tableau / altimeter Goto Github PK
View Code? Open in Web Editor NEWGraph AWS resources in Neptune
License: MIT License
Graph AWS resources in Neptune
License: MIT License
I am currently trying to scan Base Path Mappings in API Gateway. This works as expected until it encounters an API Gateway V2 API. The get_base_mappings
response data includes an API ID, but there is no way to tell whether this points to a V1 or a V2 API. As such, I can't just use a ResourceLinkField
as usual.
Can you recommend a way to achieve the link? I'm thinking it would require checking the list of both v1 and v2 APIs for each mapping and setting my object as appropriate. I'll probably define two ResourceLinkFields
and set them them as optional, unless there's some other better way to do this.
I believe we could auto-generate this from schema classes.
API Gateway domain names (and other API Gateway resources tbh) have their keys set to all lowercase letters. (an example can be seen in the response here: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/apigateway.html#APIGateway.Client.get_domain_names)
Because TagsField
defaults to optional=True
, the lowercase key will be missed and the tags will be empty.
Seems like pip
didn't leave everything ok, or perhaps I'm missing some instructions on how to run it.
altimeter was installed at: /Users/gonzalovasquez/Library/Python/3.7/bin/altimeter
as my user and also with sudo
at /System/Volumes/Data/Users/gonzalovasquez/Library/Python/3.7/bin/altimeter
, but both yield same error message about the missing aws2n.py
Facts:
aws --version
aws-cli/2.0.15 Python/3.7.4 Darwin/19.6.0 botocore/2.0.0dev19
macOS Catalina 10.15.7
Add an additional 'name' triple on EC2 instances, derived from the Name tag where present.
I am trying to set up altimeter. I have set up the config file ('current_single_account.toml') and am having trouble getting the 'altimeter' command to work. I am working on a MacOS machine with M1 chip, using Terminal. Any tips?
The Locate vpcs with no ec2 instances, rds instances lambdas or ENIs attached.
query returns all VPCs in my account, including those containing EC2 instances, etc.
Apologies but my SPARQL isn't quite sharp enough to spot the issue.
@jbmchuck, if I'm not wrong, after merging the PRs #168 and #163 no releases have been cut. Would it make sense to cut a new release including them?
$ git log --oneline 6.4.4..master
525750f (HEAD -> master, upstream/master, upstream/HEAD, origin/master) Gather user and group policies (#163)
09f974a Make the field UserId in a Security Group optional (#168)
Thanks in advance!
Using the quickstart guide and running the below command runs to error. Am I missing some confirguration. I have AWS CLI setup and all the aws cli commands work fine.
altimeter --base_dir /tmp/altimeter --regions us-east-1
usage: aws2json.py [-h] --config CONFIG output_dir
aws2json.py: error: the following arguments are required: --config
Currently we are using a set of custom scripts. These could be replaced with tox and a small config.
I am currently scanning an account in which I have close to full access but, due to compliance and security settings, I am unable to enumerate various settings. (SAML provider information and user access keys, as examples).
It would be useful if the scanning was allowed to continue when access errors are encountered, as I am only interested in the resources that I have access to. This would also help with being able to audit a user's access and ensure they do not have too many privileges.
(One potential way to achieve this could be a settings value that allowed you to exclude certain resources from scanning but that seems a little inelegant, plus could require repeated runs until no errors are generated.)
Nodes which have an arn should be represented by a URIRef rather than a BNode.
pipx
is a super useful way to install scripts into their own virtualenv. At the moment, it can make a good attempt at installing altimeter but doesn't set up the main scripts as these are defined as scripts
in setup.py
rather than console_scripts
.
My suggestion is that that the scripts be converted to console_scripts
to allow pipx
to install them. (I appreciate I might be missing some of the reasons why this isn't possible.)
Code assumes that InvitedAt key is always present in the dictionary, but it is not required: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_Master.html
Use .get(key) and add optional=True in schema.
To get this to work with a Python 3.10.13 environment I needed to change
v-env/lib/python3.10/site-packages/tornado/httputil.py
this line 25:
From:
import collections
To:
import collections.abc
and also here line 107:
From:
class HTTPHeaders(collections.MutableMapping):
To:
class HTTPHeaders(collections.abc.MutableMapping):
Lambda's 15 min timeout becomes an issue as the number of accounts increases. Move the main aws2n process to ECS, continue using lambda for each account scan.
This line of code causes Altimeter to crash upon first use.
s3_client = boto3.client("s3")
throws NoRegionError: You must specify a region.
error because the region parameter is not specified and the AWS_DEFAULT_REGION
environment variable wasn't specified.
Suggest either adding region parameter to the call based on what's in the config file or pick a region by default, or tell user to set AWS_DEFAULT_REGION
and/or update documentation.
API Gateway V2 APIs have their tags defined as a simple dictionary, rather than the traditional Key/Value pairing. TagsField
will throw a TypeError
as a result.
An example response can be seen here: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/apigatewayv2.html#ApiGatewayV2.Client.get_apis
This is blocked by boto/botocore#2332 , once that is resolved we can bump boto versions and cut a new release.
Hey Guys,
We are running altimeter
on our production AWS account.
It is running under a restricted access IAM role and continuously facing AccessDenied
issue.
We request those permissions, but on the next run appear new ones and so on.
Is it possible to document all permissions, which should be allowed to run altimeter
under a restricted access policy?
IAM role resources appear to have the region added to their ARN which isn't required (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). This in turn breaks links when trying to add connections to them (an example is the RoleArn
attribute of lambda functions.)
Several classes are responsible only for holding data and serializing/deserializing. These could be replaced with Pydantic and remove a significant amount of code as well as provide a check against mutability where appropriate.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.