altimeter.aws.scan package

Submodules

altimeter.aws.scan.account_scan_manifest module

An AccountScanManifest defines the output of an account scan.

class AccountScanManifest(account_id, artifacts, errors)

Bases: object

An AccountScanManifest defines the output of an account scan. It contains pointers to the scan result artifacts and summaries of what was scanned and errors which occurred.

Parameters
  • account_id (str) – account id

  • artifacts (List[str]) – list of scan artifacts

  • errors (List[str]) – list of error strings

account_id: str
artifacts: List[str]
errors: List[str]

altimeter.aws.scan.account_scanner module

An AccountScanner scans a set of accounts using an AccountScanPlan to define scan parameters

class AccountScanResult(**data)

Bases: altimeter.core.base_model.BaseImmutableModel

pydantic model representing account scan results

account_id: str
artifacts: List[str]
errors: List[str]
class AccountScanner(account_scan_plan, artifact_writer, max_svc_scan_threads, preferred_account_scan_regions, scan_sub_accounts, graph_name='alti', graph_version='2')

Bases: object

An AccountScanner scans a set of accounts using an AccountScanPlan to define scan parameters

Parameters
  • account_scan_plan (AccountScanPlan) – AccountScanPlan describing scan targets

  • artifact_writer (ArtifactWriter) – ArtifactWriter for writing out artifacts

  • graph_name (str) – name of graph

  • graph_version (str) – version string for graph

scan()
Return type

AccountScanResult

class ScanUnit(graph_name, graph_version, account_id, region_name, service, access_key, secret_key, token, resource_spec_classes)

Bases: object

Represents a single unit of scan which can be performed concurrently alongside any other ScanUnit - in general ScanUnits should be organized to avoid API limits

access_key: str
account_id: str
graph_name: str
graph_version: str
region_name: str
resource_spec_classes: Tuple[Type[altimeter.aws.resource.resource_spec.AWSResourceSpec], ]
secret_key: str
service: str
token: str
get_all_enabled_regions(session)

Get all enabled regions - which are either opted-in or are opt-in-not-required - for a given session. :type session: Session :param session: boto3 Session

Return type

Tuple[str, …]

Returns

tuple of enabled regions in the given session.

scan_scan_unit(scan_unit)
Return type

GraphSet

schedule_scan(executor, graph_name, graph_version, account_id, region_name, service, access_key, secret_key, token, resource_spec_classes)
Return type

Future

altimeter.aws.scan.aws_accessor module

AWSAccessor is a wrapper around a boto3 client which provides protection against non-Get/List/Describe API calls occurring.

class AWSAccessor(session, account_id, region_name, readonly=True)

Bases: object

AWSAccessor is a wrapper around a boto3 client which provides protection against non-Get/List/Describe API calls occurring as well as api call statistic tracking.

Parameters
  • session (Session) – boto3 Session

  • account_id (str) – aws account id

  • region_name (str) – aws region

client(service_name)

Return a boto3 client for a given AWS service_name.

Parameters

service_name (str) – AWS service name

Return type

BaseClient

Returns

boto3 client

on_request_created(account_id, region_name, service_name, readonly, **kwargs)

Called when a boto3 request is created.

Parameters
  • account_id (str) – request account id

  • region_name (str) – request region

  • service_name (str) – request service

  • readonly (bool) – if True only allow readonly calls

  • kwargs (Any) – kwargs which are passed through by the boto event callback.

Return type

None

altimeter.aws.scan.scan module

get_sub_account_ids(account_ids, accessor)
Return type

Tuple[str, …]

run_scan(muxer, config, artifact_writer, artifact_reader)
Return type

Tuple[ScanManifest, ValidatedGraphSet]

altimeter.aws.scan.scan_manifest module

A ScanManifest defines the output of a complete scan.

class ScanManifest(**data)

Bases: altimeter.core.base_model.BaseImmutableModel

A ScanManifest defines the output of a complete scan. It contains pointers to the per-account scan result artifacts and summaries of what was scanned, errors which occurred, scan datetime and api call statistics.

Parameters
  • scanned_accounts – List of account ids which were scanned

  • master_artifact – artifact containing complete graph json

  • artifacts – list of artifacts, one per account

  • errors – Dict of account_ids to list of errors encountered during scan

  • unscanned_accounts – List of account ids which were not scanned

  • start_time – epoch timestamp of scan start time

  • end_time – epoch timestamp of scan end time

artifacts: List[str]
end_time: int
errors: Dict[str, List[str]]
master_artifact: Optional[str]
scanned_accounts: List[str]
start_time: int
unscanned_accounts: List[str]

altimeter.aws.scan.scan_plan module

A ScanPlan defines how to scan a set of accounts.

class AccountScanPlan(**data)

Bases: altimeter.core.base_model.BaseImmutableModel

An AccountScanPlan defines how to scan an account.

Parameters
  • account_id – account id to scan

  • regions – regions to scan

  • accessor – Accessor to use to access the accounts

accessor: altimeter.aws.auth.accessor.Accessor
account_id: str
regions: Tuple[str, ]
class ScanPlan(**data)

Bases: altimeter.core.base_model.BaseImmutableModel

A ScanPlan defines how to scan a set of accounts.

Parameters
  • account_ids – account ids to scan

  • regions – regions to scan

  • accessor – Accessor to use to access the accounts

accessor: altimeter.aws.auth.accessor.Accessor
account_ids: Tuple[str, ]
build_account_scan_plans()
Return type

Tuple[AccountScanPlan, …]

regions: Tuple[str, ]

altimeter.aws.scan.settings module

AWS Resource classes.

Module contents