Last active
June 4, 2020 01:33
-
-
Save pwmcintyre/f66fd25d9395c1aad557a02f9ccb90ec to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import boto3 | |
# constants | |
role_name = 'OrganizationAccountAccessRole' | |
regions_in_scope = [ | |
'us-east-2', | |
'us-east-1', | |
'us-west-1', | |
'us-west-2', | |
# 'af-south-1', | |
# 'ap-east-1', | |
'ap-south-1', | |
# 'ap-northeast-3', | |
'ap-northeast-2', | |
'ap-southeast-1', | |
'ap-southeast-2', | |
'ap-northeast-1', | |
'ca-central-1', | |
# 'cn-north-1', | |
# 'cn-northwest-1', | |
'eu-central-1', | |
'eu-west-1', | |
'eu-west-2', | |
# 'eu-south-1', | |
'eu-west-3', | |
'eu-north-1', | |
# 'me-south-1', | |
'sa-east-1', | |
# 'us-gov-east-1' | |
# 'us-gov-west-1' | |
] | |
looking_for_instances = [ | |
"i-0e41e21b4dd97712b", | |
"i-0b0b65125e90caa25", | |
"i-0998aafbb816812b3", | |
"i-018378690e937e71c", | |
] | |
class bcolors: | |
HEADER = '\033[95m' | |
OKBLUE = '\033[94m' | |
OKGREEN = '\033[92m' | |
WARNING = '\033[93m' | |
FAIL = '\033[91m' | |
ENDC = '\033[0m' | |
BOLD = '\033[1m' | |
UNDERLINE = '\033[4m' | |
# get accounts for this org | |
# assumes you're running in root account | |
accounts = [] | |
NextToken = None | |
orgs_client = boto3.client('organizations') | |
while True: | |
getListAccounts = orgs_client.list_accounts(NextToken=NextToken) if NextToken else orgs_client.list_accounts() | |
accounts.extend(getListAccounts['Accounts']) | |
if getListAccounts['NextToken'] not in getListAccounts: | |
break | |
else: | |
NextToken = getListAccounts['NextToken'] | |
# for each child account | |
sts_client = boto3.client("sts") | |
for account in accounts: | |
print ( "Name: {0.BOLD}{1[Name]: <30}{0.ENDC} ID: {0.BOLD}{1[Id]: <14}{0.ENDC} Status: {0.BOLD}{1[Status]: <10}{0.ENDC}".format( bcolors, account ) ) | |
# assume role | |
assumed_role_object = sts_client.assume_role( | |
RoleArn="arn:aws:iam::{0[Id]}:role/{1}".format(account, role_name), | |
RoleSessionName=account['Name'] | |
) | |
credentials=assumed_role_object['Credentials'] | |
# for each region in scope | |
for region in regions_in_scope: | |
found = [] | |
error = None | |
try: | |
# get session | |
session=boto3.Session( | |
region_name=region, | |
aws_access_key_id=credentials['AccessKeyId'], | |
aws_secret_access_key=credentials['SecretAccessKey'], | |
aws_session_token=credentials['SessionToken'], | |
) | |
# find ... | |
resource=session.resource(service_name="ec2") | |
ids = [instance.id for instance in resource.instances.all()] | |
found = list(set(ids) & set(looking_for_instances)) | |
except Exception as e: | |
error = e | |
print( "region: {0: <15} {1} {2}".format(region, found, error or "") ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment