def get_account_list()

in src/securityhub_enabler.py [0:0]

• 26 lines of code
• 9 McCabe index (conditional complexity)

def get_account_list():
    """
    Gets a list of Active AWS Accounts in the Organization.
    This is called if the function is not executed by an SNS trigger and
    used to periodically ensure all accounts are correctly configured, and
    prevent gaps in security from activities like new regions being added and
    SecurityHub being disabled while respecting OU filters.
    """
    aws_accounts_dict = dict()

    # Get List of Accounts in AWS Organization
    org_client = session.client('organizations', region_name='us-east-1')
    accounts = org_client.list_accounts()
    LOGGER.info(f"AWS Organizations Accounts: {accounts}")
    ct_only = False
    if os.environ['ou_filter'] == 'ControlTower':
        ct_only = True
    while 'NextToken' in accounts:
        more_accounts = org_client.list_accounts(NextToken=accounts['NextToken'])
        for acct in accounts['Accounts']:
            more_accounts['Accounts'].append(acct)
        accounts = more_accounts
    LOGGER.debug(f"Accounts: {accounts}")
    LOGGER.info('Total accounts: {}'.format(len(accounts['Accounts'])))
    for account in accounts['Accounts']:
        ct_account = False
        if ct_only:
            ct_account = is_ct_account(account['Id'], org_client=org_client)
        # Store Accounts Matching ou filter for active accounts in a dict
        if ct_account == ct_only and account['Status'] == 'ACTIVE':
            account_id = account['Id']
            email = account['Email']
            aws_accounts_dict.update({account_id: email})
    LOGGER.info('Active accounts count: %s, Active accounts: %s' % (
        len(aws_accounts_dict.keys()), json.dumps(aws_accounts_dict)))
    return aws_accounts_dict