public ListAttachedUserPolicies ( ListAttachedUserPoliciesRequest request ) : ListAttachedUserPoliciesResponse | ||
request | ListAttachedUserPoliciesRequest | Container for the necessary parameters to execute the ListAttachedUserPolicies service method. |
리턴 | ListAttachedUserPoliciesResponse |
}//EndIamUserScan /// <summary> /// Given a profile and user, collect additional information. /// </summary> /// <param name="aprofile">An AWS Profile name stored in Windows Credential Store</param> /// <param name="auser">The Name of a User</param> /// <returns>Dictionary containing keys for each type of data[AccessKeys], [Groups], [Policies]</returns> public Dictionary<string, string> GetUserDetails(string aprofile, string username) { var credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile); var iam = new AmazonIdentityManagementServiceClient(credential); Dictionary<string, string> ToReturn = new Dictionary<string, string>(); string policylist = ""; string aklist = ""; string groups = ""; try { ListAccessKeysRequest LAKREQ = new ListAccessKeysRequest(); LAKREQ.UserName = username; var LAKRES = iam.ListAccessKeys(LAKREQ); foreach (var blivet in LAKRES.AccessKeyMetadata) { if (aklist.Length > 1) aklist += "\n"; aklist += blivet.AccessKeyId + " : " + blivet.Status; } } catch { aklist = ""; } try { ListAttachedUserPoliciesRequest LAUPREQ = new ListAttachedUserPoliciesRequest(); LAUPREQ.UserName = username; var LAUPRES = iam.ListAttachedUserPolicies(LAUPREQ); foreach (var apol in LAUPRES.AttachedPolicies) { if (policylist.Length > 1) policylist += "\n"; policylist += apol.PolicyName; } } catch { policylist = ""; } try { var groopsreq = new ListGroupsForUserRequest(); groopsreq.UserName = username; var LG = iam.ListGroupsForUser(groopsreq); foreach (var agroup in LG.Groups) { if (groups.Length > 1) groups += "\n"; groups += agroup.GroupName; } } catch { groups = ""; } ToReturn.Add("Groups", groups); ToReturn.Add("Policies", policylist); ToReturn.Add("AccessKeys", aklist); return ToReturn; }
public Dictionary<string, DataTable> ScanProfile(ScanRequest Request) { Dictionary<string, DataTable> ScanResults = new Dictionary<string, DataTable>(); DataTable UserDetailsTable = GetUsersDetailsTable(); DataTable EC2DetailsTable = GetEC2DetailsTable(); DataTable S3DetailsTable = GetS3DetailsTable(); string accountid = ""; Amazon.Runtime.AWSCredentials credential; var aprofile = Request.Profile; var regions2process = Request.Regions; var SubmitResults = Request.ResultQueue; try { credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile); //Try to get the AccountID ID// #region UserDetails var iam = new AmazonIdentityManagementServiceClient(credential); var myUserList = iam.ListUsers().Users; try { accountid = myUserList[0].Arn.Split(':')[4];//Get the ARN and extract the AccountID ID accountid = "ID: " + accountid;// Prefix added because Excel exsucks. } catch { accountid = "?"; } try // Send command to AWS to generate a Credential Report { var createcredreport = iam.GenerateCredentialReport(); } catch (Exception) { throw; } bool needreport = true; Amazon.IdentityManagement.Model.GetCredentialReportResponse credreport = new GetCredentialReportResponse(); DateTime getreportstart = DateTime.Now; DateTime getreportfinish = DateTime.Now; while (needreport) { try { credreport = iam.GetCredentialReport(); needreport = false; getreportfinish = DateTime.Now; var dif = getreportstart - getreportfinish; //Just a check on how long it takes. //Extract data from CSV Stream into DataTable var streambert = credreport.Content; streambert.Position = 0; StreamReader sr = new StreamReader(streambert); string myStringRow = sr.ReadLine(); if (myStringRow != null) myStringRow = sr.ReadLine();//Dump the header line while (myStringRow != null) { var arow = myStringRow.Split(",".ToCharArray()[0]); var newrow = new object[UserDetailsTable.Columns.Count]; newrow[0] = accountid; newrow[1] = aprofile; newrow[2] = ""; //UserID not in report. pull it later. newrow[3] = arow[0]; newrow[4] = arow[1]; newrow[5] = arow[2]; newrow[6] = arow[3]; newrow[7] = arow[4]; newrow[8] = arow[5]; newrow[9] = arow[6]; newrow[10] = arow[7]; newrow[11] = arow[8]; newrow[12] = arow[9]; newrow[13] = arow[10]; newrow[14] = arow[11]; newrow[15] = arow[12]; newrow[16] = arow[13]; newrow[17] = arow[14]; newrow[18] = arow[15]; newrow[19] = arow[16]; newrow[20] = arow[17]; newrow[21] = arow[18]; newrow[22] = arow[19]; newrow[23] = arow[20]; newrow[24] = arow[21]; RawUsers.Rows.Add(newrow); UserDetailsTable.Rows.Add(newrow); myStringRow = sr.ReadLine(); } sr.Close(); sr.Dispose(); } catch (Exception ex) { string test = ""; //Deal with this later if necessary. } } foreach (var auser in myUserList)//Fill in the userID. Why? because it exists. { string auserid = auser.UserId; string arn = auser.Arn; string username = auser.UserName; string policylist = ""; string aklist = ""; string groups = ""; ListAccessKeysRequest LAKREQ = new ListAccessKeysRequest(); LAKREQ.UserName = username; ListAccessKeysResult LAKRES = iam.ListAccessKeys(LAKREQ); foreach (var blivet in LAKRES.AccessKeyMetadata) { if (aklist.Length > 1) aklist += "\n"; aklist += blivet.AccessKeyId + " : " + blivet.Status; } ListAttachedUserPoliciesRequest LAUPREQ = new ListAttachedUserPoliciesRequest(); LAUPREQ.UserName = username; ListAttachedUserPoliciesResult LAUPRES = iam.ListAttachedUserPolicies(LAUPREQ); foreach (var apol in LAUPRES.AttachedPolicies) { if (policylist.Length > 1) policylist += "\n"; policylist += apol.PolicyName; } //Need to get policy and group info outta user var groopsreq = new ListGroupsForUserRequest(); groopsreq.UserName = username; ListGroupsForUserResult LG = iam.ListGroupsForUser(groopsreq); foreach (var agroup in LG.Groups) { if (groups.Length > 1) groups += "\n"; groups += agroup.GroupName; } foreach (DataRow myrow in UserDetailsTable.Rows) { if (myrow["ARN"].Equals(arn)) { myrow["UserID"] = auserid; myrow["User-Policies"] = policylist; myrow["Access-Keys"] = aklist; myrow["Groups"] = groups; } } } #endregion #region S3Details try { AmazonS3Client S3Client = new AmazonS3Client(credential,Amazon.RegionEndpoint.USEast1); ListBucketsResponse response = S3Client.ListBuckets(); foreach (S3Bucket abucket in response.Buckets) { DataRow abucketrow = GetS3DetailsTable().NewRow(); var name = abucket.BucketName; GetBucketLocationRequest gbr = new GetBucketLocationRequest(); gbr.BucketName=name; GetBucketLocationResponse location = S3Client.GetBucketLocation(gbr); var region = location.Location.Value; if (region.Equals(""))region="us-east-1"; var pointy = RegionEndpoint.GetBySystemName(region); //Build a config that references the buckets region. AmazonS3Config S3C = new AmazonS3Config(); S3C.RegionEndpoint=pointy; AmazonS3Client BS3Client = new AmazonS3Client(credential, S3C); var createddate = abucket.CreationDate; string owner = ""; string grants = ""; string tags = ""; string lastaccess = ""; string defaultpage = ""; string website = ""; //Now start pulling der einen data. GetACLRequest GACR = new GetACLRequest(); GACR.BucketName = name; var ACL = BS3Client.GetACL(GACR); var grantlist = ACL.AccessControlList; owner = grantlist.Owner.DisplayName; foreach (var agrant in grantlist.Grants) { if (grants.Length > 1) grants += "\n"; var gName = agrant.Grantee.DisplayName; var gType = agrant.Grantee.Type.Value; var aMail = agrant.Grantee.EmailAddress; if (gType.Equals("Group")) { grants += gType + " - " + agrant.Grantee.URI + " - " + agrant.Permission + " - " + aMail ; } else { grants += gName + " - "+ agrant.Permission + " - " + aMail; } } GetObjectMetadataRequest request = new GetObjectMetadataRequest(); request.BucketName = name; GetObjectMetadataResponse MDresponse = BS3Client.GetObjectMetadata(request); lastaccess = MDresponse.LastModified.ToString(); //defaultpage = MDresponse.WebsiteRedirectLocation; GetBucketWebsiteRequest GBWReq = new GetBucketWebsiteRequest(); GBWReq.BucketName = name; GetBucketWebsiteResponse GBWRes = BS3Client.GetBucketWebsite(GBWReq); defaultpage = GBWRes.WebsiteConfiguration.IndexDocumentSuffix; if (defaultpage != null) { website = @"http://" + name + @".s3-website-" + region + @".amazonaws.com/" + defaultpage; } //Amazon.S3.Model.req abucketrow["AccountID"] = accountid; abucketrow["Profile"] = aprofile; abucketrow["Bucket"] = name; abucketrow["Region"] = region; abucketrow["CreationDate"] = createddate.ToString(); abucketrow["LastAccess"] = lastaccess; abucketrow["Owner"] = owner; abucketrow["Grants"] = grants; abucketrow["WebsiteHosting"] = website; abucketrow["Logging"] = "X"; abucketrow["Events"] = "X"; abucketrow["Versioning"] = "X"; abucketrow["LifeCycle"] = "X"; abucketrow["Replication"] = "X"; abucketrow["Tags"] = "X"; abucketrow["RequesterPays"] = "X"; S3DetailsTable.Rows.Add(abucketrow.ItemArray); } } catch(Exception ex) { System.Windows.Forms.MessageBox.Show("S3 Failed!\n"+ex); } #endregion #region GetEC2Region ////////////////////////////////////////////////////////// //Foreach aregion foreach (var aregion in regions2process) { //Skip GovCloud and Beijing. They require special handling and I dont need em. if (aregion == Amazon.RegionEndpoint.USGovCloudWest1) continue; if (aregion == Amazon.RegionEndpoint.CNNorth1) continue; var region = aregion; regioncounter++; //Try to get scheduled events on my Profile/aregion var ec2 = AWSClientFactory.CreateAmazonEC2Client(credential, region); var request = new DescribeInstanceStatusRequest(); request.IncludeAllInstances = true; Dispatcher.Invoke(doupdatePbDelegate, System.Windows.Threading.DispatcherPriority.Background, new object[] { System.Windows.Controls.ProgressBar.ValueProperty, regioncounter }); var instatresponse = ec2.DescribeInstanceStatus(request); var indatarequest = new DescribeInstancesRequest(); foreach (var instat in instatresponse.InstanceStatuses) { indatarequest.InstanceIds.Add(instat.InstanceId); } DescribeInstancesResult DescResult = ec2.DescribeInstances(indatarequest); int count = instatresponse.InstanceStatuses.Count(); foreach (var instat in instatresponse.InstanceStatuses) { //Collect the datases string instanceid = instat.InstanceId; string instancename = ""; ProcessingLabel.Content = "Scanning -> Profile:" + aprofile + " Region: " + region + " Instance: " + instanceid; Dispatcher.Invoke(doupdatePbDelegate, System.Windows.Threading.DispatcherPriority.Background, new object[] { System.Windows.Controls.ProgressBar.ValueProperty, regioncounter }); var status = instat.Status.Status; string AZ = instat.AvailabilityZone; var istate = instat.InstanceState.Name; string profile = aprofile; string myregion = region.ToString(); int eventnumber = instat.Events.Count(); string eventlist = ""; var urtburgle = DescResult.Reservations; string tags = ""; // Holds the list of tags to print out. var loadtags = (from t in DescResult.Reservations where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].Tags).AsEnumerable(); Dictionary<string, string> taglist = new Dictionary<string, string>(); foreach (var rekey in loadtags) { foreach (var kvp in rekey) { taglist.Add(kvp.Key, kvp.Value); } } foreach (var atag in taglist)//Set instancename, and add value to combobox. { if (atag.Key.Equals("Name")) { instancename = atag.Value; } if (!TagFilterCombo.Items.Contains(atag.Key)) { TagFilterCombo.Items.Add(atag.Key); } if (tags.Length > 1) { tags += "\n" + atag.Key + ":" + atag.Value; } else { tags += atag.Key + ":" + atag.Value; } } if (eventnumber > 0) { foreach (var anevent in instat.Events) { eventlist += anevent.Description + "\n"; } } var platform = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].Platform).FirstOrDefault(); if (String.IsNullOrEmpty(platform)) platform = "Linux"; var Priv_IP = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].PrivateIpAddress).FirstOrDefault(); if (String.IsNullOrEmpty(Priv_IP)) Priv_IP = "?"; var publicIP = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].PublicIpAddress).FirstOrDefault(); if (String.IsNullOrEmpty(publicIP)) publicIP = ""; var publicDNS = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].PublicDnsName).FirstOrDefault(); if (String.IsNullOrEmpty(publicDNS)) publicDNS = ""; //Virtualization type (HVM, Paravirtual) var ivirtType = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].VirtualizationType).FirstOrDefault(); if (String.IsNullOrEmpty(ivirtType)) ivirtType = "?"; // InstanceType (m3/Large etc) var instancetype = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].InstanceType).FirstOrDefault(); if (String.IsNullOrEmpty(instancetype)) instancetype = "?"; var SGs = (from t in urtburgle where t.Instances[0].InstanceId.Equals(instanceid) select t.Instances[0].SecurityGroups); string sglist = ""; if (SGs.Count() > 0) { foreach (var ansg in SGs.FirstOrDefault()) { if (sglist.Length > 2) { sglist += "\n"; } sglist += ansg.GroupName; } } else { sglist = "_NONE!_"; } //Add to table if (String.IsNullOrEmpty(sglist)) sglist = "NullOrEmpty"; if (String.IsNullOrEmpty(instancename)) instancename = ""; string rabbit = accountid + profile + myregion + instancename + instanceid + AZ + status + eventnumber + eventlist + tags + Priv_IP + publicIP + publicDNS + istate + ivirtType + instancetype + sglist; if(instancename.Contains("p1-job")) { string yup = "y"; } EC2DetailsTable.Rows.Add(accountid, profile, myregion, instancename, instanceid, AZ, platform, status, eventnumber, eventlist, tags, Priv_IP, publicIP, publicDNS, istate, ivirtType, instancetype, sglist); } } #endregion ScanResults.Add("EC2", EC2DetailsTable); ScanResults.Add("Users", UserDetailsTable); ScanResults.Add("S3", S3DetailsTable); return ScanResults; } catch (Exception ex) { //If we failed to connect with creds. string error = new string(ex.ToString().TakeWhile(c => c != '\n').ToArray()); System.Windows.MessageBox.Show(error, Request.Profile.ToString() + " credentials failed to work.\n"); //Try to flag the menu item so it no longer selectable, and maybe make she red. System.Windows.Controls.MenuItem Proot = (System.Windows.Controls.MenuItem)this.MainMenu.Items[1]; foreach (System.Windows.Controls.MenuItem amenuitem in Proot.Items) { if (amenuitem.Header.ToString() == aprofile.ToString()) { amenuitem.IsCheckable = false; amenuitem.IsChecked = false; amenuitem.Background = Brushes.Red; amenuitem.ToolTip = Request.Profile.ToString() + " credentials failed to work.\n"; } } ScanResults.Add("EC2", GetEC2DetailsTable()); ScanResults.Add("Users", GetUsersDetailsTable()); ScanResults.Add("S3", GetS3DetailsTable()); return ScanResults; } }