def dryrun_s3

def dryrun_s3_logs()

in subfunctions/ALE_dryrun_multi.py [0:0]
52 lines of code
14 McCabe index (conditional complexity)

def dryrun_s3_logs(region_list, account_number, OrgAccountIdList):
    """Function to turn on Bucket Logs for Buckets"""
    for org_account in OrgAccountIdList:
        for aws_region in region_list:
            logging.info("Turning on Bucket Logging on in AWS Account " + org_account + " Buckets, in region " + aws_region + ".")
            sts = boto3.client('sts')
            RoleArn = 'arn:aws:iam::%s:role/Assisted_Log_Enabler_IAM_Role' % org_account
            logging.info('Assuming Target Role %s for Assisted Log Enabler...' % RoleArn)
            assisted_log_enabler_sts = sts.assume_role(
                RoleArn=RoleArn,
                RoleSessionName='assisted-log-enabler-activation',
                DurationSeconds=3600,
            )
            s3_ma = boto3.client(
            's3',
            aws_access_key_id=assisted_log_enabler_sts['Credentials']['AccessKeyId'],
            aws_secret_access_key=assisted_log_enabler_sts['Credentials']['SecretAccessKey'],
            aws_session_token=assisted_log_enabler_sts['Credentials']['SessionToken'],
            region_name=aws_region
            )
            try:
                S3List: list = []
                S3LogList: list = []
                logging.info("ListBuckets API Call")
                buckets = s3_ma.list_buckets()
                for bucket in buckets['Buckets']:
                    s3region=s3_ma.get_bucket_location(Bucket=bucket["Name"])['LocationConstraint']
                    if s3region == aws_region:
                        S3List.append(bucket["Name"])
                    elif s3region is None and aws_region == 'us-east-1':
                        S3List.append(bucket["Name"])
                if S3List != []:
                    logging.info("List of Buckets found within account " + org_account + ", region " + aws_region + ":")
                    print(S3List)
                    logging.info("Parsed out buckets created by Assisted Log Enabler for AWS in " + aws_region)
                    logging.info("Checking remaining buckets to see if logs were enabled by Assisted Log Enabler for AWS in " + aws_region)
                    logging.info("GetBucketLogging API Call")
                    for bucket in S3List:
                        if 'aws-log-collection-' + org_account + '-' + aws_region not in str(bucket):
                            s3temp=s3_ma.get_bucket_logging(Bucket=bucket)
                            if 'TargetBucket' not in str(s3temp):
                                S3LogList.append(bucket)
                    if S3LogList != []:
                        logging.info("List of Buckets found within account " + org_account + ", region " + aws_region + " WITHOUT S3 Bucket Logs:")
                        print(S3LogList)
                        for bucket in S3LogList:
                            logging.info(bucket + " does not have S3 BUCKET logging on. It will be turned on within this function.")
                    else:
                        logging.info("No S3 Bucket WITHOUT Logging enabled on account " + org_account + " region " + aws_region)
                else: 
                    logging.info("No S3 Buckets found within account " + org_account + ", region " + aws_region + ":")
            except Exception as exception_handle:
                logging.error(exception_handle)