c7n-trailcreator

Name	c7n-trailcreator JSON
Version	0.2.34 JSON
	download
home_page	https://cloudcustodian.io
Summary	Cloud Custodian - Retroactive Tag Resource Creators from CloudTrail
upload_time	2024-03-26 21:21:39
maintainer	None
docs_url	None
author	Cloud Custodian Project
requires_python	<4.0,>=3.8
license	Apache-2.0
keywords
VCS
bugtrack_url
requirements	No requirements were recorded.
Travis-CI	No Travis.
coveralls test coverage

            # c7n-trailcreator:  Retroactive Resource Creator Tagging

This script will process cloudtrail records to create a sqlite db of
resources and their creators, and then use that sqlitedb to tag
the resources with their creator's name.

In processing cloudtrail it can use either Athena or S3 Select. A
config file of the events and resources of interest is required.

## Install

```shell
$ pip install c7n_trailcreator

$ c7n-trailcreator --help
```

## Config File

The config file format here is similiar to what custodian requires
for lambda policies on cloudtrail api events as an event selector.

First for each resource, the custodian resource-type is required
to be specified, and then for each event, we need to know the
name of the service, the event name, and a jmespath expression
to get the resource ids.

Here's a a few examples, covering iam-user, iam-role, and and an s3 bucket.


```json
{
  "resources": [
    {
      "resource": "iam-role",
      "events": [
        {
          "event": "CreateRole",
          "ids": "requestParameters.roleName",
          "service": "iam.amazonaws.com"
        }
      ]
    },
    {
      "resource": "s3",
      "events": [
        {
          "ids": "requestParameters.bucketName",
          "event": "CreateBucket",
          "service": "s3.amazonaws.com"
        }
      ]
    },
    {
      "resource": "iam-user",
      "events": [
        {
          "event": "CreateUser",
          "ids": "requestParameters.userName",
          "service": "iam.amazonaws.com"
        }
      ]
    }]
}
```

## Athena Usage

Trail creators supports loading data from s3 using s3 select or from cloudtrail s3 using athena.

Note you'll have to pre-created the athena table for cloudtrail previously per
https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html

Let's use the example config file to load up data for all the roles, buckets, and users created in 2019

```
c7n-trailcreator load-athena \
    --region us-east-1 \
	--resource-map resource_map.json \
	--table cloudtrail_logs_custodian_skunk_trails \
	--db "creators.db" \
	--year 2019
```

By default we'll use the default s3 athena output used by the console,
and the default db and primary workgroup, you can pass all of these in
on the cli to be more explicit.

You can also specify to just process a month with `--month 2019/11` or
an individual day with `--day 2019/02/01`

```
INFO:c7n_trailowner:Athena query:569712dc-d1e9-4474-b86f-6579c53b5b46
INFO:c7n_trailowner:Polling athena query progress scanned:489.24 Mb qexec:28.62s
INFO:c7n_trailowner:Polling athena query progress scanned:1.29 Gb qexec:88.96s
INFO:c7n_trailowner:Polling athena query progress scanned:2.17 Gb qexec:141.16s
INFO:c7n_trailowner:processing athena result page 78 records
INFO:c7n_trailowner:Athena Processed 78 records
```

Note you can reprocess a completed query's results, by passing in `--query-id` on the cli.

## Tagging

It supports this across all the resources that custodian supports.

```
$ c7n-trailcreator tag \
	--db creators.db \
	--creator-tag Owner \
	--region us-east-1
INFO:c7n_trailowner:account:644160558196 region:us-east-1 tag 13 iam-role resources users:5 population:97 not-found:84 records:124
INFO:c7n_trailowner:account:644160558196 region:us-east-1 tag 5 iam-user resources users:4 population:6 not-found:1 records:18
INFO:c7n_trailowner:account:644160558196 region:us-east-1 tag 9 s3 resources users:4 population:14 not-found:5 records:20
INFO:c7n_trailowner:auto tag summary account:644160558196 region:us-east-1
 iam-role-not-found: 84
 iam-role: 13
 iam-user-not-found: 1
 iam-user: 5
 s3-not-found: 5
 s3: 9
INFO:c7n_trailowner:Total resources tagged: 27
```

let's break down one of these log messages

```
INFO:c7n_trailowner:account:644160558196 region:us-east-1 tag 13 iam-role resources users:5 population:97 not-found:84 records:124
```

- records: the count of database create events we have for this resource type.
- users: the number of unique users for whom we have create events.
- not-found: the number of resources for whom we do not have create events, ie created before or after our trail analysis period.
- population: the total number of resources in the account region.

## Multi Account / Multi Region

c7n-trailcreator supports executing across multiple accounts and regions when tagging
using the same file format that c7n-org uses to denote accounts. See `tag-org` subcommand.



            

Raw data

            {
    "_id": null,
    "home_page": "https://cloudcustodian.io",
    "name": "c7n-trailcreator",
    "maintainer": null,
    "docs_url": null,
    "requires_python": "<4.0,>=3.8",
    "maintainer_email": null,
    "keywords": null,
    "author": "Cloud Custodian Project",
    "author_email": null,
    "download_url": null,
    "platform": null,
    "description": "# c7n-trailcreator:  Retroactive Resource Creator Tagging\n\nThis script will process cloudtrail records to create a sqlite db of\nresources and their creators, and then use that sqlitedb to tag\nthe resources with their creator's name.\n\nIn processing cloudtrail it can use either Athena or S3 Select. A\nconfig file of the events and resources of interest is required.\n\n## Install\n\n```shell\n$ pip install c7n_trailcreator\n\n$ c7n-trailcreator --help\n```\n\n## Config File\n\nThe config file format here is similiar to what custodian requires\nfor lambda policies on cloudtrail api events as an event selector.\n\nFirst for each resource, the custodian resource-type is required\nto be specified, and then for each event, we need to know the\nname of the service, the event name, and a jmespath expression\nto get the resource ids.\n\nHere's a a few examples, covering iam-user, iam-role, and and an s3 bucket.\n\n\n```json\n{\n  \"resources\": [\n    {\n      \"resource\": \"iam-role\",\n      \"events\": [\n        {\n          \"event\": \"CreateRole\",\n          \"ids\": \"requestParameters.roleName\",\n          \"service\": \"iam.amazonaws.com\"\n        }\n      ]\n    },\n    {\n      \"resource\": \"s3\",\n      \"events\": [\n        {\n          \"ids\": \"requestParameters.bucketName\",\n          \"event\": \"CreateBucket\",\n          \"service\": \"s3.amazonaws.com\"\n        }\n      ]\n    },\n    {\n      \"resource\": \"iam-user\",\n      \"events\": [\n        {\n          \"event\": \"CreateUser\",\n          \"ids\": \"requestParameters.userName\",\n          \"service\": \"iam.amazonaws.com\"\n        }\n      ]\n    }]\n}\n```\n\n## Athena Usage\n\nTrail creators supports loading data from s3 using s3 select or from cloudtrail s3 using athena.\n\nNote you'll have to pre-created the athena table for cloudtrail previously per\nhttps://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html\n\nLet's use the example config file to load up data for all the roles, buckets, and users created in 2019\n\n```\nc7n-trailcreator load-athena \\\n    --region us-east-1 \\\n\t--resource-map resource_map.json \\\n\t--table cloudtrail_logs_custodian_skunk_trails \\\n\t--db \"creators.db\" \\\n\t--year 2019\n```\n\nBy default we'll use the default s3 athena output used by the console,\nand the default db and primary workgroup, you can pass all of these in\non the cli to be more explicit.\n\nYou can also specify to just process a month with `--month 2019/11` or\nan individual day with `--day 2019/02/01`\n\n```\nINFO:c7n_trailowner:Athena query:569712dc-d1e9-4474-b86f-6579c53b5b46\nINFO:c7n_trailowner:Polling athena query progress scanned:489.24 Mb qexec:28.62s\nINFO:c7n_trailowner:Polling athena query progress scanned:1.29 Gb qexec:88.96s\nINFO:c7n_trailowner:Polling athena query progress scanned:2.17 Gb qexec:141.16s\nINFO:c7n_trailowner:processing athena result page 78 records\nINFO:c7n_trailowner:Athena Processed 78 records\n```\n\nNote you can reprocess a completed query's results, by passing in `--query-id` on the cli.\n\n## Tagging\n\nIt supports this across all the resources that custodian supports.\n\n```\n$ c7n-trailcreator tag \\\n\t--db creators.db \\\n\t--creator-tag Owner \\\n\t--region us-east-1\nINFO:c7n_trailowner:account:644160558196 region:us-east-1 tag 13 iam-role resources users:5 population:97 not-found:84 records:124\nINFO:c7n_trailowner:account:644160558196 region:us-east-1 tag 5 iam-user resources users:4 population:6 not-found:1 records:18\nINFO:c7n_trailowner:account:644160558196 region:us-east-1 tag 9 s3 resources users:4 population:14 not-found:5 records:20\nINFO:c7n_trailowner:auto tag summary account:644160558196 region:us-east-1\n iam-role-not-found: 84\n iam-role: 13\n iam-user-not-found: 1\n iam-user: 5\n s3-not-found: 5\n s3: 9\nINFO:c7n_trailowner:Total resources tagged: 27\n```\n\nlet's break down one of these log messages\n\n```\nINFO:c7n_trailowner:account:644160558196 region:us-east-1 tag 13 iam-role resources users:5 population:97 not-found:84 records:124\n```\n\n- records: the count of database create events we have for this resource type.\n- users: the number of unique users for whom we have create events.\n- not-found: the number of resources for whom we do not have create events, ie created before or after our trail analysis period.\n- population: the total number of resources in the account region.\n\n## Multi Account / Multi Region\n\nc7n-trailcreator supports executing across multiple accounts and regions when tagging\nusing the same file format that c7n-org uses to denote accounts. See `tag-org` subcommand.\n\n\n",
    "bugtrack_url": null,
    "license": "Apache-2.0",
    "summary": "Cloud Custodian - Retroactive Tag Resource Creators from CloudTrail",
    "version": "0.2.34",
    "project_urls": {
        "Documentation": "https://cloudcustodian.io/docs/tools/c7n-trailcreator.html",
        "Homepage": "https://cloudcustodian.io",
        "Repository": "https://github.com/cloud-custodian/cloud-custodian"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "3ad601eff24a13d472c2460b9ab11be4aba8944e07a8aaaa1b6320d592d4090f",
                "md5": "282cf838e6332b80db1b2b0e1fbe0cfa",
                "sha256": "46a27f6e30dc3b19294be3a4fabe07e658feb1d61a33801c57425327d43c294c"
            },
            "downloads": -1,
            "filename": "c7n_trailcreator-0.2.34-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "282cf838e6332b80db1b2b0e1fbe0cfa",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "<4.0,>=3.8",
            "size": 11852,
            "upload_time": "2024-03-26T21:21:39",
            "upload_time_iso_8601": "2024-03-26T21:21:39.934536Z",
            "url": "https://files.pythonhosted.org/packages/3a/d6/01eff24a13d472c2460b9ab11be4aba8944e07a8aaaa1b6320d592d4090f/c7n_trailcreator-0.2.34-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-03-26 21:21:39",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "cloud-custodian",
    "github_project": "cloud-custodian",
    "travis_ci": false,
    "coveralls": true,
    "github_actions": true,
    "lcname": "c7n-trailcreator"
}