-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathmapper.py
More file actions
60 lines (43 loc) · 1.52 KB
/
mapper.py
File metadata and controls
60 lines (43 loc) · 1.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import boto3
import botocore
from core.iamEnum import get_roles, get_users
from core.db import Db
from boto3 import session
import os
from dotenv import load_dotenv
load_dotenv()
def process_account(iamClient, db):
# print(f"\tListing {account['accountId']} using role, {assumed_role_arn}")
try:
roles = get_roles(iamClient)
users = get_users(iamClient)
for role in roles:
db.add_aws_role(role)
for user in users:
db.add_aws_user(user)
except botocore.exceptions.ClientError as error:
return error
def assume_aws_role(role_arn, session_name, duration_seconds=3600) -> session:
sts_client = boto3.client("sts")
response = sts_client.assume_role(
RoleArn=role_arn, RoleSessionName=session_name, DurationSeconds=duration_seconds
)
# Create a new Boto3 session using the temporary credentials
temporary_credentials = response["Credentials"]
session = boto3.Session(
aws_access_key_id=temporary_credentials["AccessKeyId"],
aws_secret_access_key=temporary_credentials["SecretAccessKey"],
aws_session_token=temporary_credentials["SessionToken"],
)
return session
if __name__ == "__main__":
db = Db(
uri=os.getenv("NEO4J_URI"),
password=os.getenv("NEO4J_PASSWORD"),
user=os.getenv("NEO4J_USER"),
)
# Assume role in account
assume_role_arn = ""
session = assume_aws_role(assume_aws_role)
iamClient = session.client("ec2")
process_account(iamClient, db)