It is very import me to track all the resources created for my client is always compliance with the IT security policy . Most of my clients are prefer to have AWS volume encryption as mandatory but to track it in large environment is an challenge. Also aws volume api support 100 volumes in describe instance api . So its difficult for a system admin to track the AWS volume resource in a larger environment . So i deicide to create an python lambda script which will check the existing volumes attach with the instacnes and send an automated email of the volumes attached with the instacnes .
Lambda Script:
import os
import json
import boto3
import datetime
import sys
import time
from time import gmtime, strftime
import csv
from email import encoders
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.application import MIMEApplication
from email.mime.base import MIMEBase
from botocore.exceptions import ClientError
ses = boto3.client('ses',region_name=regionName) [Your AWS region name]
regionFromCopy='ap-south-1' [Your AWS region Name]
s3 = boto3.resource('s3',region_name='ap-south-1') [Your AWS region Name]
#create object for ami.
clientEc2 = boto3.client('ec2',region_name=regionFromCopy)
csvfile= open('/tmp/volume_report.csv', 'w')
writer = csv.writer(csvfile)
inst_name=[]
writer.writerow([
'Instance ID',
'Private IP Address',
'Instance Type',
'Instance State',
'Instance SG',
'Volume ID',
'Availability Zone',
'Device mount Point',
'Encryption State',
'Volumetype',
'Createtime',
'size',
'Instance Name'])
try:
regionFromCopy='ap-south-1' [Your AWS region Name]
#create object for ami.
clientEc2 = boto3.client('ec2',region_name=regionFromCopy)
# use below If you need for specific environment based on tagging
#reservations = clientEc2.describe_instances(Filters = [{'Name': 'tag:Environment' ,'Values': ["Devolopment"]}])
reservations = clientEc2.describe_instances()
#print reservations
instances = [i for r in reservations['Reservations'] for i in r['Instances']]
#generate date for the ami name.
todaysDate = datetime.date.today()
InstanceName=''
for instance in instances:
InstanceID = instance['InstanceId']
print (InstanceID)
PriveIP = instance['PrivateIpAddress']
print (PriveIP)
instancetype = instance['InstanceType']
print (instancetype)
launchtime = instance['LaunchTime']
print (launchtime)
instancestate = instance['State']['Name']
print (instancestate)
instanceSG = instance['SecurityGroups']
print (instanceSG)
instacneSubnet = instance['SubnetId']
print (instacneSubnet)
blockdevice = instance['BlockDeviceMappings']
#print blockdevice
for tag in instance['Tags']:
if tag['Key'] == "Name":
instanceName = tag['Value']
print (instanceName)
#for tag in instance['Tags']:
# if tag['Key'] == "Application":
# applicationName = tag['Value']
# print applicationName
for block in blockdevice:
ebsdrive = block['Ebs']
print (ebsdrive['VolumeId'])
vol = ebsdrive['VolumeId']
volumedit = clientEc2.describe_volumes(VolumeIds= [str(vol)])
#print volumedit
Availabilityzone= ''
Availabilityzone=volumedit['Volumes'][0]['AvailabilityZone']
print (Availabilityzone)
attachments= ''
attachments=volumedit['Volumes'][0]['Attachments']
print (attachments)
for item in attachments:
deviceID = (item["Device"] )
print (deviceID)
encrypted= ''
encrypted=volumedit['Volumes'][0]['Encrypted']
print (encrypted)
Volumetype=''
Volumetype=volumedit['Volumes'][0]['VolumeType']
print (Volumetype)
Volumeid= ''
Volumeid=volumedit['Volumes'][0]['VolumeType']
print (Volumeid)
Createtime= ''
Createtime=volumedit['Volumes'][0]['CreateTime']
print (Createtime)
size= ''
size=volumedit['Volumes'][0]['Size']
print (size)
writer.writerow([InstanceID,PriveIP,instancetype,instancestate,instacneSubnet,vol,Availabilityzone,deviceID,encrypted,Volumetype,Createtime,size,instanceName])
except Exception as e:
print("Some error occured in lambda_handler" + '\n' + str(e))
csvfile.close()
print (len(inst_name))
def lambda_handler(event, context):
date_fmt = strftime("%Y_%m_%d", gmtime())
#Give your file path
filepath ='/tmp/volume_report.csv'
#filename ='report_Ireland'
#Give your filename
mail("Source mail ID","Recipient mail ID","Volume Notification","PFA The Volume resource on AWS Region.",filepath)
#s3.Object('client-ami-report', filename+'_'+str(date_fmt)+'.csv').put(Body=open(filepath, 'rb'))
def mail(fromAddress,toAddress, subject, text, attach):
#Multiple recipients could be there
###################################################################
if(toAddress.find(',') > 1) :
toAddress = toAddress.split(',')
else :
toAddress = list(toAddress.split())
###################################################################
CHARSET = "UTF-8"
msg = MIMEMultipart('alternative')
msg['From'] = fromAddress
msg['To'] = ','.join(toAddress)
msg['Subject'] = subject
text = MIMEText(text.encode(CHARSET), 'html', CHARSET)
msg.attach(text)
if(attach != None) :
part = MIMEBase('application', 'octet-stream')
part.set_payload(open(attach, 'rb').read())
encoders.encode_base64(part)
part.add_header('Content-Disposition','attachment; filename="%s"' % os.path.basename(attach))
msg.attach(part)
try:
response = ses.send_raw_email(
Source=fromAddress,
Destinations=toAddress,
RawMessage={
'Data':msg.as_string(),
},
)
except Exception as e:
print("Some Error has occured stating " + str(e))
else:
print("Email sent! Message ID: %s" % response['MessageId'])
No comments:
Post a Comment