def dryrun_route_53_query

def dryrun_route_53_query_logs()

in subfunctions/ALE_dryrun_multi.py [0:0]
46 lines of code
7 McCabe index (conditional complexity)

def dryrun_route_53_query_logs(region_list, account_number, OrgAccountIdList):
    """Function to turn on Route 53 Query Logs for VPCs"""
    for org_account in OrgAccountIdList:
        for aws_region in region_list:
            logging.info("Checking Route 53 Query Logging on in AWS Account " + org_account + " VPCs, in region " + aws_region + ".")
            sts = boto3.client('sts')
            RoleArn = 'arn:aws:iam::%s:role/Assisted_Log_Enabler_IAM_Role' % org_account
            logging.info('Assuming Target Role %s for Assisted Log Enabler...' % RoleArn)
            assisted_log_enabler_sts = sts.assume_role(
                RoleArn=RoleArn,
                RoleSessionName='assisted-log-enabler-activation',
                DurationSeconds=3600,
            )
            ec2_ma = boto3.client(
            'ec2',
            aws_access_key_id=assisted_log_enabler_sts['Credentials']['AccessKeyId'],
            aws_secret_access_key=assisted_log_enabler_sts['Credentials']['SecretAccessKey'],
            aws_session_token=assisted_log_enabler_sts['Credentials']['SessionToken'],
            region_name=aws_region
            )
            route53resolver_ma = boto3.client(
            'route53resolver',
            aws_access_key_id=assisted_log_enabler_sts['Credentials']['AccessKeyId'],
            aws_secret_access_key=assisted_log_enabler_sts['Credentials']['SecretAccessKey'],
            aws_session_token=assisted_log_enabler_sts['Credentials']['SessionToken'],
            region_name=aws_region
            )
            try:
                VPCList: list = []
                QueryLogList: list = []
                logging.info("DescribeVpcs API Call")
                vpcs = ec2_ma.describe_vpcs()
                for vpc_id in vpcs["Vpcs"]:
                    VPCList.append(vpc_id["VpcId"])
                logging.info("List of VPCs found within account " + org_account + ", region " + aws_region + ":")
                print(VPCList)
                logging.info("ListResolverQueryLogConfigAssociations API Call")
                query_log_details = route53resolver_ma.list_resolver_query_log_config_associations()
                for query_log_vpc_id in query_log_details['ResolverQueryLogConfigAssociations']:
                    QueryLogList.append(query_log_vpc_id['ResourceId'])
                r53_working_list = (list(set(VPCList) - set(QueryLogList)))
                logging.info("List of VPCs found within account " + org_account + ", region " + aws_region + " WITHOUT Route 53 Query Logs:")
                print(r53_working_list)
                for no_query_logs in r53_working_list:
                    logging.info(no_query_logs + " does not have Route 53 Query logging on. Running Assisted Log Enabler for AWS will turn this on.")
            except Exception as exception_handle:
                logging.error(exception_handle)