5 -1
runbooks/aws/s3_create_bucket.py +4 -2
runbooks/aws/s3_list_objects.py +6 -1
runbooks/aws/tagging_lambda_handler.py +13 -2
runbooks/aws/tags.json +12 -0
runbooks/base.py +353 -0
runbooks/cfat/README.md +49 -0
runbooks/cfat/__init__.py +74 -0
runbooks/cfat/app.ts +644 -0
runbooks/cfat/assessment/__init__.py +40 -0
runbooks/cfat/assessment/asana-import.csv +39 -0
runbooks/cfat/assessment/cfat-checks.csv +31 -0
runbooks/cfat/assessment/cfat.txt +520 -0
runbooks/cfat/assessment/collectors.py +200 -0
runbooks/cfat/assessment/jira-import.csv +39 -0
runbooks/cfat/assessment/runner.py +387 -0
runbooks/cfat/assessment/validators.py +290 -0
runbooks/cfat/cli.py +103 -0
runbooks/cfat/docs/asana-import.csv +24 -0
runbooks/cfat/docs/cfat-checks.csv +31 -0
runbooks/cfat/docs/cfat.txt +335 -0
runbooks/cfat/docs/checks-output.png +0 -0
runbooks/cfat/docs/cloudshell-console-run.png +0 -0
runbooks/cfat/docs/cloudshell-download.png +0 -0
runbooks/cfat/docs/cloudshell-output.png +0 -0
runbooks/cfat/docs/downloadfile.png +0 -0
runbooks/cfat/docs/jira-import.csv +24 -0
runbooks/cfat/docs/open-cloudshell.png +0 -0
runbooks/cfat/docs/report-header.png +0 -0
runbooks/cfat/models.py +1026 -0
runbooks/cfat/package-lock.json +5116 -0
runbooks/cfat/package.json +38 -0
runbooks/cfat/report.py +496 -0
runbooks/cfat/reporting/__init__.py +46 -0
runbooks/cfat/reporting/exporters.py +337 -0
runbooks/cfat/reporting/formatters.py +496 -0
runbooks/cfat/reporting/templates.py +135 -0
runbooks/cfat/run-assessment.sh +23 -0
runbooks/cfat/runner.py +69 -0
runbooks/cfat/src/actions/check-cloudtrail-existence.ts +43 -0
runbooks/cfat/src/actions/check-config-existence.ts +37 -0
runbooks/cfat/src/actions/check-control-tower.ts +37 -0
runbooks/cfat/src/actions/check-ec2-existence.ts +46 -0
runbooks/cfat/src/actions/check-iam-users.ts +50 -0
runbooks/cfat/src/actions/check-legacy-cur.ts +30 -0
runbooks/cfat/src/actions/check-org-cloudformation.ts +30 -0
runbooks/cfat/src/actions/check-vpc-existence.ts +43 -0
runbooks/cfat/src/actions/create-asanaimport.ts +14 -0
runbooks/cfat/src/actions/create-backlog.ts +372 -0
runbooks/cfat/src/actions/create-jiraimport.ts +15 -0
runbooks/cfat/src/actions/create-report.ts +616 -0
runbooks/cfat/src/actions/define-account-type.ts +51 -0
runbooks/cfat/src/actions/get-enabled-org-policy-types.ts +40 -0
runbooks/cfat/src/actions/get-enabled-org-services.ts +26 -0
runbooks/cfat/src/actions/get-idc-info.ts +34 -0
runbooks/cfat/src/actions/get-org-da-accounts.ts +34 -0
runbooks/cfat/src/actions/get-org-details.ts +35 -0
runbooks/cfat/src/actions/get-org-member-accounts.ts +44 -0
runbooks/cfat/src/actions/get-org-ous.ts +35 -0
runbooks/cfat/src/actions/get-regions.ts +22 -0
runbooks/cfat/src/actions/zip-assessment.ts +27 -0
runbooks/cfat/src/types/index.d.ts +147 -0
runbooks/cfat/tests/__init__.py +141 -0
runbooks/cfat/tests/test_cli.py +340 -0
runbooks/cfat/tests/test_integration.py +290 -0
runbooks/cfat/tests/test_models.py +505 -0
runbooks/cfat/tests/test_reporting.py +354 -0
runbooks/cfat/tsconfig.json +16 -0
runbooks/cfat/webpack.config.cjs +27 -0
runbooks/config.py +260 -0
runbooks/finops/README.md +337 -0
runbooks/finops/__init__.py +86 -0
runbooks/finops/aws_client.py +245 -0
runbooks/finops/cli.py +151 -0
runbooks/finops/cost_processor.py +410 -0
runbooks/finops/dashboard_runner.py +448 -0
runbooks/finops/helpers.py +355 -0
runbooks/finops/main.py +14 -0
runbooks/finops/profile_processor.py +174 -0
runbooks/finops/types.py +66 -0
runbooks/finops/visualisations.py +80 -0
runbooks/inventory/.gitignore +354 -0
runbooks/inventory/ArgumentsClass.py +261 -0
runbooks/inventory/FAILED_SCRIPTS_TROUBLESHOOTING.md +619 -0
runbooks/inventory/Inventory_Modules.py +6130 -0
runbooks/inventory/LandingZone/delete_lz.py +1075 -0
runbooks/inventory/PASSED_SCRIPTS_GUIDE.md +738 -0
runbooks/inventory/README.md +1320 -0
runbooks/inventory/__init__.py +62 -0
runbooks/inventory/account_class.py +532 -0
runbooks/inventory/all_my_instances_wrapper.py +123 -0
runbooks/inventory/aws_decorators.py +201 -0
runbooks/inventory/aws_organization.png +0 -0
runbooks/inventory/cfn_move_stack_instances.py +1526 -0
runbooks/inventory/check_cloudtrail_compliance.py +614 -0
runbooks/inventory/check_controltower_readiness.py +1107 -0
runbooks/inventory/check_landingzone_readiness.py +711 -0
runbooks/inventory/cloudtrail.md +727 -0
runbooks/inventory/collectors/__init__.py +20 -0
runbooks/inventory/collectors/aws_compute.py +518 -0
runbooks/inventory/collectors/aws_networking.py +275 -0
runbooks/inventory/collectors/base.py +222 -0
runbooks/inventory/core/__init__.py +19 -0
runbooks/inventory/core/collector.py +303 -0
runbooks/inventory/core/formatter.py +296 -0
runbooks/inventory/delete_s3_buckets_objects.py +169 -0
runbooks/inventory/discovery.md +81 -0
runbooks/inventory/draw_org_structure.py +748 -0
runbooks/inventory/ec2_vpc_utils.py +341 -0
runbooks/inventory/find_cfn_drift_detection.py +272 -0
runbooks/inventory/find_cfn_orphaned_stacks.py +719 -0
runbooks/inventory/find_cfn_stackset_drift.py +733 -0
runbooks/inventory/find_ec2_security_groups.py +669 -0
runbooks/inventory/find_landingzone_versions.py +201 -0
runbooks/inventory/find_vpc_flow_logs.py +1221 -0
runbooks/inventory/inventory.sh +659 -0
runbooks/inventory/list_cfn_stacks.py +558 -0
runbooks/inventory/list_cfn_stackset_operation_results.py +252 -0
runbooks/inventory/list_cfn_stackset_operations.py +734 -0
runbooks/inventory/list_cfn_stacksets.py +453 -0
runbooks/inventory/list_config_recorders_delivery_channels.py +681 -0
runbooks/inventory/list_ds_directories.py +354 -0
runbooks/inventory/list_ec2_availability_zones.py +286 -0
runbooks/inventory/list_ec2_ebs_volumes.py +244 -0
runbooks/inventory/list_ec2_instances.py +425 -0
runbooks/inventory/list_ecs_clusters_and_tasks.py +562 -0
runbooks/inventory/list_elbs_load_balancers.py +411 -0
runbooks/inventory/list_enis_network_interfaces.py +526 -0
runbooks/inventory/list_guardduty_detectors.py +568 -0
runbooks/inventory/list_iam_policies.py +404 -0
runbooks/inventory/list_iam_roles.py +518 -0
runbooks/inventory/list_iam_saml_providers.py +359 -0
runbooks/inventory/list_lambda_functions.py +882 -0
runbooks/inventory/list_org_accounts.py +446 -0
runbooks/inventory/list_org_accounts_users.py +354 -0
runbooks/inventory/list_rds_db_instances.py +406 -0
runbooks/inventory/list_route53_hosted_zones.py +318 -0
runbooks/inventory/list_servicecatalog_provisioned_products.py +575 -0
runbooks/inventory/list_sns_topics.py +360 -0
runbooks/inventory/list_ssm_parameters.py +402 -0
runbooks/inventory/list_vpc_subnets.py +433 -0
runbooks/inventory/list_vpcs.py +422 -0
runbooks/inventory/lockdown_cfn_stackset_role.py +224 -0
runbooks/inventory/models/__init__.py +24 -0
runbooks/inventory/models/account.py +192 -0
runbooks/inventory/models/inventory.py +309 -0
runbooks/inventory/models/resource.py +247 -0
runbooks/inventory/recover_cfn_stack_ids.py +205 -0
runbooks/inventory/requirements.txt +12 -0
runbooks/inventory/run_on_multi_accounts.py +211 -0
runbooks/inventory/tests/common_test_data.py +3661 -0
runbooks/inventory/tests/common_test_functions.py +204 -0
runbooks/inventory/tests/setup.py +24 -0
runbooks/inventory/tests/src.py +18 -0
runbooks/inventory/tests/test_cfn_describe_stacks.py +208 -0
runbooks/inventory/tests/test_ec2_describe_instances.py +162 -0
runbooks/inventory/tests/test_inventory_modules.py +55 -0
runbooks/inventory/tests/test_lambda_list_functions.py +86 -0
runbooks/inventory/tests/test_moto_integration_example.py +273 -0
runbooks/inventory/tests/test_org_list_accounts.py +49 -0
runbooks/inventory/update_aws_actions.py +173 -0
runbooks/inventory/update_cfn_stacksets.py +1215 -0
runbooks/inventory/update_cloudwatch_logs_retention_policy.py +294 -0
runbooks/inventory/update_iam_roles_cross_accounts.py +478 -0
runbooks/inventory/update_s3_public_access_block.py +539 -0
runbooks/inventory/utils/__init__.py +23 -0
runbooks/inventory/utils/aws_helpers.py +510 -0
runbooks/inventory/utils/threading_utils.py +493 -0
runbooks/inventory/utils/validation.py +682 -0
runbooks/inventory/verify_ec2_security_groups.py +1430 -0
runbooks/main.py +1004 -0
runbooks/organizations/__init__.py +12 -0
runbooks/organizations/manager.py +374 -0
runbooks/security/README.md +447 -0
runbooks/security/__init__.py +71 -0
runbooks/{security_baseline → security}/checklist/alternate_contacts.py +8 -1
runbooks/{security_baseline → security}/checklist/bucket_public_access.py +4 -1
runbooks/{security_baseline → security}/checklist/cloudwatch_alarm_configuration.py +9 -2
runbooks/{security_baseline → security}/checklist/guardduty_enabled.py +9 -2
runbooks/{security_baseline → security}/checklist/multi_region_instance_usage.py +5 -1
runbooks/{security_baseline → security}/checklist/root_access_key.py +6 -1
runbooks/{security_baseline → security}/config-origin.json +1 -1
runbooks/{security_baseline → security}/config.json +1 -1
runbooks/{security_baseline → security}/permission.json +1 -1
runbooks/{security_baseline → security}/report_generator.py +10 -2
runbooks/{security_baseline → security}/report_template_en.html +7 -7
runbooks/{security_baseline → security}/report_template_jp.html +7 -7
runbooks/{security_baseline → security}/report_template_kr.html +12 -12
runbooks/{security_baseline → security}/report_template_vn.html +7 -7
runbooks/{security_baseline → security}/run_script.py +8 -2
runbooks/{security_baseline → security}/security_baseline_tester.py +12 -4
runbooks/{security_baseline → security}/utils/common.py +5 -1
runbooks/utils/__init__.py +204 -0
runbooks-0.7.0.dist-info/METADATA +375 -0
runbooks-0.7.0.dist-info/RECORD +249 -0
{runbooks-0.2.5.dist-info → runbooks-0.7.0.dist-info}/WHEEL +1 -1
runbooks-0.7.0.dist-info/entry_points.txt +7 -0
runbooks-0.7.0.dist-info/licenses/LICENSE +201 -0
runbooks-0.7.0.dist-info/top_level.txt +3 -0
runbooks/python101/calculator.py +0 -34
runbooks/python101/config.py +0 -1
runbooks/python101/exceptions.py +0 -16
runbooks/python101/file_manager.py +0 -218
runbooks/python101/toolkit.py +0 -153
runbooks-0.2.5.dist-info/METADATA +0 -439
runbooks-0.2.5.dist-info/RECORD +0 -61
runbooks-0.2.5.dist-info/entry_points.txt +0 -3
runbooks-0.2.5.dist-info/top_level.txt +0 -1
/runbooks/{security_baseline/__init__.py → inventory/tests/script_test_data.py} +0 -0
/runbooks/{security_baseline → security}/checklist/__init__.py +0 -0
/runbooks/{security_baseline → security}/checklist/account_level_bucket_public_access.py +0 -0
/runbooks/{security_baseline → security}/checklist/direct_attached_policy.py +0 -0
/runbooks/{security_baseline → security}/checklist/iam_password_policy.py +0 -0
/runbooks/{security_baseline → security}/checklist/iam_user_mfa.py +0 -0
/runbooks/{security_baseline → security}/checklist/multi_region_trail.py +0 -0
/runbooks/{security_baseline → security}/checklist/root_mfa.py +0 -0
/runbooks/{security_baseline → security}/checklist/root_usage.py +0 -0
/runbooks/{security_baseline → security}/checklist/trail_enabled.py +0 -0
/runbooks/{security_baseline → security}/checklist/trusted_advisor.py +0 -0
/runbooks/{security_baseline → security}/utils/__init__.py +0 -0
/runbooks/{security_baseline → security}/utils/enums.py +0 -0
/runbooks/{security_baseline → security}/utils/language.py +0 -0
/runbooks/{security_baseline → security}/utils/level_const.py +0 -0
/runbooks/{security_baseline → security}/utils/permission_list.py +0 -0

runbooks/inventory/list_guardduty_detectors.py ADDED Viewed

@@ -0,0 +1,568 @@
+#!/usr/bin/env python3
+"""
+AWS GuardDuty Detector Discovery and Management Script
+This script provides comprehensive discovery, inventory, and management capabilities for
+AWS GuardDuty detectors and invitations across multiple accounts and regions. It's designed
+for enterprise security teams who need visibility into GuardDuty deployment status,
+detector configuration, and administrative relationships across large-scale AWS environments.
+Key Features:
+- Multi-account GuardDuty detector discovery using assume role capabilities
+- Multi-region scanning with GuardDuty-enabled region targeting
+- GuardDuty invitation tracking and management for organizational security
+- Administrative account detection with member account relationship mapping
+- Detector deletion capabilities with safety controls for cleanup operations
+- Enterprise reporting with detailed detector and invitation analysis
+- Profile-based authentication with support for federated access
+Enterprise Use Cases:
+- Security posture assessment and GuardDuty deployment validation
+- GuardDuty administrative relationship mapping across organizations
+- Security service cleanup and consolidation during account transitions
+- Compliance reporting for threat detection service coverage
+- Multi-account security governance and standardization
+- GuardDuty cost optimization through detector lifecycle management
+- Security incident response planning with detector coverage analysis
+GuardDuty Management Features:
+- Detector enumeration with administrative status identification
+- Member account relationship tracking for security hierarchy mapping
+- Invitation discovery and cleanup for organizational security management
+- Multi-region detector coverage analysis for comprehensive protection
+- Administrative account detection with member count reporting
+- Detector deletion with safety controls and confirmation mechanisms
+Security Considerations:
+- Uses IAM assume role capabilities for cross-account GuardDuty access
+- Implements proper error handling for authorization failures
+- Supports both read-only discovery and controlled deletion operations
+- Respects GuardDuty service permissions and regional availability constraints
+- Provides comprehensive audit trail through detailed logging
+- Implements safety controls for destructive operations with confirmation prompts
+GuardDuty Administrative Analysis:
+- Administrative account identification and member relationship mapping
+- Invitation status tracking for organizational security coordination
+- Detector configuration analysis across organizational boundaries
+- Security service coverage assessment for compliance validation
+- Multi-account threat detection architecture documentation
+Deletion and Cleanup Features:
+- Safe detector deletion with confirmation mechanisms
+- Invitation cleanup for organizational security management
+- Member disassociation handling for administrative relationship changes
+- Comprehensive error handling for cleanup operation failures
+- Audit logging for all deletion and modification operations
+Performance Considerations:
+- Sequential processing for reliable GuardDuty API operations
+- Progress tracking for operational visibility during large-scale operations
+- Efficient credential management for cross-account security access
+- Region-aware processing optimized for GuardDuty service availability
+- Memory-optimized data structures for large security inventories
+Dependencies:
+- boto3/botocore for AWS GuardDuty API interactions
+- Inventory_Modules for common utility functions and credential management
+- ArgumentsClass for standardized CLI argument parsing
+- account_class for AWS account access and session management
+- colorama for enhanced output formatting
+Safety and Compliance:
+- Confirmation prompts for destructive operations
+- Comprehensive logging for security audit trails
+- Error handling for failed deletion operations
+- Member account protection during administrative cleanup
+- Force deletion capability with additional safety controls
+Future Enhancements:
+- GuardDuty finding analysis and threat intelligence integration
+- Automated detector configuration compliance checking
+- Integration with AWS Config for security service drift detection
+- Cost analysis and optimization recommendations for GuardDuty usage
+Author: AWS CloudOps Team
+Version: 2023.07.18
+"""
+import logging
+import sys
+import boto3
+import Inventory_Modules
+from account_class import aws_acct_access
+from ArgumentsClass import CommonArguments
+from botocore.exceptions import ClientError
+from colorama import Fore, init
+from Inventory_Modules import get_all_credentials
+init()
+__version__ = "2023.07.18"
+# Parse enterprise command-line arguments with GuardDuty-specific security management options
+parser = CommonArguments()
+parser.singleprofile()  # Single profile mode for focused GuardDuty operations
+parser.multiregion_nodefault()  # Multi-region scanning without default region assumptions
+parser.extendedargs()  # Extended arguments for advanced filtering and account selection
+parser.deletion()  # Deletion capabilities with safety controls for GuardDuty cleanup
+parser.rootOnly()  # Organization root account limitation for security governance
+parser.rolestouse()  # Cross-account roles for Organizations GuardDuty access
+parser.timing()  # Performance timing for operational optimization
+parser.verbosity()  # Logging verbosity for security operations audit trail
+parser.version(__version__)  # Version information for operational documentation
+# Add GuardDuty-specific deletion and management arguments
+parser.my_parser.add_argument(
+    "+delete",
+    "+forreal",
+    "+fix",
+    dest="flagDelete",
+    action="store_true",
+    help="Enable GuardDuty detector deletion operations - DESTRUCTIVE ACTION with confirmation prompts for security cleanup",
+)
+# Parse all command-line arguments for GuardDuty security management operations
+args = parser.my_parser.parse_args()
+# Extract configuration parameters for multi-account GuardDuty security management
+pProfile = args.Profile  # AWS profile for GuardDuty administrative access
+pRegions = args.Regions  # Target regions for GuardDuty detector enumeration
+pSkipAccounts = args.SkipAccounts  # Account exclusion list for organizational policy compliance
+pSkipProfiles = args.SkipProfiles  # Profile exclusion for credential optimization
+pAccounts = args.Accounts  # Specific account targeting for focused security analysis
+pRootOnly = args.RootOnly  # Organization root account limitation flag
+pRolesToUse = args.AccessRoles  # Cross-account roles for Organizations security access
+verbose = args.loglevel  # Logging verbosity for security operations visibility
+DeletionRun = args.flagDelete  # Enable detector deletion operations - CRITICAL SECURITY FLAG
+ForceDelete = args.Force  # Override safety confirmations for automated security workflows
+pTiming = args.Time  # Performance timing for operational optimization
+# Configure enterprise logging infrastructure for GuardDuty operations audit trail
+logging.basicConfig(level=verbose, format="[%(filename)s:%(lineno)s - %(funcName)20s() ] %(message)s")
+logging.getLogger("boto3").setLevel(logging.CRITICAL)
+logging.getLogger("botocore").setLevel(logging.CRITICAL)
+logging.getLogger("s3transfer").setLevel(logging.CRITICAL)
+logging.getLogger("urllib3").setLevel(logging.CRITICAL)
+##########################
+# Initialize enterprise GuardDuty discovery and security management operations
+##########################
+ERASE_LINE = "\x1b[2K"
+# Initialize AWS account access for GuardDuty administrative operations
+aws_acct = aws_acct_access(pProfile)
+# Initialize enterprise GuardDuty inventory tracking and metrics
+NumObjectsFound = 0  # Total detector count across all accounts and regions
+session_gd = aws_acct.session  # Primary session for GuardDuty administrative operations
+all_gd_detectors = []  # Comprehensive detector inventory with administrative relationships
+all_gd_invites = []  # GuardDuty invitation tracking for organizational security coordination
+GD_Admin_Accounts = []  # Administrative account tracking for security hierarchy mapping
+# Configure GuardDuty-enabled regions for comprehensive threat detection coverage
+# This validation ensures we only scan regions where GuardDuty service is available and enabled
+if pRegions is None:
+    pRegions = ["all"]  # Default to all available GuardDuty regions for comprehensive security coverage
+# Discover GuardDuty-enabled regions across organizational accounts
+gd_regions = Inventory_Modules.get_regions3(aws_acct, pRegions)
+# Execute enterprise credential discovery and validation across organizational GuardDuty infrastructure
+AllCredentials = get_all_credentials(
+    pProfile, pTiming, pSkipProfiles, pSkipAccounts, pRootOnly, pAccounts, gd_regions, pRolesToUse
+)
+# Calculate organizational scope for executive security management reporting
+RegionList = list(set([x["Region"] for x in AllCredentials]))
+AccountList = list(set([x["AccountId"] for x in AllCredentials]))
+print(f"Searching {len(AccountList)} accounts and {len(RegionList)} regions for GuardDuty detectors")
+# Initialize STS session for cross-account credential validation and security token management
+sts_session = aws_acct.session
+sts_client = sts_session.client("sts")
+# Execute comprehensive GuardDuty detector and invitation discovery across organizational accounts
+places_to_try = len(AllCredentials)  # Progress tracking for operational visibility
+# Main GuardDuty discovery loop - Sequential processing for reliable security service enumeration
+for credential in AllCredentials:
+    logging.info(f"Checking Account: {credential['AccountId']}")
+    # Legacy credential access pattern (commented out for reference)
+    # This was the original approach for cross-account access before credential pre-processing
+    # try:
+    #     account_credentials = Inventory_Modules.get_child_access3(aws_acct, account['AccountId'])
+    # except ClientError as my_Error:
+    #     if "AuthFailure" in str(my_Error):
+    #         print(f"Authorization Failure for account {account['AccountId']}")
+    #     sys.exit("Credentials failure")
+    logging.info(f"Checking Region: {credential['Region']}")
+    places_to_try -= 1  # Decrement progress counter for operational tracking
+    try:
+        # Establish AWS session for GuardDuty API operations using pre-validated credentials
+        # This session enables cross-account GuardDuty detector and invitation discovery
+        session_aws = boto3.Session(
+            aws_access_key_id=credential["AccessKeyId"],
+            aws_secret_access_key=credential["SecretAccessKey"],
+            aws_session_token=credential["SessionToken"],
+            region_name=credential["Region"],
+        )
+        # Initialize GuardDuty client for security service API operations
+        client_aws = session_aws.client("guardduty")
+        logging.debug(f"Token Info: {credential} in region {credential['Region']}")
+        # Execute GuardDuty invitation discovery for organizational security coordination
+        # Invitations represent pending or active administrative relationships between accounts
+        logging.info(f"Finding any invites for account: {credential['AccountId']} in region {credential['Region']}")
+        response = client_aws.list_invitations()
+        logging.debug(
+            f"Finished listing invites for account: {credential['AccountId']} in region {credential['Region']}"
+        )
+    except ClientError as my_Error:
+        # Handle AWS API authorization failures with comprehensive error analysis
+        if "AuthFailure" in str(my_Error):
+            print(f"{credential['AccountId']}: Authorization Failure for account {credential['AccountId']}")
+            continue  # Skip this account/region combination but continue processing others
+        # Handle invalid security token errors typically caused by region opt-in issues
+        if str(my_Error).find("security token included in the request is invalid") > 0:
+            logging.error(
+                f"Account #:{credential['AccountId']} - The region you're trying '{credential['Region']}' isn't enabled for your account"
+            )
+            continue  # Skip disabled regions but continue with other regions
+    except Exception as my_Error:
+        # Handle unexpected errors during GuardDuty API operations
+        print(my_Error)
+        continue  # Continue processing despite unexpected errors for operational resilience
+    # Process discovered GuardDuty invitations for organizational security coordination
+    try:
+        if "Invitations" in response.keys():
+            # Process each invitation to build comprehensive security relationship mapping
+            for i in range(len(response["Invitations"])):
+                # Create invitation record with credentials for future management operations
+                invitation_record = {
+                    "AccountId": response["Invitations"][i]["AccountId"],  # Administrative account identifier
+                    "InvitationId": response["Invitations"][i]["InvitationId"],  # Unique invitation identifier
+                    "Region": credential["Region"],  # Regional context for security coordination
+                    "AccessKeyId": credential["AccessKeyId"],  # Credentials for invitation management
+                    "SecretAccessKey": credential["SecretAccessKey"],  # Security credentials for API operations
+                    "SessionToken": credential["SessionToken"],  # Session token for temporary access
+                }
+                # Add to enterprise GuardDuty invitation inventory for administrative tracking
+                all_gd_invites.append(invitation_record)
+                # Log invitation discovery for security audit trail and organizational visibility
+                logging.error(
+                    f"Found invite ID {response['Invitations'][i]['InvitationId']} in account {response['Invitations'][i]['AccountId']} in region {credential['Region']}"
+                )
+    except NameError:
+        # Handle cases where response variable is undefined due to API errors
+        # This ensures graceful handling of failed invitation discovery operations
+        pass
+    # Execute comprehensive GuardDuty detector discovery with administrative relationship analysis
+    try:
+        # Display progress information for operational visibility during large-scale security operations
+        print(
+            f"{ERASE_LINE}Trying account {credential['AccountId']} in region {credential['Region']} -- {places_to_try} left of {len(AllCredentials)}",
+            end="\r",
+        )
+        # Execute GuardDuty detector enumeration for security service inventory
+        response = client_aws.list_detectors()
+        # Process discovered detectors with comprehensive metadata extraction and administrative analysis
+        if len(response["DetectorIds"]) > 0:
+            # Update enterprise security service metrics and tracking
+            NumObjectsFound = NumObjectsFound + len(response["DetectorIds"])
+            # Analyze administrative relationships and member account associations
+            # This is critical for understanding GuardDuty security hierarchy and governance structure
+            admin_acct_response = client_aws.list_members(
+                DetectorId=str(response["DetectorIds"][0]),
+                OnlyAssociated="False",  # Include both associated and pending member accounts
+            )
+            # Log detector discovery for security audit trail and operational tracking
+            logging.warning(
+                f"Found another detector {str(response['DetectorIds'][0])} in account {credential['AccountId']} in region {credential['Region']} bringing the total found to {str(NumObjectsFound)}"
+            )
+            # Classify detector as administrative account based on member relationships
+            if len(admin_acct_response["Members"]) > 0:
+                # Create comprehensive administrative account record for security governance
+                admin_detector_record = {
+                    "AccountId": credential["AccountId"],  # Administrative account identifier
+                    "Region": credential["Region"],  # Regional context for security operations
+                    "DetectorIds": response["DetectorIds"],  # GuardDuty detector identifiers
+                    "AccessKeyId": credential["AccessKeyId"],  # Administrative credentials for management
+                    "SecretAccessKey": credential["SecretAccessKey"],  # Security credentials for detector operations
+                    "SessionToken": credential["SessionToken"],  # Session token for administrative access
+                    "GD_Admin_Accounts": admin_acct_response[
+                        "Members"
+                    ],  # Member account relationships for hierarchy mapping
+                }
+                # Add to enterprise GuardDuty administrative account inventory
+                all_gd_detectors.append(admin_detector_record)
+                # Log administrative account discovery for security governance visibility
+                logging.error(
+                    f"Found account {credential['AccountId']} in region {credential['Region']} to be a GuardDuty Admin account."
+                    f"It has {len(admin_acct_response['Members'])} member accounts connected to detector {response['DetectorIds'][0]}"
+                )
+            else:
+                # Create standard detector record for non-administrative accounts
+                standard_detector_record = {
+                    "AccountId": credential["AccountId"],  # Standard account identifier
+                    "Region": credential["Region"],  # Regional context for security coverage
+                    "DetectorIds": response["DetectorIds"],  # GuardDuty detector identifiers
+                    "AccessKeyId": credential["AccessKeyId"],  # Account credentials for detector management
+                    "SecretAccessKey": credential["SecretAccessKey"],  # Security credentials for API operations
+                    "SessionToken": credential["SessionToken"],  # Session token for detector access
+                    "GD_Admin_Accounts": "Not an Admin Account",  # Administrative status flag for classification
+                }
+                # Add to enterprise GuardDuty detector inventory for comprehensive security tracking
+                all_gd_detectors.append(standard_detector_record)
+        else:
+            # Display progress for accounts without GuardDuty detectors for operational visibility
+            print(
+                ERASE_LINE,
+                f"{Fore.RED}No luck in account: {credential['AccountId']} in region {credential['Region']}{Fore.RESET} -- {places_to_try} of {len(AllCredentials)}",
+                end="\r",
+            )
+    except ClientError as my_Error:
+        # Handle AWS API authorization failures during detector discovery operations
+        if "AuthFailure" in str(my_Error):
+            print(f"Authorization Failure for account {credential['AccountId']}")
+# Configure enterprise GuardDuty report display formatting and column organization
+display_dict = {
+    "ParentProfile": {
+        "DisplayOrder": 1,
+        "Heading": "Parent Profile",
+    },  # AWS profile context for organizational hierarchy
+    "MgmtAccount": {"DisplayOrder": 2, "Heading": "Mgmt Acct"},  # Management account identifier for security governance
+    "AccountId": {"DisplayOrder": 3, "Heading": "Acct Number"},  # Target account containing GuardDuty detectors
+    "Region": {
+        "DisplayOrder": 4,
+        "Heading": "Region",
+        "Condition": ["us-east-2"],
+    },  # AWS region for geographic security coverage
+    "DetectorIds": {
+        "DisplayOrder": 5,
+        "Heading": "DetectorId",
+        "Condition": ["Never"],
+    },  # GuardDuty detector identifiers for management
+    "DG_Admin_Accounts": {
+        "DisplayOrder": 6,
+        "Heading": "Admin Accounts",
+    },  # Administrative account relationships for security hierarchy
+    "Size": {"DisplayOrder": 7, "Heading": "Size (Bytes)"},
+}
+# Generate detailed GuardDuty detector report with administrative relationship analysis
+if args.loglevel < 50:
+    print()
+    # Configure table formatting for enterprise GuardDuty security reporting
+    fmt = "%-20s %-15s %-35s %-25s"
+    print(fmt % ("Account", "Region", "DetectorId", "Admin Status"))
+    print(fmt % ("----------", "------", "-----------", "--------------------"))
+    # Display comprehensive GuardDuty detector inventory with administrative relationships
+    for i in range(len(all_gd_detectors)):
+        try:
+            # Process administrative GuardDuty accounts with member account relationships
+            if "AccountId" in all_gd_detectors[i]["GD_Admin_Accounts"][0].keys():
+                print(
+                    fmt
+                    % (
+                        all_gd_detectors[i]["AccountId"],  # Administrative account identifier
+                        all_gd_detectors[i]["Region"],  # Regional security coverage context
+                        all_gd_detectors[i]["DetectorIds"],  # GuardDuty detector identifiers for management
+                        f"{len(all_gd_detectors[i]['GD_Admin_Accounts'])} Member Accounts",  # Member account count for hierarchy mapping
+                    )
+                )
+        except AttributeError:
+            # Display standard GuardDuty detectors without administrative relationships
+            print(
+                fmt
+                % (
+                    all_gd_detectors[i]["AccountId"],  # Standard account identifier
+                    all_gd_detectors[i]["Region"],  # Regional security coverage context
+                    all_gd_detectors[i]["DetectorIds"],  # GuardDuty detector identifiers
+                    "Not an Admin Account",  # Administrative status classification
+                )
+            )
+# Display comprehensive GuardDuty discovery summary for enterprise security reporting
+print(ERASE_LINE)
+print(
+    f"We scanned {len(AccountList)} accounts and {len(RegionList)} regions totalling {len(AllCredentials)} possible areas for resources."
+)
+print(f"Found {len(all_gd_invites)} Invites and {NumObjectsFound} Detectors")
+print()
+# Execute GuardDuty detector deletion workflow with comprehensive safety controls
+# CRITICAL SECURITY OPERATION: Detector deletion is irreversible and impacts organizational security
+if DeletionRun and not ForceDelete:
+    # Interactive confirmation for safe GuardDuty detector deletion operations
+    # This mandatory confirmation prevents accidental security service disruption
+    ReallyDelete = input("Deletion of Guard Duty detectors has been requested. Are you still sure? (y/n): ") == "y"
+else:
+    ReallyDelete = False  # Default to safe mode preventing accidental deletions
+# Execute comprehensive GuardDuty cleanup operations with safety controls and audit logging
+if DeletionRun and (ReallyDelete or ForceDelete):
+    MemberList = []  # Initialize member account tracking for deletion operations
+    # Begin GuardDuty invitation cleanup for organizational security coordination
+    logging.warning("Deleting all invites")
+    # Process all discovered GuardDuty invitations for comprehensive cleanup operations
+    for y in range(len(all_gd_invites)):
+        # Establish AWS session for GuardDuty invitation deletion operations
+        # Using pre-validated credentials from invitation discovery phase
+        session_gd_child = boto3.Session(
+            aws_access_key_id=all_gd_invites[y]["AccessKeyId"],  # Account credentials for invitation management
+            aws_secret_access_key=all_gd_invites[y]["SecretAccessKey"],  # Security credentials for API operations
+            aws_session_token=all_gd_invites[y]["SessionToken"],  # Session token for temporary access
+            region_name=all_gd_invites[y]["Region"],  # Regional context for invitation operations
+        )
+        # Initialize GuardDuty client for invitation deletion API operations
+        client_gd_child = session_gd_child.client("guardduty")
+        # Execute GuardDuty invitation deletion with comprehensive error handling and audit logging
+        try:
+            # Display progress for invitation deletion operations with real-time visibility
+            print(ERASE_LINE, f"Deleting invite for Account {all_gd_invites[y]['AccountId']}", end="\r")
+            # Execute invitation deletion API operation with security audit logging
+            Output = client_gd_child.delete_invitations(AccountIds=[all_gd_invites[y]["AccountId"]])
+        except Exception as e:
+            # Handle expected BadRequest exceptions during invitation cleanup operations
+            if e.response["Error"]["Code"] == "BadRequestException":
+                logging.warning("Caught exception 'BadRequestException', handling the exception...")
+                pass  # Continue processing remaining invitations despite individual failures
+            else:
+                # Handle unexpected errors during GuardDuty invitation deletion operations
+                print("Caught unexpected error regarding deleting invites")
+                print(e)
+                sys.exit(9)  # Exit with error code for operational failure handling
+    # Report invitation deletion completion for security audit trail
+    print(f"Removed {len(all_gd_invites)} GuardDuty Invites")
+    # Begin comprehensive GuardDuty detector deletion operations
+    num_of_gd_detectors = len(all_gd_detectors)
+    # Process all discovered GuardDuty detectors for systematic cleanup operations
+    for y in range(len(all_gd_detectors)):
+        # Log detector deletion initiation for comprehensive security audit trail
+        logging.info(
+            f"Deleting detector-id: {all_gd_detectors[y]['DetectorIds']} from account {all_gd_detectors[y]['AccountId']} in region {all_gd_detectors[y]['Region']}"
+        )
+        # Display progress for detector deletion operations with operational visibility
+        print(
+            f"Deleting detector in account {all_gd_detectors[y]['AccountId']} in region {all_gd_detectors[y]['Region']} {num_of_gd_detectors}/{len(all_gd_detectors)}"
+        )
+        # Establish AWS session for GuardDuty detector deletion operations with pre-validated credentials
+        session_gd_child = boto3.Session(
+            aws_access_key_id=all_gd_detectors[y]["AccessKeyId"],  # Account credentials for detector management
+            aws_secret_access_key=all_gd_detectors[y]["SecretAccessKey"],  # Security credentials for API operations
+            aws_session_token=all_gd_detectors[y]["SessionToken"],  # Session token for temporary access
+            region_name=all_gd_detectors[y]["Region"],  # Regional context for detector operations
+        )
+        # Initialize GuardDuty client for detector deletion API operations
+        client_gd_child = session_gd_child.client("guardduty")
+        # Execute member account discovery for comprehensive administrative relationship cleanup
+        # This is critical for proper GuardDuty hierarchy dismantling before detector deletion
+        Member_Dict = client_gd_child.list_members(
+            DetectorId=str(all_gd_detectors[y]["DetectorIds"][0]),  # Primary detector identifier for member enumeration
+            OnlyAssociated="FALSE",  # Include both associated and pending member accounts for complete cleanup
+        )["Members"]
+        # Aggregate member account list for batch disassociation operations
+        for i in range(len(Member_Dict)):
+            MemberList.append(Member_Dict[i]["AccountId"])  # Collect member accounts for comprehensive cleanup
+        try:
+            # Initialize deletion operation status tracking for operational monitoring
+            Output = 0
+            # Execute master account disassociation for proper GuardDuty hierarchy cleanup
+            # This critical step must precede detector deletion to prevent orphaned relationships
+            client_gd_child.disassociate_from_master_account(DetectorId=str(all_gd_detectors[y]["DetectorIds"][0]))
+        except Exception as e:
+            # Handle expected BadRequest exceptions during master account disassociation
+            if e.response["Error"]["Code"] == "BadRequestException":
+                logging.warning("Caught exception 'BadRequestException', handling the exception...")
+                pass  # Continue with member disassociation despite master account errors
+        # Execute comprehensive member account disassociation for administrative relationship cleanup
+        # Critical step for proper GuardDuty hierarchy dismantling before detector deletion
+        if MemberList:  # Process member accounts only when administrative relationships exist
+            # Disassociate member accounts from administrative detector for proper cleanup
+            client_gd_child.disassociate_members(
+                AccountIds=MemberList,  # Member account list for batch disassociation
+                DetectorId=str(all_gd_detectors[y]["DetectorIds"][0]),  # Administrative detector identifier
+            )
+            # Log member disassociation completion for security audit trail
+            logging.warning(
+                f"Account {str(all_gd_detectors[y]['AccountId'])} has been disassociated from master account"
+            )
+            # Execute member account deletion from administrative detector for complete cleanup
+            client_gd_child.delete_members(
+                AccountIds=[all_gd_detectors[y]["AccountId"]],  # Target account for member deletion
+                DetectorId=str(all_gd_detectors[y]["DetectorIds"][0]),  # Administrative detector context
+            )
+            # Log member deletion completion for comprehensive security audit trail
+            logging.warning(f"Account {str(all_gd_detectors[y]['AccountId'])} has been deleted from master account")
+        # Execute final GuardDuty detector deletion after all relationships are properly cleaned up
+        # This is the terminal operation that permanently removes the GuardDuty detector
+        client_gd_child.delete_detector(DetectorId=str(all_gd_detectors[y]["DetectorIds"][0]))
+        # Log detector deletion completion for comprehensive security audit trail and operational confirmation
+        logging.warning(
+            f"Detector {str(all_gd_detectors[y]['DetectorIds'][0])} has been deleted from child account "
+            f"{str(all_gd_detectors[y]['AccountId'])}"
+        )
+        # Update progress counter for operational visibility during large-scale cleanup operations
+        num_of_gd_detectors -= 1
+    # Legacy CloudFormation stack deletion code (commented out for reference)
+    # This was the original approach for GuardDuty cleanup via CloudFormation stacks
+    # Replaced with direct GuardDuty API operations for more granular control
+    """
+    if StacksFound[y][3] == 'DELETE_FAILED':
+        response=Inventory_Modules.delete_stack(StacksFound[y][0],StacksFound[y][1],StacksFound[y][2],RetainResources=True,ResourcesToRetain=["MasterDetector"])
+    else:
+        response=Inventory_Modules.delete_stack(StacksFound[y][0],StacksFound[y][1],StacksFound[y][2])
+    """
+# Handle non-deletion scenarios with appropriate user messaging for operational clarity
+elif not DeletionRun or (DeletionRun and not ReallyDelete):
+    print("Client didn't want to delete detectors... ")
+print()
+print("Thank you for using this tool")
+print()

runbooks 0.2.5__py3-none-any.whl → 0.7.0__py3-none-any.whl

runbooks 0.2.5py3-none-any.whl → 0.7.0py3-none-any.whl