Last active
July 5, 2016 12:55
-
-
Save jobbin/67d909f58fd8b1c45998288ae885a355 to your computer and use it in GitHub Desktop.
Lambda & CloudWatchEvents & Slackで 長期的に利用されていないAccessKeyを検知・通知する ref: http://qiita.com/jobbin/items/986225f0536697685e13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
from __future__ import print_function | |
import boto3 | |
import time | |
import calendar | |
import slackweb | |
print('Loading function') | |
# Webhook | |
Slack = slackweb.Slack(url="https://hooks.slack.com/services/T0HTZK5S4/B0***************w") | |
client = boto3.client('iam') | |
# 日数を指定 | |
Days = 60 | |
Interval = 60 * 60 * 24 * Days | |
def add_info(Users,Attachments): | |
for User in Users: | |
Name = User["UserName"] | |
AccessKeyId = User["AccessKeyId"] | |
LastUsed = str(User["LastUsed"]) | |
Text = "```AccessKeyId: " + AccessKeyId + "\n" + \ | |
"UserName: " + Name + "\n" + \ | |
"LastUsed: " + LastUsed + "```" | |
Attachment = { | |
"text": Text, | |
"color": "danger", | |
"mrkdwn_in": ["text"] | |
} | |
Attachments.append(Attachment) | |
def lambda_handler(event, context): | |
# Slack Message Attachments | |
Attachments = [] | |
# 指定日数以上利用されていないAccessKeyの情報 | |
AccessKeyInfo = [] | |
# 作成されてから、利用されていないAccessKeyの情報 | |
UnusedAccessKeyInfo = [] | |
# 現在の時刻を取得 | |
Now = time.time() | |
print(Now) | |
UsersList = client.list_users() | |
for User in UsersList["Users"]: | |
AccessKeysList = client.list_access_keys( | |
UserName = User['UserName'] | |
) | |
for AccessKeyMetadata in AccessKeysList["AccessKeyMetadata"]: | |
print(AccessKeyMetadata["AccessKeyId"]) | |
Key = client.get_access_key_last_used( | |
AccessKeyId = AccessKeyMetadata["AccessKeyId"] | |
) | |
# Keyが利用された場合 | |
if str(Key["AccessKeyLastUsed"].get("LastUsedDate")) != 'None': | |
# Keyが最後に利用された時間(Unix Time) | |
AccessKeyLastUsedUnixTime = calendar.timegm(Key['AccessKeyLastUsed']['LastUsedDate'].utctimetuple()) | |
print(AccessKeyLastUsedUnixTime) | |
if Now - AccessKeyLastUsedUnixTime > Interval: | |
Info = { | |
"UserName" : User['UserName'], | |
"AccessKeyId" : AccessKeyMetadata["AccessKeyId"], | |
"LastUsed" : Key['AccessKeyLastUsed']['LastUsedDate'], | |
} | |
AccessKeyInfo.append(Info) | |
# Keyが未使用の場合 | |
else: | |
Info = { | |
"UserName" : User['UserName'], | |
"AccessKeyId" : AccessKeyMetadata["AccessKeyId"], | |
"LastUsed" : "Null" | |
} | |
UnusedAccessKeyInfo.append(Info) | |
print(str(Key["AccessKeyLastUsed"].get("LastUsedDate"))) | |
# 指定日数以上利用されていないAccessKeyがない場合 | |
if len(AccessKeyInfo) == 0 and len(UnusedAccessKeyInfo) == 0 : | |
Attachments = [ | |
{ | |
"pretext": "AccessKeyの棚卸しを行いました、問題がありません.", | |
} | |
] | |
# 指定日数以上利用されていないAccessKeyがある場合 | |
else : | |
Attachments = [ | |
{ | |
"pretext": "AccessKeyの棚卸しを行いました.\n" + \ | |
str(Days) + "日以上利用されていないAccessKeyがあります!", | |
} | |
] | |
print(str(Days) + "日利用されていないAccessKeyは下記の通り") | |
print(len(AccessKeyInfo)) | |
add_info(AccessKeyInfo,Attachments) | |
print("作成されてから、利用されていないAccessKeyは下記の通り") | |
print(len(UnusedAccessKeyInfo)) | |
add_info(UnusedAccessKeyInfo,Attachments) | |
# Slackに送信 | |
Slack.notify(attachments = Attachments) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment