Created
July 7, 2023 21:47
-
-
Save jmhale/12939433d41b7b2f79f5bc2a15b59bc5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
from prettytable import PrettyTable | |
def get_unencrypted_volumes(): | |
ec2 = boto3.client('ec2') | |
# Retrieve all EBS volumes in the AWS account | |
response = ec2.describe_volumes() | |
volumes = response['Volumes'] | |
# Filter volumes that are not encrypted and have an invalid device name | |
unencrypted_volumes = [] | |
invalid_device_names = ["/dev/sda", "/dev/sda1", "/dev/xvda"] | |
for volume in volumes: | |
if 'Encrypted' in volume and not volume['Encrypted']: | |
attachments = volume.get('Attachments', []) | |
for attachment in attachments: | |
if 'Device' in attachment and attachment['Device'] not in invalid_device_names: | |
instance_id = attachment.get('InstanceId', '') | |
instance_name = '' | |
if instance_id: | |
ec2_resource = boto3.resource('ec2') | |
instance = ec2_resource.Instance(instance_id) | |
instance_tags = instance.tags | |
if instance_tags: | |
for tag in instance_tags: | |
if tag['Key'] == 'Name': | |
instance_name = tag['Value'] | |
unencrypted_volumes.append((volume, instance_id, instance_name)) | |
break | |
return unencrypted_volumes | |
def get_snapshots_info(owner_id): | |
ec2 = boto3.client('ec2') | |
ec2_resource = boto3.resource('ec2') | |
invalid_device_names = ["/dev/sda", "/dev/sda1", "/dev/xvda"] | |
# Retrieve all unencrypted snapshots owned by the specified owner ID | |
response = ec2.describe_snapshots(Filters=[{'Name': 'encrypted', 'Values': ['false']}, | |
{'Name': 'owner-id', 'Values': [owner_id]}]) | |
snapshots = response['Snapshots'] | |
snapshots_info = [] | |
for snapshot in snapshots: | |
snapshot_id = snapshot['SnapshotId'] | |
volume_id = snapshot['VolumeId'] | |
instance_id = '' | |
instance_name = '' | |
# Retrieve volume information | |
volume_response = ec2.describe_volumes(VolumeIds=[volume_id]) | |
volume = volume_response['Volumes'][0] | |
attachments = volume.get('Attachments', []) | |
if attachments: | |
attachment = attachments[0] | |
device_name = attachment.get('Device', '') | |
if device_name not in invalid_device_names: | |
instance_id = attachment.get('InstanceId', '') | |
if instance_id: | |
instance_response = ec2.describe_instances(InstanceIds=[instance_id]) | |
instance = instance_response['Reservations'][0]['Instances'][0] | |
instance_tags = instance.get('Tags', []) | |
for tag in instance_tags: | |
if tag['Key'] == 'Name': | |
instance_name = tag['Value'] | |
snapshots_info.append((snapshot_id, volume_id, instance_id, instance_name)) | |
return snapshots_info | |
# Main script | |
sts = boto3.client('sts') | |
caller_identity = sts.get_caller_identity() | |
owner_id = caller_identity['Account'] | |
unencrypted_volumes = get_unencrypted_volumes() | |
snapshots_info = get_snapshots_info(owner_id) | |
# Display unencrypted volumes | |
if len(unencrypted_volumes) > 0: | |
print("Unencrypted volumes:") | |
table_volumes = PrettyTable(['Volume ID', 'Instance ID', 'Instance Name']) | |
for volume, instance_id, instance_name in unencrypted_volumes: | |
volume_id = volume['VolumeId'] | |
table_volumes.add_row([volume_id, instance_id, instance_name]) | |
print(table_volumes) | |
else: | |
print("No unencrypted volumes found.") | |
# Display unencrypted snapshots | |
if len(snapshots_info) > 0: | |
print("\nUnencrypted snapshots:") | |
table_snapshots = PrettyTable(['Snapshot ID', 'Volume ID', 'Instance ID', 'Instance Name']) | |
for snapshot_id, volume_id, instance_id, instance_name in snapshots_info: | |
table_snapshots.add_row([snapshot_id, volume_id, instance_id, instance_name]) | |
print(table_snapshots) | |
else: | |
print("\nNo unencrypted snapshots found.") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment