runbooks 0.2.5__py3-none-any.whl → 0.7.0__py3-none-any.whl

runbooks/inventory/models/resource.py

@@ -0,0 +1,247 @@
+"""
+AWS resource models for inventory system.
+
+This module provides Pydantic models for representing individual AWS
+resources with proper validation, metadata, and cost information.
+"""
+
+from dataclasses import dataclass
+from datetime import datetime
+from enum import Enum
+from typing import Any, Dict, List, Optional, Union
+
+from pydantic import BaseModel, Field, validator
+
+
+class ResourceState(str, Enum):
+    """AWS resource state enumeration."""
+
+    RUNNING = "running"
+    STOPPED = "stopped"
+    PENDING = "pending"
+    TERMINATED = "terminated"
+    AVAILABLE = "available"
+    UNAVAILABLE = "unavailable"
+    IN_USE = "in-use"
+    CREATING = "creating"
+    DELETING = "deleting"
+    UNKNOWN = "unknown"
+
+
+class ResourceType(str, Enum):
+    """Supported AWS resource types."""
+
+    # Compute
+    EC2_INSTANCE = "ec2:instance"
+    LAMBDA_FUNCTION = "lambda:function"
+    ECS_CLUSTER = "ecs:cluster"
+    ECS_SERVICE = "ecs:service"
+    ECS_TASK = "ecs:task"
+
+    # Storage
+    S3_BUCKET = "s3:bucket"
+    EBS_VOLUME = "ebs:volume"
+    EBS_SNAPSHOT = "ebs:snapshot"
+    EFS_FILESYSTEM = "efs:filesystem"
+
+    # Database
+    RDS_INSTANCE = "rds:instance"
+    RDS_CLUSTER = "rds:cluster"
+    DYNAMODB_TABLE = "dynamodb:table"
+    ELASTICACHE_CLUSTER = "elasticache:cluster"
+
+    # Network
+    VPC = "vpc:vpc"
+    SUBNET = "vpc:subnet"
+    SECURITY_GROUP = "vpc:security-group"
+    LOAD_BALANCER = "elb:load-balancer"
+    ENI = "ec2:network-interface"
+
+    # Security & Identity
+    IAM_USER = "iam:user"
+    IAM_ROLE = "iam:role"
+    IAM_POLICY = "iam:policy"
+    GUARDDUTY_DETECTOR = "guardduty:detector"
+
+    # Management & Governance
+    CLOUDFORMATION_STACK = "cloudformation:stack"
+    CLOUDFORMATION_STACKSET = "cloudformation:stackset"
+    CONFIG_RECORDER = "config:recorder"
+    CLOUDTRAIL_TRAIL = "cloudtrail:trail"
+
+
+@dataclass
+class ResourceCost:
+    """Cost information for an AWS resource."""
+
+    monthly_cost: Optional[float] = None
+    currency: str = "USD"
+    cost_center: Optional[str] = None
+    billing_period: Optional[str] = None
+    cost_breakdown: Dict[str, float] = None
+
+    def __post_init__(self):
+        """Initialize cost breakdown if not provided."""
+        if self.cost_breakdown is None:
+            self.cost_breakdown = {}
+
+
+class ResourceMetadata(BaseModel):
+    """
+    Metadata for AWS resource collection and management.
+
+    Provides context about when and how the resource was discovered,
+    along with collection-specific information.
+    """
+
+    account_id: str = Field(..., pattern=r"^\d{12}$", description="AWS account ID where resource exists")
+
+    region: str = Field(..., description="AWS region where resource is located")
+
+    service_category: str = Field(..., description="AWS service category (compute, storage, etc.)")
+
+    collection_timestamp: datetime = Field(..., description="When this resource was discovered")
+
+    collector_version: Optional[str] = Field(None, description="Version of collector that discovered this resource")
+
+    raw_data: Dict[str, Any] = Field(default_factory=dict, description="Raw AWS API response data")
+
+    discovery_method: str = Field("api", description="How this resource was discovered (api, cloudtrail, etc.)")
+
+    confidence_score: float = Field(1.0, ge=0.0, le=1.0, description="Confidence in resource data accuracy (0.0-1.0)")
+
+    class Config:
+        """Pydantic configuration."""
+
+        json_encoders = {datetime: lambda v: v.isoformat()}
+
+
+class AWSResource(BaseModel):
+    """
+    Comprehensive model for AWS resources.
+
+    Represents any AWS resource with standardized fields for identification,
+    state management, cost tracking, and metadata.
+    """
+
+    # Core identification
+    resource_id: str = Field(..., description="AWS resource identifier (instance ID, bucket name, etc.)")
+
+    resource_type: str = Field(..., description="Type of AWS resource")
+
+    resource_arn: Optional[str] = Field(None, description="Amazon Resource Name (ARN) if available")
+
+    resource_name: Optional[str] = Field(None, description="Human-readable resource name")
+
+    # State and lifecycle
+    state: ResourceState = Field(ResourceState.UNKNOWN, description="Current resource state")
+
+    creation_date: Optional[datetime] = Field(None, description="Resource creation timestamp")
+
+    last_modified_date: Optional[datetime] = Field(None, description="Last modification timestamp")
+
+    # Location and organization
+    account_id: str = Field(..., pattern=r"^\d{12}$", description="AWS account ID")
+
+    region: str = Field(..., description="AWS region")
+
+    availability_zone: Optional[str] = Field(None, description="Availability zone if applicable")
+
+    # Configuration and properties
+    configuration: Dict[str, Any] = Field(default_factory=dict, description="Resource-specific configuration details")
+
+    tags: Dict[str, str] = Field(default_factory=dict, description="Resource tags")
+
+    # Security and compliance
+    security_groups: List[str] = Field(default_factory=list, description="Associated security group IDs")
+
+    encryption_status: Optional[str] = Field(None, description="Encryption status (encrypted, not-encrypted, unknown)")
+
+    public_access: bool = Field(False, description="Whether resource has public internet access")
+
+    # Cost information
+    cost_info: Optional[ResourceCost] = Field(None, description="Cost information if available")
+
+    # Metadata
+    metadata: ResourceMetadata = Field(..., description="Collection and discovery metadata")
+
+    # Relationships
+    dependencies: List[str] = Field(default_factory=list, description="List of resource ARNs this resource depends on")
+
+    dependents: List[str] = Field(
+        default_factory=list, description="List of resource ARNs that depend on this resource"
+    )
+
+    class Config:
+        """Pydantic configuration."""
+
+        use_enum_values = True
+        json_encoders = {datetime: lambda v: v.isoformat() if v else None}
+
+    @validator("resource_arn")
+    def validate_arn_format(cls, v):
+        """Validate ARN format if provided."""
+        if v and not v.startswith("arn:aws:"):
+            raise ValueError('ARN must start with "arn:aws:"')
+        return v
+
+    @validator("account_id")
+    def validate_account_id(cls, v):
+        """Validate account ID format."""
+        if not v.isdigit() or len(v) != 12:
+            raise ValueError("Account ID must be exactly 12 digits")
+        return v
+
+    def is_active(self) -> bool:
+        """Check if resource is in an active state."""
+        active_states = {ResourceState.RUNNING, ResourceState.AVAILABLE, ResourceState.IN_USE}
+        return self.state in active_states
+
+    def is_billable(self) -> bool:
+        """Check if resource is likely to incur costs."""
+        # Most resources are billable unless explicitly stopped/terminated
+        non_billable_states = {ResourceState.STOPPED, ResourceState.TERMINATED, ResourceState.UNAVAILABLE}
+        return self.state not in non_billable_states
+
+    def get_cost_estimate(self) -> float:
+        """Get monthly cost estimate for this resource."""
+        if self.cost_info and self.cost_info.monthly_cost:
+            return self.cost_info.monthly_cost
+        return 0.0
+
+    def has_tag(self, key: str, value: Optional[str] = None) -> bool:
+        """Check if resource has a specific tag."""
+        if key not in self.tags:
+            return False
+        if value is None:
+            return True
+        return self.tags[key] == value
+
+    def get_tag(self, key: str, default: str = "") -> str:
+        """Get tag value with optional default."""
+        return self.tags.get(key, default)
+
+    def add_dependency(self, resource_arn: str) -> None:
+        """Add a resource dependency."""
+        if resource_arn not in self.dependencies:
+            self.dependencies.append(resource_arn)
+
+    def add_dependent(self, resource_arn: str) -> None:
+        """Add a dependent resource."""
+        if resource_arn not in self.dependents:
+            self.dependents.append(resource_arn)
+
+    def get_service_name(self) -> str:
+        """Extract AWS service name from resource type."""
+        if ":" in self.resource_type:
+            return self.resource_type.split(":")[0]
+        return self.resource_type
+
+    def to_dict(self) -> Dict[str, Any]:
+        """Convert to dictionary representation."""
+        return self.dict()
+
+    def __str__(self) -> str:
+        """String representation."""
+        name = self.resource_name or self.resource_id
+        return f"AWSResource({self.resource_type}: {name})"

runbooks/inventory/recover_cfn_stack_ids.py

@@ -0,0 +1,205 @@
+#!/usr/bin/env python3
+
+import logging
+import sys
+from os.path import split
+from pprint import pprint
+from time import time
+
+import Inventory_Modules
+import simplejson as json
+from account_class import aws_acct_access
+from ArgumentsClass import CommonArguments
+from colorama import Fore, init
+from Inventory_Modules import get_credentials_for_accounts_in_org
+
+"""
+This script was created to help solve a testing problem for the "move_stack_instances.py" script.e
+Originally, that script didn't have built-in recovery, so we needed this script to "recover" those stack-instance ids that might have been lost during the move_stack_instances.py run. However, that script now has built-in recovery, so this script isn't really needed. However, it can still be used to find any stack-instances that have been orphaned from their original stack-set, if that happens. 
+"""
+
+init()
+__version__ = "2024.05.18"
+
+
+#########################
+# Functions
+#########################
+
+
+def parse_args(args):
+    """
+    Description: Parse the arguments sent to the script
+    @param args: namespace of the arguments passed in at the command line
+    @return: namespace with all parameters parsed out
+    """
+    script_path, script_name = split(sys.argv[0])
+    parser = CommonArguments()
+    parser.singleprofile()  # Allows for a single profile to be specified
+    parser.singleregion()  # Allows for a single region to be specified at the command line
+    parser.extendedargs()  # Allows for extended arguments like which accounts to skip, and whether Force is enabled.
+    parser.fragment()
+    parser.timing()
+    parser.rolestouse()
+    parser.verbosity()  # Allows for the verbosity to be handled.
+    parser.version(__version__)
+    local = parser.my_parser.add_argument_group(script_name, "Parameters specific to this script")
+    # local.add_argument(
+    # 	"-s", "--status",
+    # 	dest="status",
+    # 	metavar="CloudFormation status",
+    # 	default="active",
+    # 	help="String that determines whether we only see 'CREATE_COMPLETE' or 'DELETE_COMPLETE' too")
+    local.add_argument(
+        "-R", "--SearchRegions", dest="pRegionList", metavar="Region name", help="Regions where StackSets are applied"
+    )
+    local.add_argument("--new", dest="newStackSetName", metavar="New Stackset name", help="The NEW Stack Set name")
+    local.add_argument("--old", dest="oldStackSetName", metavar="Old Stackset name", help="The OLD Stack Set name")
+    return parser.my_parser.parse_args(args)
+
+
+def setup_auth_and_regions(fProfile: str = None) -> (object, list, list):
+    """
+    Description: This function takes in a profile, and returns the account object and the regions valid for this account / org.
+    @param fProfile: A string representing the profile provided by the user. If nothing, then use the default profile or credentials.
+    @return: (aws_acct_access, list)
+    """
+    aws_acct = aws_acct_access(fProfile)
+    ChildAccounts = aws_acct.ChildAccounts
+    RegionList = Inventory_Modules.get_regions3(aws_acct, pRegionList)
+    ChildAccounts = Inventory_Modules.RemoveCoreAccounts(ChildAccounts, pAccountsToSkip)
+    AccountList = [account["AccountId"] for account in ChildAccounts]
+
+    print(f"You asked to find stacks with this fragment list: {Fore.RED}{pFragments}{Fore.RESET}")
+    print(f"\t\tin these accounts: {Fore.RED}{AccountList}{Fore.RESET}")
+    print(f"\t\tin these regions: {Fore.RED}{RegionList}{Fore.RESET}")
+    return aws_acct, AccountList, RegionList
+
+
+#########################
+# Main
+#########################
+
+if __name__ == "__main__":
+    args = parse_args(sys.argv[1:])
+    pProfile = args.Profile
+    pRegion = args.Region
+    pRegionList = args.pRegionList
+    pAccountsToSkip = args.SkipAccounts
+    pAccounts = args.Accounts
+    pOldStackSetName = args.oldStackSetName
+    pNewStackSetName = args.newStackSetName
+    pTiming = args.Time
+    pFragments = args.Fragments
+    # pstatus = args.status
+    verbose = args.loglevel
+    # Setup logging levels
+    logging.basicConfig(level=verbose, format="[%(filename)s:%(lineno)s - %(funcName)20s() ] %(message)s")
+    logging.getLogger("boto3").setLevel(logging.CRITICAL)
+    logging.getLogger("botocore").setLevel(logging.CRITICAL)
+    logging.getLogger("s3transfer").setLevel(logging.CRITICAL)
+    logging.getLogger("urllib3").setLevel(logging.CRITICAL)
+
+    ##########################
+    ERASE_LINE = "\x1b[2K"
+    begin_time = time()
+
+    # Setup credentials and regions (filtered by what they wanted to check)
+    aws_acct, AccountList, RegionList = setup_auth_and_regions(pProfile)
+
+    pStackIdFlag = True
+    precoveryFlag = True
+
+    print()
+    fmt = "%-20s %-15s %-15s %-50s %-50s"
+    print(fmt % ("Account", "Region", "Stack Status", "Stack Name", "Stack ID"))
+    print(fmt % ("-------", "------", "------------", "----------", "--------"))
+
+    StacksFound = []
+    sts_client = aws_acct.session.client("sts")
+    item_counter = 0
+    AllCredentials = get_credentials_for_accounts_in_org(aws_acct)
+    for cred in AllCredentials:
+        if not cred["Success"]:
+            continue
+        for region in RegionList:
+            item_counter += 1
+            Stacks = False
+            try:
+                Stacks = Inventory_Modules.find_stacks2(cred, region, pFragments)
+                logging.warning(f"Account: {cred['AccountId']} | Region: {region} | Found {len(Stacks)} Stacks")
+                print(
+                    f"{ERASE_LINE}{Fore.RED}Account: {cred['AccountId']} Region: {region} Found {len(Stacks)} Stacks{Fore.RESET} ({item_counter} of {len(AccountList) * len(RegionList)})",
+                    end="\r",
+                )
+            except Exception as my_Error:
+                print(f"Error: {my_Error}")
+            # TODO: Currently we're using this "Stacks" list as a boolean if it's populated. We should change this.
+            if Stacks and len(Stacks) > 0:
+                for y in range(len(Stacks)):
+                    StackName = Stacks[y]["StackName"]
+                    StackStatus = Stacks[y]["StackStatus"]
+                    StackID = Stacks[y]["StackId"]
+                    if pStackIdFlag:
+                        print(fmt % (cred["AccountId"], region, StackStatus, StackName, StackID))
+                    else:
+                        print(fmt % (cred["AccountId"], region, StackStatus, StackName))
+                    StacksFound.append(
+                        {
+                            "Account": cred["AccountId"],
+                            "Region": region,
+                            "StackName": StackName,
+                            "StackStatus": StackStatus,
+                            "StackArn": StackID,
+                        }
+                    )
+    lAccounts = []
+    lRegions = []
+    lAccountsAndRegions = []
+    for i in range(len(StacksFound)):
+        lAccounts.append(StacksFound[i]["Account"])
+        lRegions.append(StacksFound[i]["Region"])
+        lAccountsAndRegions.append((StacksFound[i]["Account"], StacksFound[i]["Region"]))
+    print(ERASE_LINE)
+    print(
+        f"{Fore.RED}Looked through {len(StacksFound)} Stacks across {len(AccountList)} accounts across {len(RegionList)} regions{Fore.RESET}"
+    )
+    print()
+    if args.loglevel < 21:  # INFO level
+        print("The list of accounts and regions:")
+        pprint(list(sorted(set(lAccountsAndRegions))))
+
+    if precoveryFlag:
+        Stack_Instances = []
+        for item in StacksFound:
+            Stack_Instances.append(
+                {
+                    "Account": item["Account"],
+                    "Region": item["Region"],
+                    "Status": item["StackStatus"],
+                    "StackId": item["StackArn"],
+                }
+            )
+        stack_ids = {"Stack_instances": Stack_Instances, "Success": True}
+        BigString = {
+            "AccountNumber": aws_acct.acct_number,
+            "AccountToMove": None,
+            "ManagementAccount": aws_acct.MgmtAccount,
+            "NewStackSetName": pNewStackSetName,
+            "OldStackSetName": pOldStackSetName,
+            "ProfileUsed": pProfile,
+            "Region": pRegion,
+            "stack_ids": stack_ids,
+        }
+        file_data = json.dumps(BigString, sort_keys=True, indent=4 * " ")
+        OutputFilename = f"{pOldStackSetName}-{pNewStackSetName}-{aws_acct.acct_number}-{pRegion}"
+        with open(OutputFilename, "w") as out:
+            print(file_data, file=out)
+
+    if pTiming:
+        print(ERASE_LINE)
+        print(f"{Fore.GREEN}This script took {time() - begin_time:.2f} seconds{Fore.RESET}")
+
+    print()
+    print("Thanks for using this script...")
+    print()

runbooks/inventory/requirements.txt

@@ -0,0 +1,12 @@
+boto3>=1.26.84
+botocore>=1.29.84
+colorama>=0.4.6
+prettytable>=3.6.0
+simplejson>=3.18.3
+urllib3>=1.26.14
+randominfo>=2.0.2
+graphviz>=0.20.1
+tqdm>=4.65.0
+python-dateutil>=2.9.0.post0
+pytest>=8.2.2
+ipywidgets<=8.1.3

runbooks/inventory/run_on_multi_accounts.py

@@ -0,0 +1,211 @@
+#!/usr/bin/env python3
+
+import logging
+import sys
+
+import Inventory_Modules
+from account_class import aws_acct_access
+from ArgumentsClass import CommonArguments
+from botocore.exceptions import ClientError
+from colorama import Fore, init
+
+init()
+__version__ = "2023.05.04"
+
+parser = CommonArguments()
+parser.singleprofile()
+parser.verbosity()  # Allows for the verbosity to be handled.
+parser.version(__version__)
+parser.my_parser.add_argument(
+    "-f",
+    "--file",
+    dest="pAccountFile",
+    metavar="Account File",
+    required=True,
+    default=None,
+    help="List of account numbers, one per line.",
+)
+parser.my_parser.add_argument(
+    "--Role",
+    dest="pAccessRole",
+    metavar="Access Role",
+    default="Admin",
+    help="Role used to gain access to the list of accounts.",
+)
+args = parser.my_parser.parse_args()
+
+pProfile = args.Profile
+pAccountFile = args.pAccountFile
+pAccessRole = args.pAccessRole
+verbose = args.loglevel
+logging.basicConfig(level=args.loglevel, format="[%(filename)s:%(lineno)s - %(funcName)20s() ] %(message)s")
+
+aws_acct = aws_acct_access(pProfile)
+
+#####################
+
+
+def check_account_access(faws_acct, faccount_num, fAccessRole=None):
+    if fAccessRole is None:
+        logging.error(f"Role must be provided")
+        return_response = {"Success": False, "ErrorMessage": "Role wasn't provided"}
+        return return_response
+    sts_client = faws_acct.session.client("sts")
+    try:
+        role_arn = f"arn:aws:iam::{faccount_num}:role/{fAccessRole}"
+        credentials = sts_client.assume_role(RoleArn=role_arn, RoleSessionName="TheOtherGuy")["Credentials"]
+        return_response = {"Credentials": credentials, "Success": True, "ErrorMessage": ""}
+        return return_response
+    except ClientError as my_Error:
+        print(f"Client Error: {my_Error}")
+        return_response = {"Success": False, "ErrorMessage": "Client Error"}
+        return return_response
+    except sts_client.exceptions.MalformedPolicyDocumentException as my_Error:
+        print(f"MalformedPolicy: {my_Error}")
+        return_response = {"Success": False, "ErrorMessage": "Malformed Policy"}
+        return return_response
+    except sts_client.exceptions.PackedPolicyTooLargeException as my_Error:
+        print(f"Policy is too large: {my_Error}")
+        return_response = {"Success": False, "ErrorMessage": "Policy is too large"}
+        return return_response
+    except sts_client.exceptions.RegionDisabledException as my_Error:
+        print(f"Region is disabled: {my_Error}")
+        return_response = {"Success": False, "ErrorMessage": "Region Disabled"}
+        return return_response
+    except sts_client.exceptions.ExpiredTokenException as my_Error:
+        print(f"Expired Token: {my_Error}")
+        return_response = {"Success": False, "ErrorMessage": "Expired Token"}
+        return return_response
+
+
+def participant_user(faws_acct, create=None, username=None):
+    from randominfo import random_password
+
+    if create is None:
+        create = True
+    if username is None:
+        username = "reinvent_admin"
+    password = random_password()
+    client_iam = faws_acct.session.client("iam")
+    return_response = {
+        "Success": False,
+        "ErrorMessage": None,
+        "AccountId": None,
+        "User": None,
+        "Password": None,
+        "AccessKeyId": None,
+        "SecretAccessKey": None,
+    }
+    if create:
+        try:
+            user_response = client_iam.create_user(UserName=username)["User"]
+            return_response = {"Success": True, "AccountId": faws_acct.acct_number, "User": username, "Password": None}
+
+        except client_iam.exceptions.EntityAlreadyExistsException as my_Error:
+            logging.error(f"User {username} already exists... moving on")
+        try:
+            # user_response = client_iam.create_user(UserName=username)['User']
+            password_response = client_iam.create_login_profile(
+                UserName=username, Password=password, PasswordResetRequired=False
+            )
+            return_response = {
+                "Success": True,
+                "AccountId": faws_acct.acct_number,
+                "User": username,
+                "Password": password,
+            }
+        except client_iam.exceptions.EntityAlreadyExistsException as my_Error:
+            logging.error("User login profile already exists, so we'll update it instead")
+            try:
+                password_response = client_iam.update_login_profile(
+                    UserName=username, Password=password, PasswordResetRequired=False
+                )
+                return_response = {
+                    "Success": True,
+                    "AccountId": faws_acct.acct_number,
+                    "User": username,
+                    "Password": password,
+                }
+            except ClientError as my_Error:
+                ErrorMessage = f"Client Error: {my_Error}"
+                logging.error(f"ErrorMessage: {ErrorMessage}")
+                return_response = {"Success": False, "ErrorMessage": ErrorMessage}
+        except ClientError as my_Error:
+            ErrorMessage = f"Client Error: {my_Error}"
+            logging.error(f"ErrorMessage: {ErrorMessage}")
+            return_response = {"Success": False, "ErrorMessage": ErrorMessage}
+        try:
+            access_keys = client_iam.create_access_key(UserName=username)["AccessKey"]
+            return_response["AccessKeyId"] = access_keys["AccessKeyId"]
+            return_response["SecretAccessKey"] = access_keys["SecretAccessKey"]
+        except (
+            ClientError,
+            client_iam.exceptions.NoSuchEntityException,
+            client_iam.exceptions.LimitExceededException,
+            client_iam.exceptions.ServiceFailureException,
+        ) as my_Error:
+            ErrorMessage = f"Client Error: {my_Error}"
+            logging.error(f"ErrorMessage: {ErrorMessage}")
+            return_response["Success"] = False
+            return_response["ErrorMessage"] = ErrorMessage
+        try:
+            attached_policy = client_iam.attach_user_policy(
+                UserName=username, PolicyArn="arn:aws:iam::aws:policy/AdministratorAccess"
+            )
+            return_response["Success"] = True
+        except (
+            client_iam.exceptions.EntityTemporarilyUnmodifiableException,
+            client_iam.exceptions.NoSuchEntityException,
+            client_iam.exceptions.PasswordPolicyViolationException,
+            client_iam.exceptions.PasswordPolicyViolationException,
+            client_iam.exceptions.LimitExceededException,
+            client_iam.exceptions.ServiceFailureException,
+        ) as my_Error:
+            ErrorMessage = f"Specific Error: {my_Error}"
+            logging.error(f"ErrorMessage: {ErrorMessage}")
+            return_response["Success"] = False
+            return_response["ErrorMessage"] = ErrorMessage
+    return return_response
+
+
+#####################
+
+
+if pAccountFile is None:
+    logging.critical(f"file of accounts was not provided. This is required. Exiting.")
+    sys.exit(1)
+
+Accounts = []
+with open(pAccountFile, "r") as infile:
+    for line in infile:
+        Accounts.append(line.rstrip("\r\n,"))
+infile.close()
+
+for account_num in Accounts:
+    logging.info(
+        f"Accessing account #{account_num} as {pAccessRole} using account's {aws_acct.acct_number}'s credentials"
+    )
+    response = check_account_access(aws_acct, account_num, pAccessRole)
+    if response["Success"]:
+        print(f"Account {account_num} was successfully connected via role {pAccessRole} from {aws_acct.acct_number}")
+        """
+		Put more commands here... Or you can write functions that represent your commands and call them from here.
+		"""
+        credentials = Inventory_Modules.get_child_access3(aws_acct, account_num, "us-east-1", ["reinvent-Admin"])
+        tgt_aws_access = aws_acct_access(ocredentials=credentials)
+        username = "Paul"
+        user_response = participant_user(tgt_aws_access, username=username)
+    else:
+        print(
+            f"Access Role {pAccessRole} failed to connect to {account_num} from {aws_acct.acct_number} with error: {response['ErrorMessage']}"
+        )
+
+    # Display access keys
+    print(f"Credentials for account {tgt_aws_access.acct_number}")
+    print(f"User {username} has been created (or confirmed) in account {user_response['AccountId']}")
+    print(f"Password for {user_response['User']} is {user_response['Password']}")
+    print(f"Access Keys are:\n{user_response['AccessKeyId']}\n{user_response['SecretAccessKey']}")
+
+print()
+print("Thanks for using this script...")
+print()