From e27853b4e1046bc6f5def66dd434cfd44558fda5 Mon Sep 17 00:00:00 2001 From: carnal0wnage Date: Thu, 29 Jun 2017 23:08:36 -0400 Subject: [PATCH] cloudwatch functions --- libs/cloudwatch.py | 82 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 libs/cloudwatch.py diff --git a/libs/cloudwatch.py b/libs/cloudwatch.py new file mode 100644 index 0000000..b775291 --- /dev/null +++ b/libs/cloudwatch.py @@ -0,0 +1,82 @@ +''' +cloudwatch functions +''' + +import boto3 +import botocore +import pprint +import sys,os + +pp = pprint.PrettyPrinter(indent=5, width=80) + +#from http://docs.aws.amazon.com/general/latest/gr/rande.html +regions = ['us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', 'ca-central-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', ] + +def describe_alarms(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing Cloudwatch Alarm Information ###") + try: + for region in regions: + client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region) + + response = client.describe_alarms() + print"### {} Alarms ###" .format(region) + for alarm in response['MetricAlarms']: + pp.pprint(alarm) + print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + else: + print "Unexpected error: {}" .format(e) + +def describe_alarm_history(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing Cloudwatch Alarm History Information ###") + try: + for region in regions: + client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) + + response = client.describe_alarm_history() + #print response + if response.get('AlarmHistoryItems') is None: + print "{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID) + elif len(response['AlarmHistoryItems']) <= 0: + print "[-] DecribeAlarmHistory allowed for {} but no results [-]" .format(region) + else: + print"### {} Alarm History ###" .format(region) + for history_item in response['AlarmHistoryItems']: + pp.pprint(history_item) + print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + else: + print "Unexpected error: {}" .format(e) + +def list_metrics(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): + print("### Printing Cloudwatch List Metrics ###") + try: + for region in regions: + client = boto3.client('cloudwatch', aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,region_name=region) + + response = client.list_metrics() + #print response + if response.get('Metrics') is None: + print "{} likely does not have cloudwatch permissions\n" .format(AWS_ACCESS_KEY_ID) + elif len(response['Metrics']) <= 0: + print "[-] ListMetrics allowed for {} but no results [-]" .format(region) + else: + print"### Listing Metrics for {} ###" .format(region) + for metrics in response['Metrics']: + pp.pprint(metrics) + print("\n") + except botocore.exceptions.ClientError as e: + if e.response['Error']['Code'] == 'InvalidClientTokenId': + sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID)) + elif e.response['Error']['Code'] == 'AccessDenied': + print('{} : Is NOT a root key' .format(AWS_ACCESS_KEY_ID)) + else: + print "Unexpected error: {}" .format(e)