Created
September 1, 2022 15:40
-
-
Save meleksomai/b5aa848095c6b8c6c1234b185387fd42 to your computer and use it in GitHub Desktop.
This python code extract all SCPs in an AWS Organization to distinct JSON files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
"""Retrieves the list of all SCPs in an AWS Organization. | |
This utility retrieves the content in JSON format of all the SCPs (Service | |
Control Policies) in a given AWS Organization. | |
""" | |
import boto3 | |
org = boto3.client("organizations") | |
# Check the account is correct | |
account_id = boto3.client('sts').get_caller_identity().get('Account') | |
print(f"The current account is {account_id}") | |
# ======================================= | |
# Step 1: Extract list of SCP policies | |
# ======================================= | |
response = org.list_policies(Filter='SERVICE_CONTROL_POLICY') | |
scp_list = response["Policies"] | |
while "NextToken" in response: | |
print(f"Retrieving additional SCPs...") | |
response = org.list_policies( | |
Filter='SERVICE_CONTROL_POLICY', NextToken=response["NextToken"]) | |
scp_list.extend(response["Policies"]) | |
print(f"{len(scp_list)} SCPs found in the Organization") | |
# ============================================================ | |
# Step 2: Extract the content of each policy to a JSON FILE | |
# ============================================================ | |
for scp in scp_list: | |
response = org.describe_policy(PolicyId=scp["Id"]) | |
content = response["Policy"]["Content"] | |
# Writing to sample.json | |
with open(f"{scp['Id']}.json", "w") as outfile: | |
outfile.write(content) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment