Merge pull request #36 from carnal0wnage/config_service_check

Config service check

.gitignore

@@ -1,5 +1,5 @@
 #let's attempt not to check in config.py with keys
-config.py
+#config.py
 
 #weirdAAL.db
 *.db

libs/config.py

@@ -21,12 +21,20 @@ AWS_ACCESS_KEY_ID = credentials.access_key
 
 
 def describe_configuration_recorders(region):
-    response = []
     try:
         client = boto3.client("config", region_name=region)
 
         response = client.describe_configuration_recorders()
-        # print response
+        region_name = "Region: %s\n" % region
+        print(region_name)
+        print("=" * len(region_name))
+        if not response['ConfigurationRecorders']:
+            print("No Recordings Found\n")
+        else:
+            for r in response['ConfigurationRecorders']:
+                for k,v in r.items():
+                    print("%s: %s" % (k,v))
+                print("\n")
     except botocore.exceptions.ClientError as e:
         if e.response['Error']['Code'] == 'InvalidClientTokenId':
             sys.exit("The AWS KEY IS INVALID. Exiting")
@@ -45,16 +53,22 @@ def describe_configuration_recorders(region):
     except KeyboardInterrupt:
         print("CTRL-C received, exiting...")
 
-    return response
-
 
 def describe_configuration_rules(region):
-    response = []
     try:
         client = boto3.client("config", region_name=region)
 
         response = client.describe_config_rules()
-        # print response
+        region_name = "Region: %s" % region
+        print(region_name)
+        print("=" * len(region_name))
+        if not response['ConfigRules']:
+            print("No Rules Found\n")
+        else:
+            for r in response['ConfigRules']:
+                for k,v in r.items():
+                    print("%s: %s" % (k,v))
+                print("\n")
     except botocore.exceptions.ClientError as e:
         if e.response['Error']['Code'] == 'InvalidClientTokenId':
             sys.exit("The AWS KEY IS INVALID. Exiting")
@@ -73,4 +87,64 @@ def describe_configuration_rules(region):
     except KeyboardInterrupt:
         print("CTRL-C received, exiting...")
 
-    return response
+def delete_rule(rule_name, region):
+    try:
+        client = boto3.client("config", region_name=region)
+        client.delete_config_rule(ConfigRuleName=rule_name)
+        print("Successfully deleted %s from %s!" % (rule_name, region))
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'InvalidClientTokenId':
+            sys.exit("The AWS KEY IS INVALID. Exiting")
+        elif e.response['Error']['Code']  == 'UnrecognizedClientException':
+            sys.exit("The AWS KEY IS INVALID. Exiting")
+        elif e.response['Error']['Code'] == 'AccessDenied':
+            print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID))
+            pass
+        elif e.response['Error']['Code'] == 'AccessDeniedException':
+            print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID))
+            pass
+        elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
+            print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
+        else:
+            print("Unexpected error: {}" .format(e))
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")
+
+def delete_recorder(recorder_name, region):
+    try:
+        client = boto3.client("config", region_name=region)
+        client.delete_configuration_recorder(ConfigurationRecorderName=recorder_name)
+        print("Successfully deleted %s from %s!" % (recorder_name, region))
+    except botocore.exceptions.ClientError as e:
+        if e.response['Error']['Code'] == 'InvalidClientTokenId':
+            sys.exit("The AWS KEY IS INVALID. Exiting")
+        elif e.response['Error']['Code']  == 'UnrecognizedClientException':
+            sys.exit("The AWS KEY IS INVALID. Exiting")
+        elif e.response['Error']['Code'] == 'AccessDenied':
+            print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID))
+            pass
+        elif e.response['Error']['Code'] == 'AccessDeniedException':
+            print('[-] {} : does not have config access. Did you check first?' .format(AWS_ACCESS_KEY_ID))
+            pass
+        elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
+            print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
+        else:
+            print("Unexpected error: {}" .format(e))
+    except KeyboardInterrupt:
+        print("CTRL-C received, exiting...")
+
+def list_all_config_rules():
+    for region in regions:
+        describe_configuration_rules(region)
+
+def list_all_config_recorders():
+    for region in regions:
+        describe_configuration_recorders(region)
+
+def delete_config_rule(rule_name, region):
+    if rule_name:
+        delete_rule(rule_name, region)
+
+def delete_config_recorder(recorder_name, region):
+    if recorder_name:
+        delete_recorder(recorder_name, region)

modules/config.py

@@ -0,0 +1,25 @@
+'''
+Module for interacting with the config service
+'''
+
+from libs.config import *
+
+def module_config_list_all_rules():
+    list_all_config_rules()
+
+def module_config_list_all_recorders():
+    list_all_config_recorders()
+
+def module_config_delete_rule(*args):
+    try:
+        if args[0][0] and args[0][1]:
+            delete_config_rule(args[0][0], args[0][1])
+    except IndexError:
+        print("You must provide the rule name and region name: -a someRuleName,us-east-1")
+
+def module_config_delete_recorder(*args):
+    try:
+        if args[0][0] and args[0][1]:
+            delete_config_recorder(args[0][0], args[0][1])
+    except IndexError:
+        print("You must provide the recorder name and region name: -a someRecorderName,us-east-1")