lambda/guardduty_to_acl_lambda.py [187:212]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - response = table.query( KeyConditionExpression=Key('NetACLId').eq(netacl_id) ) # Get all the entries for NACL naclentries = response['Items'] # Find oldest rule and available rule numbers from 71-80 if naclentries: rulecount = response['Count'] rulerange = list(range(71, 81)) ddbrulerange = [] naclrulerange = get_nacl_rules(netacl_id) for i in naclentries: ddbrulerange.append(int(i['RuleNo'])) # Check state and exit if NACL rule not in sync with DDB ddbrulerange.sort() naclrulerange.sort() synccheck = set(naclrulerange).symmetric_difference(ddbrulerange) if ddbrulerange != naclrulerange: logger.info("log -- current DDB entries, %s." % (ddbrulerange)) logger.info("log -- current NACL entries, %s." % (naclrulerange)) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - scripts/gd2acl-sync-check.py [133:158]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - response = table.query( KeyConditionExpression=Key('NetACLId').eq(netacl_id) ) # Get all the entries for NACL naclentries = response['Items'] # Get the range and check the state if naclentries: rulecount = response['Count'] rulerange = list(range(71, 81)) ddbrulerange = [] naclrulerange = get_nacl_rules(netacl_id) for i in naclentries: ddbrulerange.append(int(i['RuleNo'])) ddbrulerange.sort() naclrulerange.sort() synccheck = set(naclrulerange).symmetric_difference(ddbrulerange) if ddbrulerange != naclrulerange: logger.info("log -- current DDB entries, %s." % (ddbrulerange)) logger.info("log -- current NACL entries, %s." % (naclrulerange)) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -