aws.rds package¶
Submodules¶
aws.rds.helpers module¶
-
aws.rds.helpers.is_rds_db_snapshot_attr_public_access(rds_db_snapshot_attribute)[source]¶ Checks whether a RDS snapshot attribute is:
- {
“AttributeName”: “restore”, “AttributeValues”: [“random_aws_account_id”, “any”]
}
>>> is_rds_db_snapshot_attr_public_access({"AttributeName": "restore", "AttributeValues": ["any"]}) True >>> is_rds_db_snapshot_attr_public_access({"AttributeName": "restore", "AttributeValues": ["aws_account_id"]}) False >>> is_rds_db_snapshot_attr_public_access({"AttributeName": "restore", "AttributeValues": []}) False >>> is_rds_db_snapshot_attr_public_access({"AttributeName": "blorg", "AttributeValues": ["any"]}) False >>> is_rds_db_snapshot_attr_public_access([]) Traceback (most recent call last): ... TypeError: list indices must be integers or slices, not str >>> is_rds_db_snapshot_attr_public_access(0) Traceback (most recent call last): ... TypeError: 'int' object is not subscriptable >>> is_rds_db_snapshot_attr_public_access(None) Traceback (most recent call last): ... TypeError: 'NoneType' object is not subscriptable
-
aws.rds.helpers.does_rds_db_security_group_grant_public_access(sg)[source]¶ Checks an RDS instance for a DB security group with CIDRIP 0.0.0.0/0
>>> does_rds_db_security_group_grant_public_access( ... {"IPRanges": [{"CIDRIP": "127.0.0.1/32", "Status": "authorized"}, ... {"CIDRIP": "0.0.0.0/0", "Status": "authorized"}]}) True >>> does_rds_db_security_group_grant_public_access({"IPRanges": []}) False
-
aws.rds.helpers.does_vpc_security_group_grant_public_access(sg)[source]¶ Checks an RDS instance for a VPC security groups with ingress permission ipv4 range 0.0.0.0/0 or ipv6 range :::/0
>>> does_vpc_security_group_grant_public_access( ... {'IpPermissions': [{'Ipv6Ranges': [], 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]}]}) True >>> does_vpc_security_group_grant_public_access( ... {'IpPermissions': [{'Ipv6Ranges': [], 'IpRanges': []}]}) False >>> does_vpc_security_group_grant_public_access( ... {'IpPermissions': [{'Ipv6Ranges': [], 'IpRanges': [{'CidrIp': '192.168.1.0/0'}]}]}) False
-
aws.rds.helpers.is_rds_db_instance_encrypted(rds_db_instance)[source]¶ Checks the RDS instance ‘StorageEncrypted’ value.
>>> is_rds_db_instance_encrypted({'StorageEncrypted': True}) True >>> is_rds_db_instance_encrypted({'StorageEncrypted': False}) False >>> is_rds_db_instance_encrypted({}) Traceback (most recent call last): ... KeyError: 'StorageEncrypted' >>> is_rds_db_instance_encrypted(0) Traceback (most recent call last): ... TypeError: 'int' object is not subscriptable >>> is_rds_db_instance_encrypted(None) Traceback (most recent call last): ... TypeError: 'NoneType' object is not subscriptable
-
aws.rds.helpers.is_rds_db_snapshot_encrypted(rds_db_snapshot)[source]¶ Checks the RDS snapshot ‘Encrypted’ value.
>>> is_rds_db_snapshot_encrypted({'Encrypted': True}) True >>> is_rds_db_snapshot_encrypted({'Encrypted': False}) False >>> is_rds_db_snapshot_encrypted({}) Traceback (most recent call last): ... KeyError: 'Encrypted' >>> is_rds_db_snapshot_encrypted(0) Traceback (most recent call last): ... TypeError: 'int' object is not subscriptable >>> is_rds_db_snapshot_encrypted(None) Traceback (most recent call last): ... TypeError: 'NoneType' object is not subscriptable
-
aws.rds.helpers.rds_db_snapshot_not_too_old(snapshot, snapshot_created_days_ago=365)[source]¶ Check a rds snapshot is created “snapshot_created_days_ago”.
>>> from datetime import datetime >>> from datetime import timezone
>>> rds_db_snapshot_not_too_old({"SnapshotCreateTime": datetime.now(timezone.utc)}) True >>> rds_db_snapshot_not_too_old({"SnapshotCreateTime": datetime.fromisoformat("2019-09-11T19:45:22.116+00:00")}) False