Created
August 20, 2019 04:27
-
-
Save mpomery/ca665e95e3a63011a745aa36c8b3466d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import boto3 | |
| import os | |
| import logging | |
| import time | |
| import re | |
| sts = boto3.client('sts') | |
| role_name = '' | |
| accounts = [""] | |
| sourceaccount = sts.get_caller_identity()['Account'] | |
| def aws_session(account_id): | |
| if str(account_id) == str(sourceaccount): | |
| session = boto3.Session() | |
| return session | |
| else: | |
| try: | |
| role_arn = 'arn:aws:iam::' + account_id + ':role/' + role_name | |
| if account_id: | |
| try: | |
| response = sts.assume_role(RoleArn=role_arn, RoleSessionName="AssumedRoleSession") | |
| session = boto3.Session( | |
| aws_access_key_id=response['Credentials']['AccessKeyId'], | |
| aws_secret_access_key=response['Credentials']['SecretAccessKey'], | |
| aws_session_token=response['Credentials']['SessionToken']) | |
| return session | |
| except Exception as e: | |
| pass | |
| except: | |
| pass | |
| def main(): | |
| detached_volume_count = 0 | |
| known_instance_volume_count = 0 | |
| unknown_instance_volume_count = 0 | |
| for account in accounts: | |
| print('Account: {}'.format(account)) | |
| session = aws_session(str(account)) | |
| if session: | |
| ec2_client = session.client('ec2') | |
| cloudtrail_client = session.client('cloudtrail') | |
| cloudtrail_events = cloudtrail_client.lookup_events( | |
| LookupAttributes=[ | |
| { | |
| 'AttributeKey': 'EventName', | |
| 'AttributeValue': 'DetachVolume' | |
| }, | |
| ] | |
| ) | |
| detached_volumes = {} | |
| for event in cloudtrail_events['Events']: | |
| volume = "" | |
| instance = "" | |
| for resource in event['Resources']: | |
| if resource["ResourceType"] == "AWS::EC2::Instance": | |
| instance = resource["ResourceName"] | |
| if resource["ResourceType"] == "AWS::EC2::Volume": | |
| volume = resource["ResourceName"] | |
| if volume not in detached_volumes: | |
| detached_volumes[volume] = (instance, event["EventTime"]) | |
| volumes = ec2_client.describe_volumes() | |
| for volume in volumes['Volumes']: | |
| volume_id = volume['VolumeId'] | |
| if volume['State'] == "available": | |
| if volume_id in detached_volumes: | |
| print("{} was attached to {}".format(volume_id, detached_volumes[volume_id][0])) | |
| known_instance_volume_count += 1 | |
| else: | |
| print("No idea where {} came from".format(volume_id)) | |
| unknown_instance_volume_count += 1 | |
| detached_volume_count += 1 | |
| else: | |
| print("unable to access: {}".format(account)) | |
| print("Total Detached Volumes: {}".format(detached_volume_count)) | |
| print("Total Known Instance Detached Volumes: {}".format(known_instance_volume_count)) | |
| print("Total Unknown Instance Detached Volumes: {}".format(unknown_instance_volume_count)) | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment