Skip to content

Instantly share code, notes, and snippets.

@jmhale

jmhale/ec2_enc_status.py

Created July 7, 2023 21:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jmhale/12939433d41b7b2f79f5bc2a15b59bc5 to your computer and use it in GitHub Desktop.
Save jmhale/12939433d41b7b2f79f5bc2a15b59bc5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ec2_enc_status.py
import boto3
from prettytable import PrettyTable
def get_unencrypted_volumes():
ec2 = boto3.client('ec2')
# Retrieve all EBS volumes in the AWS account
response = ec2.describe_volumes()
volumes = response['Volumes']
# Filter volumes that are not encrypted and have an invalid device name
unencrypted_volumes = []
invalid_device_names = ["/dev/sda", "/dev/sda1", "/dev/xvda"]
for volume in volumes:
if 'Encrypted' in volume and not volume['Encrypted']:
attachments = volume.get('Attachments', [])
for attachment in attachments:
if 'Device' in attachment and attachment['Device'] not in invalid_device_names:
instance_id = attachment.get('InstanceId', '')
instance_name = ''
if instance_id:
ec2_resource = boto3.resource('ec2')
instance = ec2_resource.Instance(instance_id)
instance_tags = instance.tags
if instance_tags:
for tag in instance_tags:
if tag['Key'] == 'Name':
instance_name = tag['Value']
unencrypted_volumes.append((volume, instance_id, instance_name))
break
return unencrypted_volumes
def get_snapshots_info(owner_id):
ec2 = boto3.client('ec2')
ec2_resource = boto3.resource('ec2')
invalid_device_names = ["/dev/sda", "/dev/sda1", "/dev/xvda"]
# Retrieve all unencrypted snapshots owned by the specified owner ID
response = ec2.describe_snapshots(Filters=[{'Name': 'encrypted', 'Values': ['false']},
{'Name': 'owner-id', 'Values': [owner_id]}])
snapshots = response['Snapshots']
snapshots_info = []
for snapshot in snapshots:
snapshot_id = snapshot['SnapshotId']
volume_id = snapshot['VolumeId']
instance_id = ''
instance_name = ''
# Retrieve volume information
volume_response = ec2.describe_volumes(VolumeIds=[volume_id])
volume = volume_response['Volumes'][0]
attachments = volume.get('Attachments', [])
if attachments:
attachment = attachments[0]
device_name = attachment.get('Device', '')
if device_name not in invalid_device_names:
instance_id = attachment.get('InstanceId', '')
if instance_id:
instance_response = ec2.describe_instances(InstanceIds=[instance_id])
instance = instance_response['Reservations'][0]['Instances'][0]
instance_tags = instance.get('Tags', [])
for tag in instance_tags:
if tag['Key'] == 'Name':
instance_name = tag['Value']
snapshots_info.append((snapshot_id, volume_id, instance_id, instance_name))
return snapshots_info
# Main script
sts = boto3.client('sts')
caller_identity = sts.get_caller_identity()
owner_id = caller_identity['Account']
unencrypted_volumes = get_unencrypted_volumes()
snapshots_info = get_snapshots_info(owner_id)
# Display unencrypted volumes
if len(unencrypted_volumes) > 0:
print("Unencrypted volumes:")
table_volumes = PrettyTable(['Volume ID', 'Instance ID', 'Instance Name'])
for volume, instance_id, instance_name in unencrypted_volumes:
volume_id = volume['VolumeId']
table_volumes.add_row([volume_id, instance_id, instance_name])
print(table_volumes)
else:
print("No unencrypted volumes found.")
# Display unencrypted snapshots
if len(snapshots_info) > 0:
print("\nUnencrypted snapshots:")
table_snapshots = PrettyTable(['Snapshot ID', 'Volume ID', 'Instance ID', 'Instance Name'])
for snapshot_id, volume_id, instance_id, instance_name in snapshots_info:
table_snapshots.add_row([snapshot_id, volume_id, instance_id, instance_name])
print(table_snapshots)
else:
print("\nNo unencrypted snapshots found.")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment