Metadata-Version: 2.1
Name: aws_crawler
Version: 1.1.1
Summary: Crawl through AWS accounts in an organization using master assumed role.
Home-page: https://gitlab.com/fer1035_python/modules/pypi-aws_crawler
License: GPL-2.0-only
Keywords: AWS,crawler,accounts,organization
Author: Ahmad Ferdaus Abd Razak
Author-email: fer1035@gmail.com
Requires-Python: >=3.9,<4.0
Classifier: License :: OSI Approved :: GNU General Public License v2 (GPLv2)
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Dist: aws-authenticator (>=2022.10.1.3,<2023.0.0.0)
Requires-Dist: boto3 (>=1.17.78,<2.0.0)
Requires-Dist: multithreader (>=1.0.1,<2.0.0)
Project-URL: Repository, https://gitlab.com/fer1035_python/modules/pypi-aws_crawler
Description-Content-Type: text/x-rst

===============
**aws_crawler**
===============

Overview
--------

Crawl through AWS accounts in an organization using master assumed role. You can specify a comma-separated string of account IDs for specific accounts, an Organizational Unit ID to crawl through all accounts therein, or nothing to crawl through all active accounts in the organization.  

Crawling Precedence:

1. Specific accounts
2. Organizational Unit
3. All active accounts

Usage
-----

Installation:

.. code-block:: BASH

    pip3 install aws_crawler
    python3 -m pip install aws_crawler

Example:

- Get STS caller identities
- Also featuring (installed with aws_crawler):
   - `Automated authentication <https://pypi.org/project/aws-authenticator/>`_
   - `Multithreading <https://pypi.org/project/multithreader/>`_

.. code-block:: PYTHON

   import aws_crawler
   import boto3
   from multithreader import threads
   from aws_authenticator import AWSAuthenticator as awsauth
   from pprint import pprint as pp


   def get_caller_identity(
      account_id: str,
      items: dict
   ) -> dict:
      """Get AWS STS caller identities from accounts."""
      print(f'Working on {account_id}...')

      try:
         # Get auth credential for each account.
         credentials = aws_crawler.get_credentials(
               items['session'],
               f'arn:aws:iam::{account_id}:role/{items["assumed_role_name"]}',
               items['external_id']
         )

         # Get STS caller identity.
         client = boto3.client(
               'sts',
               aws_access_key_id=credentials['aws_access_key_id'],
               aws_secret_access_key=credentials['aws_secret_access_key'],
               aws_session_token=credentials['aws_session_token'],
               region_name=items['region']
         )
         response = client.get_caller_identity()['UserId']

      except Exception as e:
         response = str(e)

      # Return result.
      return {
         'account_id': account_id,
         'details': response
      }


   if __name__ == '__main__':
      # Login to AWS through SSO.
      auth = awsauth(
         sso_url='https://myorg.awsapps.com/start/#',
         sso_role_name='AWSViewOnlyAccess',
         sso_account_id='123456789012'
      )
      session = auth.sso()

      # # Create account list from comma-separated string of IDs.
      # account_ids = aws_crawler.create_account_list(
      #    session,
      #    '123456789012, 234567890123, 345678901234'
      # )
      # Get account list for an Organizational Unit.
      account_ids = aws_crawler.list_ou_accounts(
         session,
         'ou-abc123-asgh39'
      )
      # # Get active account list for the entire organization.
      # account_ids = aws_crawler.list_accounts(
      #    session
      # )

      # Execute task with multithreading.
      items = {
         'session': session,
         'assumed_role_name': 'MyOrgCrossAccountAccess',
         'external_id': 'lkasf987923ljkf2;lkjf298fj2',
         'region': 'us-east-1'
      }
      results = threads(
         get_caller_identity,
         account_ids,
         items,
         thread_num=5
      )

      # Print results.
      pp(results)

