Skip to content

Instantly share code, notes, and snippets.

@achantavy

achantavy/aws_access_key_fix_sketch.py

Created July 8, 2020 22:37
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save achantavy/ac2785cbd00ff9c9671d730cf48cb9e3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save achantavy/ac2785cbd00ff9c9671d730cf48cb9e3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
aws_access_key_fix_sketch.py
# Change [this](https://github.com/lyft/cartography/blob/4a60653d5f343c95867e198d8c43b05e049f35b4/cartography/intel/aws/iam.py#L625-L631)
# to this:
for name in usernames;
account_access_key = get_account_access_key_data(boto3_session, name)
load_user_access_keys(neo4j_session, account_access_key, aws_update_tag)
run_cleanup_job(
'aws_import_account_access_key_cleanup.json',
neo4j_session,
common_job_parameters,
)
# where
@timeit
def get_account_access_key_data(boto3_session, username):
data = {}
try:
client = boto3_session.client('iam')
# NOTE we can get away without using a paginator here because users are limited to two access keys
data = client.list_access_keys(UserName=username)
except NoSuchEntityException:
logger.warning("skipping ...")
return {}
return data
def load_user_access_keys(neo4j_session, user_access_keys, aws_update_tag):
# [snip]
for username, access_keys in user_access_keys.items():
for key in access_keys["AccessKeyMetadata"]:
if key.get('AccessKeyId'):
neo4j_session.run(
ingest_account_key,
UserName=username,
AccessKeyId=key['AccessKeyId'],
CreateDate=str(key['CreateDate']),
Status=key['Status'],
aws_update_tag=aws_update_tag,
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment