runbooks 0.7.0__py3-none-any.whl → 0.7.6__py3-none-any.whl

runbooks/remediation/s3_list.py

@@ -0,0 +1,141 @@
+"""
+S3 Bucket Inventory - List and analyze S3 bucket configurations.
+"""
+
+import logging
+
+import click
+from botocore.exceptions import ClientError
+
+from .commons import display_aws_account_info, get_bucket_policy, get_client, write_to_csv
+
+logger = logging.getLogger(__name__)
+
+
+@click.command()
+@click.option("--output-file", default="s3_buckets.csv", help="Output CSV file path")
+@click.option("--include-versioning", is_flag=True, help="Include versioning status in analysis")
+@click.option("--include-encryption", is_flag=True, help="Include encryption status in analysis")
+def list_buckets(output_file, include_versioning, include_encryption):
+    """List all S3 buckets with policy and configuration analysis."""
+    logger.info(f"Listing S3 buckets in {display_aws_account_info()}")
+
+    try:
+        s3 = get_client("s3")
+        response = s3.list_buckets()
+        buckets = response.get("Buckets", [])
+
+        if not buckets:
+            logger.info("No S3 buckets found")
+            return
+
+        logger.info(f"Found {len(buckets)} S3 buckets to analyze")
+
+        data = []
+        for i, bucket in enumerate(buckets, 1):
+            bucket_name = bucket["Name"]
+            creation_date = bucket.get("CreationDate", "Unknown")
+
+            logger.info(f"Analyzing bucket {i}/{len(buckets)}: {bucket_name}")
+
+            try:
+                # Get bucket region
+                location_response = s3.get_bucket_location(Bucket=bucket_name)
+                bucket_region = location_response.get("LocationConstraint") or "us-east-1"
+
+                # Get bucket policy and public access block
+                policy, public_access_block = get_bucket_policy(bucket_name)
+
+                bucket_data = {
+                    "BucketName": bucket_name,
+                    "Region": bucket_region,
+                    "CreationDate": creation_date.strftime("%Y-%m-%d")
+                    if hasattr(creation_date, "strftime")
+                    else str(creation_date),
+                    "HasPolicy": "Yes" if policy else "No",
+                    "PublicAccessBlock": public_access_block,
+                }
+
+                # Add versioning status if requested
+                if include_versioning:
+                    try:
+                        versioning_response = s3.get_bucket_versioning(Bucket=bucket_name)
+                        versioning_status = versioning_response.get("Status", "Disabled")
+                        bucket_data["VersioningStatus"] = versioning_status
+                        logger.debug(f"  Versioning: {versioning_status}")
+                    except ClientError as e:
+                        bucket_data["VersioningStatus"] = "Error"
+                        logger.debug(f"  Could not get versioning status: {e}")
+
+                # Add encryption status if requested
+                if include_encryption:
+                    try:
+                        encryption_response = s3.get_bucket_encryption(Bucket=bucket_name)
+                        encryption_rules = encryption_response.get("ServerSideEncryptionConfiguration", {}).get(
+                            "Rules", []
+                        )
+                        if encryption_rules:
+                            # Get the first encryption rule
+                            sse_algorithm = (
+                                encryption_rules[0]
+                                .get("ApplyServerSideEncryptionByDefault", {})
+                                .get("SSEAlgorithm", "Unknown")
+                            )
+                            bucket_data["EncryptionStatus"] = f"Enabled ({sse_algorithm})"
+                        else:
+                            bucket_data["EncryptionStatus"] = "Enabled (Unknown algorithm)"
+                        logger.debug(f"  Encryption: {bucket_data['EncryptionStatus']}")
+                    except ClientError as e:
+                        error_code = e.response.get("Error", {}).get("Code", "Unknown")
+                        if error_code == "ServerSideEncryptionConfigurationNotFoundError":
+                            bucket_data["EncryptionStatus"] = "Disabled"
+                            logger.debug(f"  Encryption: Disabled")
+                        else:
+                            bucket_data["EncryptionStatus"] = "Error"
+                            logger.debug(f"  Could not get encryption status: {e}")
+
+                # Log summary for this bucket
+                policy_status = "with policy" if policy else "no policy"
+                pab_status = public_access_block if public_access_block else "no PAB"
+                logger.info(f"  → {bucket_region}, {policy_status}, {pab_status}")
+
+                data.append(bucket_data)
+
+            except ClientError as e:
+                logger.error(f"  ✗ Failed to analyze bucket {bucket_name}: {e}")
+                # Add minimal data for failed analysis
+                data.append({"BucketName": bucket_name, "Region": "Error", "Error": str(e)})
+
+        # Export results
+        write_to_csv(data, output_file)
+        logger.info(f"S3 bucket inventory exported to: {output_file}")
+
+        # Summary
+        logger.info("\n=== SUMMARY ===")
+        logger.info(f"Total buckets: {len(buckets)}")
+
+        if data:
+            buckets_with_policy = sum(1 for b in data if b.get("HasPolicy") == "Yes")
+            logger.info(f"Buckets with policies: {buckets_with_policy}")
+
+            # Region distribution
+            regions = {}
+            for bucket in data:
+                region = bucket.get("Region", "Unknown")
+                regions[region] = regions.get(region, 0) + 1
+
+            logger.info("Region distribution:")
+            for region, count in sorted(regions.items()):
+                logger.info(f"  {region}: {count} buckets")
+
+            if include_encryption:
+                encrypted_buckets = sum(1 for b in data if b.get("EncryptionStatus", "").startswith("Enabled"))
+                logger.info(f"Encrypted buckets: {encrypted_buckets}")
+
+            if include_versioning:
+                versioned_buckets = sum(1 for b in data if b.get("VersioningStatus") == "Enabled")
+                logger.info(f"Versioned buckets: {versioned_buckets}")
+
+    except Exception as e:
+        logger.error(f"Failed to list S3 buckets: {e}")
+        raise

runbooks/remediation/s3_object_search.py

@@ -0,0 +1,201 @@
+"""
+S3 Object Search - Find objects across all S3 buckets with advanced search capabilities.
+"""
+
+import logging
+
+import click
+from botocore.exceptions import ClientError
+
+from .commons import display_aws_account_info, get_client, write_to_csv
+
+logger = logging.getLogger(__name__)
+
+
+def search_objects_in_bucket(s3_client, bucket_name, search_term, case_sensitive=False, exact_match=False):
+    """Search for objects in a specific bucket with various matching options."""
+    try:
+        found_objects = []
+        paginator = s3_client.get_paginator("list_objects_v2")
+
+        logger.debug(f"Searching in bucket: {bucket_name}")
+
+        for page in paginator.paginate(Bucket=bucket_name):
+            objects = page.get("Contents", [])
+
+            for obj in objects:
+                key = obj["Key"]
+
+                # Apply search logic based on options
+                if exact_match:
+                    # Exact filename match (not the full key path)
+                    filename = key.split("/")[-1]
+                    match = (search_term == filename) if case_sensitive else (search_term.lower() == filename.lower())
+                else:
+                    # Substring search
+                    match = (search_term in key) if case_sensitive else (search_term.lower() in key.lower())
+
+                if match:
+                    found_objects.append(
+                        {
+                            "bucket": bucket_name,
+                            "key": key,
+                            "size": obj.get("Size", 0),
+                            "last_modified": obj.get("LastModified"),
+                            "storage_class": obj.get("StorageClass", "STANDARD"),
+                        }
+                    )
+
+        if found_objects:
+            logger.info(f"  → Found {len(found_objects)} matching objects")
+        else:
+            logger.debug(f"  → No matching objects found")
+
+        return found_objects
+
+    except ClientError as e:
+        error_code = e.response.get("Error", {}).get("Code", "Unknown")
+        if error_code == "AccessDenied":
+            logger.warning(f"  ⚠ Access denied to bucket: {bucket_name}")
+        elif error_code == "NoSuchBucket":
+            logger.warning(f"  ⚠ Bucket does not exist: {bucket_name}")
+        else:
+            logger.error(f"  ✗ Error accessing bucket {bucket_name}: {e}")
+        return []
+
+    except Exception as e:
+        logger.error(f"  ✗ Unexpected error with bucket {bucket_name}: {e}")
+        return []
+
+
+def get_bucket_list(s3_client, bucket_filter=None):
+    """Get list of S3 buckets with optional filtering."""
+    try:
+        response = s3_client.list_buckets()
+        buckets = response.get("Buckets", [])
+
+        if bucket_filter:
+            original_count = len(buckets)
+            buckets = [b for b in buckets if bucket_filter.lower() in b["Name"].lower()]
+            logger.info(f"Filtered to {len(buckets)} buckets matching '{bucket_filter}' (from {original_count})")
+
+        return [bucket["Name"] for bucket in buckets]
+
+    except ClientError as e:
+        logger.error(f"Failed to list buckets: {e}")
+        raise
+
+
+@click.command()
+@click.option("--search-term", required=True, help="Object name or prefix to search for")
+@click.option("--bucket-filter", help="Only search buckets containing this string in their name")
+@click.option("--case-sensitive", is_flag=True, help="Perform case-sensitive search")
+@click.option("--exact-match", is_flag=True, help="Match exact filename (not substring)")
+@click.option("--output-file", default="s3_search_results.csv", help="Output CSV file path")
+@click.option("--max-buckets", type=int, help="Limit search to first N buckets (for testing)")
+def s3_object_search(search_term, bucket_filter, case_sensitive, exact_match, output_file, max_buckets):
+    """Search for objects across all S3 buckets with advanced filtering options."""
+    logger.info(f"S3 object search in {display_aws_account_info()}")
+
+    try:
+        s3_client = get_client("s3")
+
+        # Get list of buckets to search
+        logger.info("Getting list of S3 buckets...")
+        bucket_names = get_bucket_list(s3_client, bucket_filter)
+
+        if not bucket_names:
+            logger.warning("No buckets found to search")
+            return
+
+        # Apply bucket limit if specified
+        if max_buckets and max_buckets < len(bucket_names):
+            bucket_names = bucket_names[:max_buckets]
+            logger.info(f"Limited search to first {max_buckets} buckets")
+
+        logger.info(f"Searching {len(bucket_names)} buckets for: '{search_term}'")
+        if case_sensitive:
+            logger.info("Search mode: Case-sensitive")
+        if exact_match:
+            logger.info("Search mode: Exact filename match")
+
+        # Search all buckets
+        all_found_objects = []
+        successful_searches = 0
+        failed_searches = 0
+
+        for i, bucket_name in enumerate(bucket_names, 1):
+            logger.info(f"Searching bucket {i}/{len(bucket_names)}: {bucket_name}")
+
+            found_objects = search_objects_in_bucket(s3_client, bucket_name, search_term, case_sensitive, exact_match)
+
+            if found_objects is not None:  # None indicates error, empty list is valid
+                all_found_objects.extend(found_objects)
+                successful_searches += 1
+            else:
+                failed_searches += 1
+
+        # Process results
+        if all_found_objects:
+            logger.info(f"\n🎯 SEARCH RESULTS: Found {len(all_found_objects)} matching objects")
+
+            # Group by bucket for summary
+            bucket_counts = {}
+            total_size = 0
+
+            for obj in all_found_objects:
+                bucket = obj["bucket"]
+                bucket_counts[bucket] = bucket_counts.get(bucket, 0) + 1
+                total_size += obj.get("size", 0)
+
+            logger.info("Objects found per bucket:")
+            for bucket, count in sorted(bucket_counts.items()):
+                logger.info(f"  {bucket}: {count} objects")
+
+            logger.info(f"Total size: {total_size:,} bytes")
+
+            # Prepare data for CSV export
+            csv_data = []
+            for obj in all_found_objects:
+                csv_data.append(
+                    {
+                        "Bucket": obj["bucket"],
+                        "ObjectKey": obj["key"],
+                        "Filename": obj["key"].split("/")[-1],
+                        "Size": obj["size"],
+                        "LastModified": obj["last_modified"].strftime("%Y-%m-%d %H:%M:%S")
+                        if obj["last_modified"]
+                        else "Unknown",
+                        "StorageClass": obj["storage_class"],
+                        "Directory": "/".join(obj["key"].split("/")[:-1]) if "/" in obj["key"] else "",
+                    }
+                )
+
+            # Export results
+            write_to_csv(csv_data, output_file)
+            logger.info(f"Search results exported to: {output_file}")
+
+            # Show sample results
+            logger.info("\nSample results (first 5):")
+            for i, obj in enumerate(all_found_objects[:5]):
+                logger.info(f"  {i + 1}. s3://{obj['bucket']}/{obj['key']} ({obj['size']:,} bytes)")
+
+        else:
+            logger.info(f"❌ No objects found matching '{search_term}'")
+
+        # Summary
+        logger.info("\n=== SEARCH SUMMARY ===")
+        logger.info(f"Buckets searched: {successful_searches}")
+        logger.info(f"Search failures: {failed_searches}")
+        logger.info(f"Total objects found: {len(all_found_objects)}")
+
+        if failed_searches > 0:
+            logger.warning(f"⚠ {failed_searches} buckets could not be searched (access denied or errors)")
+
+    except Exception as e:
+        logger.error(f"Failed to search S3 objects: {e}")
+        raise
+
+
+if __name__ == "__main__":
+    s3_object_search()