| public ListAccessKeys ( ) : ListAccessKeysResponse | ||
| return | ListAccessKeysResponse | |
public static void DeleteAccessKeysForUser(AmazonIdentityManagementServiceClient client, string username)
{
ListAccessKeysResponse response = client.ListAccessKeys(new ListAccessKeysRequest() { UserName = username });
foreach (AccessKeyMetadata akm in response.AccessKeyMetadata)
{
client.DeleteAccessKey(new DeleteAccessKeyRequest() { UserName = username, AccessKeyId = akm.AccessKeyId });
}
}
}//EndIamUserScan
/// <summary>
/// Given a profile and user, collect additional information.
/// </summary>
/// <param name="aprofile">An AWS Profile name stored in Windows Credential Store</param>
/// <param name="auser">The Name of a User</param>
/// <returns>Dictionary containing keys for each type of data[AccessKeys], [Groups], [Policies]</returns>
public Dictionary<string, string> GetUserDetails(string aprofile, string username)
{
var credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile);
var iam = new AmazonIdentityManagementServiceClient(credential);
Dictionary<string, string> ToReturn = new Dictionary<string, string>();
string policylist = "";
string aklist = "";
string groups = "";
try
{
ListAccessKeysRequest LAKREQ = new ListAccessKeysRequest();
LAKREQ.UserName = username;
var LAKRES = iam.ListAccessKeys(LAKREQ);
foreach (var blivet in LAKRES.AccessKeyMetadata)
{
if (aklist.Length > 1) aklist += "\n";
aklist += blivet.AccessKeyId + " : " + blivet.Status;
}
}
catch { aklist = ""; }
try
{
ListAttachedUserPoliciesRequest LAUPREQ = new ListAttachedUserPoliciesRequest();
LAUPREQ.UserName = username;
var LAUPRES = iam.ListAttachedUserPolicies(LAUPREQ);
foreach (var apol in LAUPRES.AttachedPolicies)
{
if (policylist.Length > 1) policylist += "\n";
policylist += apol.PolicyName;
}
}
catch { policylist = ""; }
try
{
var groopsreq = new ListGroupsForUserRequest();
groopsreq.UserName = username;
var LG = iam.ListGroupsForUser(groopsreq);
foreach (var agroup in LG.Groups)
{
if (groups.Length > 1) groups += "\n";
groups += agroup.GroupName;
}
}
catch { groups = ""; }
ToReturn.Add("Groups", groups);
ToReturn.Add("Policies", policylist);
ToReturn.Add("AccessKeys", aklist);
return ToReturn;
}
public Dictionary<string, DataTable> ScanProfile(ScanRequest Request)
{
Dictionary<string, DataTable> ScanResults = new Dictionary<string, DataTable>();
DataTable UserDetailsTable = GetUsersDetailsTable();
DataTable EC2DetailsTable = GetEC2DetailsTable();
DataTable S3DetailsTable = GetS3DetailsTable();
string accountid = "";
Amazon.Runtime.AWSCredentials credential;
var aprofile = Request.Profile;
var regions2process = Request.Regions;
var SubmitResults = Request.ResultQueue;
try
{
credential = new Amazon.Runtime.StoredProfileAWSCredentials(aprofile);
//Try to get the AccountID ID//
#region UserDetails
var iam = new AmazonIdentityManagementServiceClient(credential);
var myUserList = iam.ListUsers().Users;
try
{
accountid = myUserList[0].Arn.Split(':')[4];//Get the ARN and extract the AccountID ID
accountid = "ID: " + accountid;// Prefix added because Excel exsucks.
}
catch
{
accountid = "?";
}
try // Send command to AWS to generate a Credential Report
{ var createcredreport = iam.GenerateCredentialReport(); }
catch (Exception)
{ throw; }
bool needreport = true;
Amazon.IdentityManagement.Model.GetCredentialReportResponse credreport = new GetCredentialReportResponse();
DateTime getreportstart = DateTime.Now;
DateTime getreportfinish = DateTime.Now;
while (needreport)
{
try
{
credreport = iam.GetCredentialReport();
needreport = false;
getreportfinish = DateTime.Now;
var dif = getreportstart - getreportfinish; //Just a check on how long it takes.
//Extract data from CSV Stream into DataTable
var streambert = credreport.Content;
streambert.Position = 0;
StreamReader sr = new StreamReader(streambert);
string myStringRow = sr.ReadLine();
if (myStringRow != null) myStringRow = sr.ReadLine();//Dump the header line
while (myStringRow != null)
{
var arow = myStringRow.Split(",".ToCharArray()[0]);
var newrow = new object[UserDetailsTable.Columns.Count];
newrow[0] = accountid;
newrow[1] = aprofile;
newrow[2] = ""; //UserID not in report. pull it later.
newrow[3] = arow[0];
newrow[4] = arow[1];
newrow[5] = arow[2];
newrow[6] = arow[3];
newrow[7] = arow[4];
newrow[8] = arow[5];
newrow[9] = arow[6];
newrow[10] = arow[7];
newrow[11] = arow[8];
newrow[12] = arow[9];
newrow[13] = arow[10];
newrow[14] = arow[11];
newrow[15] = arow[12];
newrow[16] = arow[13];
newrow[17] = arow[14];
newrow[18] = arow[15];
newrow[19] = arow[16];
newrow[20] = arow[17];
newrow[21] = arow[18];
newrow[22] = arow[19];
newrow[23] = arow[20];
newrow[24] = arow[21];
RawUsers.Rows.Add(newrow);
UserDetailsTable.Rows.Add(newrow);
myStringRow = sr.ReadLine();
}
sr.Close();
sr.Dispose();
}
catch (Exception ex)
{
string test = "";
//Deal with this later if necessary.
}
}
foreach (var auser in myUserList)//Fill in the userID. Why? because it exists.
{
string auserid = auser.UserId;
string arn = auser.Arn;
string username = auser.UserName;
string policylist = "";
string aklist = "";
string groups = "";
ListAccessKeysRequest LAKREQ = new ListAccessKeysRequest();
LAKREQ.UserName = username;
ListAccessKeysResult LAKRES = iam.ListAccessKeys(LAKREQ);
foreach (var blivet in LAKRES.AccessKeyMetadata)
{
if (aklist.Length > 1) aklist += "\n";
aklist += blivet.AccessKeyId + " : " + blivet.Status;
}
ListAttachedUserPoliciesRequest LAUPREQ = new ListAttachedUserPoliciesRequest();
LAUPREQ.UserName = username;
ListAttachedUserPoliciesResult LAUPRES = iam.ListAttachedUserPolicies(LAUPREQ);
foreach (var apol in LAUPRES.AttachedPolicies)
{
if (policylist.Length > 1) policylist += "\n";
policylist += apol.PolicyName;
}
//Need to get policy and group info outta user
var groopsreq = new ListGroupsForUserRequest();
groopsreq.UserName = username;
ListGroupsForUserResult LG = iam.ListGroupsForUser(groopsreq);
foreach (var agroup in LG.Groups)
{
if (groups.Length > 1) groups += "\n";
groups += agroup.GroupName;
}
foreach (DataRow myrow in UserDetailsTable.Rows)
{
if (myrow["ARN"].Equals(arn))
{
myrow["UserID"] = auserid;
myrow["User-Policies"] = policylist;
myrow["Access-Keys"] = aklist;
myrow["Groups"] = groups;
}
}
}
#endregion
#region S3Details
try {
AmazonS3Client S3Client = new AmazonS3Client(credential,Amazon.RegionEndpoint.USEast1);
ListBucketsResponse response = S3Client.ListBuckets();
foreach (S3Bucket abucket in response.Buckets)
{
DataRow abucketrow = GetS3DetailsTable().NewRow();
var name = abucket.BucketName;
GetBucketLocationRequest gbr = new GetBucketLocationRequest();
gbr.BucketName=name;
GetBucketLocationResponse location = S3Client.GetBucketLocation(gbr);
var region = location.Location.Value;
if (region.Equals(""))region="us-east-1";
var pointy = RegionEndpoint.GetBySystemName(region);
//Build a config that references the buckets region.
AmazonS3Config S3C = new AmazonS3Config();
S3C.RegionEndpoint=pointy;
AmazonS3Client BS3Client = new AmazonS3Client(credential, S3C);
var createddate = abucket.CreationDate;
string owner = "";
string grants = "";
string tags = "";
string lastaccess = "";
string defaultpage = "";
string website = "";
//Now start pulling der einen data.
GetACLRequest GACR = new GetACLRequest();
GACR.BucketName = name;
var ACL = BS3Client.GetACL(GACR);
var grantlist = ACL.AccessControlList;
owner = grantlist.Owner.DisplayName;
foreach (var agrant in grantlist.Grants)
{
if (grants.Length > 1) grants += "\n";
var gName = agrant.Grantee.DisplayName;
var gType = agrant.Grantee.Type.Value;
var aMail = agrant.Grantee.EmailAddress;
if (gType.Equals("Group"))
{
grants += gType + " - " + agrant.Grantee.URI + " - " + agrant.Permission + " - " + aMail ;
}
else
{
grants += gName + " - "+ agrant.Permission + " - " + aMail;
}
}
GetObjectMetadataRequest request = new GetObjectMetadataRequest();
request.BucketName = name;
GetObjectMetadataResponse MDresponse = BS3Client.GetObjectMetadata(request);
lastaccess = MDresponse.LastModified.ToString();
//defaultpage = MDresponse.WebsiteRedirectLocation;
GetBucketWebsiteRequest GBWReq = new GetBucketWebsiteRequest();
GBWReq.BucketName = name;
GetBucketWebsiteResponse GBWRes = BS3Client.GetBucketWebsite(GBWReq);
defaultpage = GBWRes.WebsiteConfiguration.IndexDocumentSuffix;
if (defaultpage != null)
{
website = @"http://" + name + @".s3-website-" + region + @".amazonaws.com/" + defaultpage;
}
//Amazon.S3.Model.req
abucketrow["AccountID"] = accountid;
abucketrow["Profile"] = aprofile;
abucketrow["Bucket"] = name;
abucketrow["Region"] = region;
abucketrow["CreationDate"] = createddate.ToString();
abucketrow["LastAccess"] = lastaccess;
abucketrow["Owner"] = owner;
abucketrow["Grants"] = grants;
abucketrow["WebsiteHosting"] = website;
abucketrow["Logging"] = "X";
abucketrow["Events"] = "X";
abucketrow["Versioning"] = "X";
abucketrow["LifeCycle"] = "X";
abucketrow["Replication"] = "X";
abucketrow["Tags"] = "X";
abucketrow["RequesterPays"] = "X";
S3DetailsTable.Rows.Add(abucketrow.ItemArray);
}
}
catch(Exception ex)
{
System.Windows.Forms.MessageBox.Show("S3 Failed!\n"+ex);
}
#endregion
#region GetEC2Region
//////////////////////////////////////////////////////////
//Foreach aregion
foreach (var aregion in regions2process)
{
//Skip GovCloud and Beijing. They require special handling and I dont need em.
if (aregion == Amazon.RegionEndpoint.USGovCloudWest1) continue;
if (aregion == Amazon.RegionEndpoint.CNNorth1) continue;
var region = aregion;
regioncounter++;
//Try to get scheduled events on my Profile/aregion
var ec2 = AWSClientFactory.CreateAmazonEC2Client(credential, region);
var request = new DescribeInstanceStatusRequest();
request.IncludeAllInstances = true;
Dispatcher.Invoke(doupdatePbDelegate,
System.Windows.Threading.DispatcherPriority.Background,
new object[] { System.Windows.Controls.ProgressBar.ValueProperty, regioncounter });
var instatresponse = ec2.DescribeInstanceStatus(request);
var indatarequest = new DescribeInstancesRequest();
foreach (var instat in instatresponse.InstanceStatuses)
{
indatarequest.InstanceIds.Add(instat.InstanceId);
}
DescribeInstancesResult DescResult = ec2.DescribeInstances(indatarequest);
int count = instatresponse.InstanceStatuses.Count();
foreach (var instat in instatresponse.InstanceStatuses)
{
//Collect the datases
string instanceid = instat.InstanceId;
string instancename = "";
ProcessingLabel.Content = "Scanning -> Profile:" + aprofile + " Region: " + region + " Instance: " + instanceid;
Dispatcher.Invoke(doupdatePbDelegate,
System.Windows.Threading.DispatcherPriority.Background,
new object[] { System.Windows.Controls.ProgressBar.ValueProperty, regioncounter });
var status = instat.Status.Status;
string AZ = instat.AvailabilityZone;
var istate = instat.InstanceState.Name;
string profile = aprofile;
string myregion = region.ToString();
int eventnumber = instat.Events.Count();
string eventlist = "";
var urtburgle = DescResult.Reservations;
string tags = ""; // Holds the list of tags to print out.
var loadtags = (from t in DescResult.Reservations
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].Tags).AsEnumerable();
Dictionary<string, string> taglist = new Dictionary<string, string>();
foreach (var rekey in loadtags)
{
foreach (var kvp in rekey)
{
taglist.Add(kvp.Key, kvp.Value);
}
}
foreach (var atag in taglist)//Set instancename, and add value to combobox.
{
if (atag.Key.Equals("Name"))
{
instancename = atag.Value;
}
if (!TagFilterCombo.Items.Contains(atag.Key))
{
TagFilterCombo.Items.Add(atag.Key);
}
if (tags.Length > 1)
{
tags += "\n" + atag.Key + ":" + atag.Value;
}
else
{
tags += atag.Key + ":" + atag.Value;
}
}
if (eventnumber > 0)
{
foreach (var anevent in instat.Events)
{
eventlist += anevent.Description + "\n";
}
}
var platform = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].Platform).FirstOrDefault();
if (String.IsNullOrEmpty(platform)) platform = "Linux";
var Priv_IP = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].PrivateIpAddress).FirstOrDefault();
if (String.IsNullOrEmpty(Priv_IP)) Priv_IP = "?";
var publicIP = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].PublicIpAddress).FirstOrDefault();
if (String.IsNullOrEmpty(publicIP)) publicIP = "";
var publicDNS = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].PublicDnsName).FirstOrDefault();
if (String.IsNullOrEmpty(publicDNS)) publicDNS = "";
//Virtualization type (HVM, Paravirtual)
var ivirtType = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].VirtualizationType).FirstOrDefault();
if (String.IsNullOrEmpty(ivirtType)) ivirtType = "?";
// InstanceType (m3/Large etc)
var instancetype = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].InstanceType).FirstOrDefault();
if (String.IsNullOrEmpty(instancetype)) instancetype = "?";
var SGs = (from t in urtburgle
where t.Instances[0].InstanceId.Equals(instanceid)
select t.Instances[0].SecurityGroups);
string sglist = "";
if (SGs.Count() > 0)
{
foreach (var ansg in SGs.FirstOrDefault())
{
if (sglist.Length > 2) { sglist += "\n"; }
sglist += ansg.GroupName;
}
}
else
{
sglist = "_NONE!_";
}
//Add to table
if (String.IsNullOrEmpty(sglist)) sglist = "NullOrEmpty";
if (String.IsNullOrEmpty(instancename)) instancename = "";
string rabbit = accountid + profile + myregion + instancename + instanceid + AZ + status + eventnumber + eventlist + tags + Priv_IP + publicIP + publicDNS + istate + ivirtType + instancetype + sglist;
if(instancename.Contains("p1-job"))
{
string yup = "y";
}
EC2DetailsTable.Rows.Add(accountid, profile, myregion, instancename, instanceid, AZ, platform, status, eventnumber, eventlist, tags, Priv_IP, publicIP, publicDNS, istate, ivirtType, instancetype, sglist);
}
}
#endregion
ScanResults.Add("EC2", EC2DetailsTable);
ScanResults.Add("Users", UserDetailsTable);
ScanResults.Add("S3", S3DetailsTable);
return ScanResults;
}
catch (Exception ex)
{
//If we failed to connect with creds.
string error = new string(ex.ToString().TakeWhile(c => c != '\n').ToArray());
System.Windows.MessageBox.Show(error, Request.Profile.ToString() + " credentials failed to work.\n");
//Try to flag the menu item so it no longer selectable, and maybe make she red.
System.Windows.Controls.MenuItem Proot = (System.Windows.Controls.MenuItem)this.MainMenu.Items[1];
foreach (System.Windows.Controls.MenuItem amenuitem in Proot.Items)
{
if (amenuitem.Header.ToString() == aprofile.ToString())
{
amenuitem.IsCheckable = false;
amenuitem.IsChecked = false;
amenuitem.Background = Brushes.Red;
amenuitem.ToolTip = Request.Profile.ToString() + " credentials failed to work.\n";
}
}
ScanResults.Add("EC2", GetEC2DetailsTable());
ScanResults.Add("Users", GetUsersDetailsTable());
ScanResults.Add("S3", GetS3DetailsTable());
return ScanResults;
}
}
