z0ph/aws_config_setup.py

## aws_config_setup.py
import boto3
import re
from urllib.request import urlopen
import logging

# https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/config.html#ConfigService.Client.put_configuration_recorder

# Purpose:
# Activate Custom AWS Record for AWS Config
# Supported resource type: https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources
# Scraping AWS Docs using: https://realpython.com/python-web-scraping-practical-introduction/

# Get information about the current regional config recorder: aws configservice describe-configuration-recorders --region eu-west-1

# Logging
root = logging.getLogger()
if root.handlers:
    for handler in root.handlers:
        root.removeHandler(handler)
logging.basicConfig(format='%(asctime)s - %(levelname)s - %(message)s',level=logging.INFO)

recorder_name = "<AWS Config recorder name>"
role_arn = "<role arn used for AWS Config>"

# Put here the AWS Config resources type to exclude
exclusion_list = [
    'AWS::EC2::Subnet',
    'AWS::EC2::VPC',
    'AWS::EC2::SecurityGroup'
]

def get_config_resources():
    url = "https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources"
    page = urlopen(url)
    html = page.read().decode("utf-8")

    # Target format: AWS::ApiGateway::Stage
    pattern = "AWS::.*"
    match_results = re.findall(pattern, html)
    cleaned_list = []
    count = 0

    for result in match_results:
        # remove HTML tags
        results = re.sub("<.*?>", "", result)
        # remove ending *
        results = results.replace("*", "")
        # remove space
        results = results.replace(" ", "")
        # remove long items (sentences)
        if len(results) >= 60:
            continue
        # distinct list while preserving order
        list(dict.fromkeys(results))
        # Count items
        count += 1
        # Create the target cleaned list
        cleaned_list.append(results)
    logging.info("Scraped Config supported resources: %s", count)

    return cleaned_list

def apply_custom_recorder(config_resources):
    # Remove excluded resources from the globql list
    result_list = list(set(config_resources) - set(exclusion_list))

    # counter
    count_result = 0

    # Count resulted number of resource types (minus excluded types)
    for type in result_list:
        count_result += 1
    logging.info("result_types: %s", count_result)

    client = boto3.client('config')

    try:
        r = client.put_configuration_recorder(
                ConfigurationRecorder={
                    'name': recorder_name,
                    'roleARN': role_arn,
                    'recordingGroup': {
                        'allSupported': False,
                        'includeGlobalResourceTypes': False,
                        'resourceTypes': result_list
                    }
                }
            )
    except Exception as e:
        logging.error(e)
    logging.info("Response: %s", r)

if __name__ == "__main__":
    config_resources = get_config_resources()
    apply_custom_recorder(config_resources)
	import boto3
	import re
	from urllib.request import urlopen
	import logging

	# https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/config.html#ConfigService.Client.put_configuration_recorder

	# Purpose:
	# Activate Custom AWS Record for AWS Config
	# Supported resource type: https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources
	# Scraping AWS Docs using: https://realpython.com/python-web-scraping-practical-introduction/

	# Get information about the current regional config recorder: aws configservice describe-configuration-recorders --region eu-west-1

	# Logging
	root = logging.getLogger()
	if root.handlers:
	for handler in root.handlers:
	root.removeHandler(handler)
	logging.basicConfig(format='%(asctime)s - %(levelname)s - %(message)s',level=logging.INFO)

	recorder_name = "<AWS Config recorder name>"
	role_arn = "<role arn used for AWS Config>"

	# Put here the AWS Config resources type to exclude
	exclusion_list = [
	'AWS::EC2::Subnet',
	'AWS::EC2::VPC',
	'AWS::EC2::SecurityGroup'
	]

	def get_config_resources():
	url = "https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources"
	page = urlopen(url)
	html = page.read().decode("utf-8")

	# Target format: AWS::ApiGateway::Stage
	pattern = "AWS::.*"
	match_results = re.findall(pattern, html)
	cleaned_list = []
	count = 0

	for result in match_results:
	# remove HTML tags
	results = re.sub("<.*?>", "", result)
	# remove ending *
	results = results.replace("*", "")
	# remove space
	results = results.replace(" ", "")
	# remove long items (sentences)
	if len(results) >= 60:
	continue
	# distinct list while preserving order
	list(dict.fromkeys(results))
	# Count items
	count += 1
	# Create the target cleaned list
	cleaned_list.append(results)
	logging.info("Scraped Config supported resources: %s", count)

	return cleaned_list

	def apply_custom_recorder(config_resources):
	# Remove excluded resources from the globql list
	result_list = list(set(config_resources) - set(exclusion_list))

	# counter
	count_result = 0

	# Count resulted number of resource types (minus excluded types)
	for type in result_list:
	count_result += 1
	logging.info("result_types: %s", count_result)

	client = boto3.client('config')

	try:
	r = client.put_configuration_recorder(
	ConfigurationRecorder={
	'name': recorder_name,
	'roleARN': role_arn,
	'recordingGroup': {
	'allSupported': False,
	'includeGlobalResourceTypes': False,
	'resourceTypes': result_list
	}
	}
	)
	except Exception as e:
	logging.error(e)
	logging.info("Response: %s", r)

	if __name__ == "__main__":
	config_resources = get_config_resources()
	apply_custom_recorder(config_resources)