diff --git a/ListCloudtrailsInMemberAccounts.yaml b/ListCloudtrailsInMemberAccounts.yaml new file mode 100644 index 0000000..76a87d1 --- /dev/null +++ b/ListCloudtrailsInMemberAccounts.yaml @@ -0,0 +1,105 @@ +schemaVersion: '0.3' +parameters: + ExecutionRole: + type: String +assumeRole: '{{ ExecutionRole }}' +mainSteps: + - name: GetParameter + action: aws:executeAwsApi + nextStep: ConvertInputToList + isEnd: false + inputs: + Service: ssm + Api: GetParameter + Name: some-parameter + outputs: + - Name: Accounts + Selector: $.Parameter.Value + Type: String + - name: ConvertInputToList + action: aws:executeScript + nextStep: Loop + isEnd: false + inputs: + Runtime: python3.11 + Handler: script_handler + InputPayload: + accounts: '{{ GetParameter.Accounts }}' + Script: | + def script_handler(events, context): + return events['accounts'].split(',') + outputs: + - Name: AccountList + Selector: $.Payload + Type: StringList + - name: Loop + action: aws:loop + isEnd: true + inputs: + Iterators: '{{ ConvertInputToList.AccountList }}' + IteratorDataType: StringList + Steps: + - name: ListTrails + action: aws:executeScript + isEnd: true + inputs: + Runtime: python3.11 + Handler: script_handler + InputPayload: + accountId: '{{Loop.CurrentIteratorValue}}' + Script: | + import boto3 + import botocore.exceptions + from botocore.exceptions import ClientError + + def assume_role(role_arn, role_session_name="CloudTrailSession"): + """ + Assume an IAM role and return boto3 session with temporary credentials + """ + sts_client = boto3.client('sts') + + try: + response = sts_client.assume_role( + RoleArn=role_arn, + RoleSessionName=role_session_name + ) + + credentials = response['Credentials'] + + return boto3.Session( + aws_access_key_id=credentials['AccessKeyId'], + aws_secret_access_key=credentials['SecretAccessKey'], + aws_session_token=credentials['SessionToken'] + ) + except ClientError as e: + print(f"Error assuming role: {e}") + return None + + def describe_cloudtrails(session): + """ + Describe all CloudTrail trails using the assumed role session + """ + try: + cloudtrail = session.client('cloudtrail') + response = cloudtrail.describe_trails() + + trails = response['trailList'] + if not trails: + print("No CloudTrail trails found.") + return + + for trail in trails: + print(f"ARN: {trail['TrailARN']}") + + except ClientError as e: + print(f"Error describing CloudTrails: {e}") + + def script_handler(events, context): + ROLE_ARN = f"arn:aws:iam::{events.get('accountId')[0]}:role/OrganizationReadOnlyRole" + session = assume_role(ROLE_ARN) + + if session: + describe_cloudtrails(session) + + return {"accountId": events.get('accountId')} + diff --git a/LoopWithCsv.yaml b/LoopWithCsv.yaml new file mode 100644 index 0000000..bff5ff5 --- /dev/null +++ b/LoopWithCsv.yaml @@ -0,0 +1,51 @@ +schemaVersion: '0.3' +mainSteps: + - name: GetParameter + action: aws:executeAwsApi + nextStep: ConvertInputToList + isEnd: false + # parameter contains comma separated ids (i.e. 111111111111,222222222222) + inputs: + Service: ssm + Api: GetParameter + Name: some-parameter + outputs: + - Name: Accounts + Selector: $.Parameter.Value + Type: String + # input needs to be transformed to a list of string in order to be used by aws:loop + - name: ConvertInputToList + action: aws:executeScript + nextStep: Loop + isEnd: false + inputs: + Runtime: python3.11 + Handler: script_handler + InputPayload: + accounts: '{{ GetParameter.Accounts }}' + Script: | + def script_handler(events, context): + return events['accounts'].split(',') + outputs: + - Name: AccountList + Selector: $.Payload + Type: StringList + - name: Loop + action: aws:loop + isEnd: true + inputs: + Iterators: '{{ ConvertInputToList.AccountList }}' + IteratorDataType: String + Steps: + - name: PrintInput + action: aws:executeScript + isEnd: true + inputs: + Runtime: python3.11 + Handler: script_handler + InputPayload: + accountId: '{{Loop.CurrentIteratorValue}}' + Script: | + def script_handler(events,context): + return {"accountId": events.get('accountId')} + diff --git a/OrgAccountsPrint.yaml b/OrgAccountsPrint.yaml new file mode 100644 index 0000000..31735bf --- /dev/null +++ b/OrgAccountsPrint.yaml @@ -0,0 +1,32 @@ +schemaVersion: '0.3' +mainSteps: + - name: ListAccounts + action: aws:executeAwsApi + nextStep: Loop + isEnd: false + inputs: + Service: organizations + Api: ListAccounts + outputs: + - Type: StringList + Name: Accounts + Selector: $.Accounts..Id + - name: Loop + action: aws:loop + isEnd: true + inputs: + Iterators: '{{ ListAccounts.Accounts }}' + IteratorDataType: StringList + Steps: + - name: PrintInput + action: aws:executeScript + isEnd: true + inputs: + Runtime: python3.11 + Handler: script_handler + InputPayload: + accountId: '{{Loop.CurrentIteratorValue}}' + Script: | + def script_handler(events,context): + return {"accountId": events.get('accountId')} +