in subfunctions/ALE_dryrun_multi.py [0:0]
def dryrun_flow_log_activator(account_number, OrgAccountIdList, region_list):
"""Function to define the list of VPCs without logging turned on"""
logging.info("Creating a list of VPCs without Flow Logs on.")
for org_account in OrgAccountIdList:
for aws_region in region_list:
sts = boto3.client('sts')
RoleArn = 'arn:aws:iam::%s:role/Assisted_Log_Enabler_IAM_Role' % org_account
logging.info('Assuming Target Role %s for Assisted Log Enabler...' % RoleArn)
assisted_log_enabler_sts = sts.assume_role(
RoleArn=RoleArn,
RoleSessionName='assisted-log-enabler-activation',
DurationSeconds=3600,
)
ec2_ma = boto3.client(
'ec2',
aws_access_key_id=assisted_log_enabler_sts['Credentials']['AccessKeyId'],
aws_secret_access_key=assisted_log_enabler_sts['Credentials']['SecretAccessKey'],
aws_session_token=assisted_log_enabler_sts['Credentials']['SessionToken'],
region_name=aws_region
)
logging.info("Creating a list of VPCs without Flow Logs on in region " + aws_region + ".")
try:
VPCList: list = []
FlowLogList: list = []
logging.info("DescribeVpcs API Call")
vpcs = ec2_ma.describe_vpcs()
for vpc_id in vpcs["Vpcs"]:
VPCList.append(vpc_id["VpcId"])
logging.info("List of VPCs found within account " + org_account + ", region " + aws_region + ":")
print(VPCList)
logging.info("DescribeFlowLogs API Call")
vpcflowloglist = ec2_ma.describe_flow_logs()
for resource_id in vpcflowloglist["FlowLogs"]:
FlowLogList.append(resource_id["ResourceId"])
working_list = (list(set(VPCList) - set(FlowLogList)))
logging.info("List of VPCs found within account " + org_account + ", region " + aws_region + " WITHOUT VPC Flow Logs:")
print(working_list)
for no_logs in working_list:
logging.info(no_logs + " does not have VPC Flow logging on. This will not be turned on within the Dry Run option.")
except Exception as exception_handle:
logging.error(exception_handle)