Crawl through AWS accounts in an organization using master assumed role.
Project description
Overview
Crawl through AWS accounts in an organization using master assumed role. You can specify a comma-separated string of account IDs for specific accounts, an Organizational Unit ID to crawl through all accounts therein, or a comma-separated string of account statuses to crawl through matching accounts in the organization.
Crawling Precedence:
Specific accounts
Organizational Unit
All matching accounts in the organization
Usage
Installation:
pip3 install aws_crawler
python3 -m pip install aws_crawlerExample:
Get STS caller identities
- Also featuring (installed with aws_crawler):
import aws_crawler
import boto3
from multithreader import threads
from aws_authenticator import AWSAuthenticator as awsauth
from pprint import pprint as pp
def get_caller_identity(
account_id: str,
items: dict
) -> dict:
"""Get AWS STS caller identities from accounts."""
print(f'Working on {account_id}...')
try:
# Get auth credential for each account.
credentials = aws_crawler.get_credentials(
items['session'],
f'arn:aws:iam::{account_id}:role/{items["assumed_role_name"]}',
items['external_id']
)
# Get STS caller identity.
client = boto3.client(
'sts',
aws_access_key_id=credentials['aws_access_key_id'],
aws_secret_access_key=credentials['aws_secret_access_key'],
aws_session_token=credentials['aws_session_token'],
region_name=items['region']
)
response = client.get_caller_identity()['UserId']
except Exception as e:
response = str(e)
# Return result.
return {
'account_id': account_id,
'details': response
}
if __name__ == '__main__':
# Login to AWS through SSO.
auth = awsauth(
sso_url='https://myorg.awsapps.com/start/#',
sso_role_name='AWSViewOnlyAccess',
sso_account_id='123456789012'
)
session = auth.sso()
# # Create account list from comma-separated string of IDs.
# account_ids = aws_crawler.create_account_list(
# session,
# '123456789012, 234567890123, 345678901234'
# )
# Get account list for an Organizational Unit.
account_ids = aws_crawler.list_ou_accounts(
session,
'ou-abc123-asgh39'
)
# # Get matching account list for the entire organization.
# account_ids = aws_crawler.list_accounts(
# session,
# 'ACTIVE,SUSPENDED'
# )
# Execute task with multithreading.
items = {
'session': session,
'assumed_role_name': 'MyOrgCrossAccountAccess',
'external_id': 'lkasf987923ljkf2;lkjf298fj2',
'region': 'us-east-1'
}
results = threads(
get_caller_identity,
account_ids,
items,
thread_num=5
)
# Print results.
pp(results)Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
aws_crawler-1.2.5.tar.gz
(3.9 kB
view details)
Built Distribution
File details
Details for the file aws_crawler-1.2.5.tar.gz.
File metadata
- Download URL: aws_crawler-1.2.5.tar.gz
- Upload date:
- Size: 3.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.2 CPython/3.12.3 Linux/5.15.154+
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b784f725a768e99d0c9663cae344be85818a655d5d1590030be4fb3186504e11 |
|
| MD5 | 087694f3ac6464867a1dcc4fa8140472 |
|
| BLAKE2b-256 | 9eed3860efdde4d64a5bf35e75cbc2be022f3d34391ebd05dff70a66128902cf |
File details
Details for the file aws_crawler-1.2.5-py3-none-any.whl.
File metadata
- Download URL: aws_crawler-1.2.5-py3-none-any.whl
- Upload date:
- Size: 4.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.2 CPython/3.12.3 Linux/5.15.154+
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2bbfeec47092f6ab81d77e90175e075c365f89e320214966939c1e7c50acdbe6 |
|
| MD5 | c86721d79c459b824f9c97169b2e4a24 |
|
| BLAKE2b-256 | 496d290803ab270ff899746204fabec0617b4ffa8bc6d03c624ed051863993a6 |
