altimeter.aws.resource package¶
Subpackages¶
- altimeter.aws.resource.awslambda package
- altimeter.aws.resource.cloudtrail package
- altimeter.aws.resource.dynamodb package
- altimeter.aws.resource.ec2 package
- Submodules
- altimeter.aws.resource.ec2.flow_log module
- altimeter.aws.resource.ec2.image module
- altimeter.aws.resource.ec2.instance module
- altimeter.aws.resource.ec2.internet_gateway module
- altimeter.aws.resource.ec2.network_interface module
- altimeter.aws.resource.ec2.region module
- altimeter.aws.resource.ec2.route_table module
- altimeter.aws.resource.ec2.security_group module
- altimeter.aws.resource.ec2.snapshot module
- altimeter.aws.resource.ec2.subnet module
- altimeter.aws.resource.ec2.transit_gateway module
- altimeter.aws.resource.ec2.transit_gateway_vpc_attachment module
- altimeter.aws.resource.ec2.volume module
- altimeter.aws.resource.ec2.vpc module
- altimeter.aws.resource.ec2.vpc_endpoint module
- altimeter.aws.resource.ec2.vpc_endpoint_service module
- altimeter.aws.resource.ec2.vpc_peering_connection module
- Module contents
- altimeter.aws.resource.eks package
- altimeter.aws.resource.elbv1 package
- altimeter.aws.resource.elbv2 package
- altimeter.aws.resource.events package
- altimeter.aws.resource.guardduty package
- altimeter.aws.resource.iam package
- Submodules
- altimeter.aws.resource.iam.account_password_policy module
- altimeter.aws.resource.iam.group module
- altimeter.aws.resource.iam.iam_saml_provider module
- altimeter.aws.resource.iam.instance_profile module
- altimeter.aws.resource.iam.policy module
- altimeter.aws.resource.iam.role module
- altimeter.aws.resource.iam.user module
- Module contents
- altimeter.aws.resource.kms package
- altimeter.aws.resource.organizations package
- altimeter.aws.resource.rds package
- altimeter.aws.resource.s3 package
- altimeter.aws.resource.support package
Submodules¶
altimeter.aws.resource.account module¶
Resource representing an AWS Account
-
class
AccountResourceSpec¶ Bases:
altimeter.aws.resource.resource_spec.AWSResourceSpecResource representing an AWS Account
-
allow_clobber: List[Type[altimeter.core.resource.resource_spec.ResourceSpec]] = [<class 'altimeter.aws.resource.unscanned_account.UnscannedAccountResourceSpec'>]¶
-
classmethod
generate_arn(resource_id, account_id='', region='')¶ Generate an ARN for this resource
- Return type
str
-
classmethod
get_full_type_name()¶ Get the fully qualified type name for this class, generally something like aws:ec2:instance, aws:iam:role, etc.
- Returns
ec2:instance”
- Return type
string of full type name, generally something like “aws
-
classmethod
list_from_aws(client, account_id, region)¶ This resource is somewhat synthetic, this method simply returns a dict of form {‘account_arn’: {account_dict}
- Return type
-
scan_granularity: ScanGranularity = 2¶
-
schema: Schema = <altimeter.core.graph.schema.Schema object>¶
-
service_name: str = 'sts'¶
-
type_name: str = 'account'¶
-
altimeter.aws.resource.resource_spec module¶
AWSResourceSpec is a subclass of ResourceSpec which is used to define ResourceSpecs for AWS resources
-
class
AWSResourceSpec¶ Bases:
altimeter.core.resource.resource_spec.ResourceSpecAWSResourceSpec is a subclass of ResourceSpec which is used to define ResourceSpecs for AWS resources
-
classmethod
generate_arn(resource_id, account_id='', region='')¶ Generate an ARN for this resource
- Parameters
account_id (
str) – resource account idregion (
str) – resource regionresource_id (
str) – resource id
- Return type
str- Returns
string containing resource arn.
-
classmethod
generate_id(short_resource_id, context)¶ Generate a full id (arn) given a short resource id.
- Parameters
short_resource_id (
str) – last portion of an aws arn - e.g. i-1234, ami-abcd, etc.context (
Dict[str,Any]) – dict containing account_id, region
- Return type
str- Returns
string containing resource arn.
-
classmethod
get_client_name()¶ Get the boto3 client name to be used for scanning resources of this type. Generally this is the same as cls.service_name but in some cases it is not.
- Return type
str- Returns
string of boto3 client name for cls.service
-
classmethod
get_full_type_name()¶ Get the fully qualified type name for this class, generally something like aws:ec2:instance, aws:iam:role, etc.
- Returns
ec2:instance”
- Return type
string of full type name, generally something like “aws
-
abstract classmethod
list_from_aws(client, account_id, region)¶ Return a ListFromAWSResult object by calling the appropriate AWS API calls to list/describe the resource represented by this class.
- Parameters
client (
BaseClient) – boto3 Clientaccount_id (
str) – aws account idregion (
str) – aws region
- Return type
- Returns
ListFromAWSResult object
-
parallel_scan: bool = False¶
-
provider_name: str = 'aws'¶
-
region_whitelist: Tuple[str, …] = ()¶
-
classmethod
scan(scan_accessor)¶ Scan this ResourceSpec
- Parameters
scan_accessor (
AWSAccessor) –AWSAccessor object to use for api access
- Returns:
List of Resource objects
- Return type
List[Resource]
-
scan_granularity: altimeter.aws.resource.resource_spec.ScanGranularity = 1¶
-
service_name: str = ''¶
-
classmethod
skip_resource_scan(client, account_id, region)¶ Return a bool indicating whether this resource class scan should be skipped. :type client:
BaseClient:param client: boto3 client :type account_id:str:param account_id: account id :type region:str:param region: aws region- Return type
bool- Returns
True if this resource should be skipped.
-
classmethod
altimeter.aws.resource.unscanned_account module¶
Resource representing an unscanned AWS Account
-
class
UnscannedAccountResourceSpec¶ Bases:
altimeter.aws.resource.resource_spec.AWSResourceSpecResource representing an unscanned AWS Account
-
classmethod
generate_arn(resource_id, account_id='', region='')¶ Generate an ARN for this resource
- Return type
str
-
classmethod
get_full_type_name()¶ Get the fully qualified type name for this class, generally something like aws:ec2:instance, aws:iam:role, etc.
- Returns
ec2:instance”
- Return type
string of full type name, generally something like “aws
-
classmethod
list_from_aws(client, account_id, region)¶ List resources from AWS using client.
- Return type
-
classmethod
scan(scan_accessor)¶ Scan this ResourceSpec
- Parameters
scan_accessor (
AWSAccessor) –AWSAccessor object to use for api access
- Returns:
List of Resource objects
- Return type
List[Resource]
-
scan_granularity: altimeter.aws.resource.resource_spec.ScanGranularity = 2¶
-
schema: Schema = <altimeter.core.graph.schema.Schema object>¶
-
service_name: str = 'null'¶
-
type_name: str = 'unscanned-account'¶
-
classmethod
altimeter.aws.resource.util module¶
Utilty grab-bag
-
deep_sort_dict(dct)¶ Recursively sort a dictionary and additionally sort any embedded lists.
- Parameters
dct (
Dict) – dict to sort- Return type
Dict- Returns
Recursively sorted dict, with any embedded lists also sorted.
-
deep_sort_list(lst)¶ Recursively sort a list and additionally sort any embedded dicts.
- Parameters
lst (
List) – list to sort- Return type
List- Returns
Recursively sorted list, with any embedded dicts also sorted.
-
policy_doc_dict_to_sorted_str(policy_doc)¶ Generate a string representation of an IAM Policy document which is recursively sorted such that policies can be compared without order diffs.
- Parameters
policy_doc (
Dict[str,Any]) – policy document- Return type
str- Returns
Recursively sorted string representation of the policy document.