Server IP : 85.214.239.14 / Your IP : 18.217.26.8 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /usr/lib/python3/dist-packages/ansible_collections/amazon/aws/plugins/modules/ |
Upload File : |
#!/usr/bin/python # Copyright: Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = ''' --- module: cloudtrail_info version_added: 5.0.0 short_description: Gather information about trails in AWS Cloud Trail. description: - Gather information about trails in AWS CloudTrail. author: "Gomathi Selvi Srinivasan (@GomathiselviS)" options: trail_names: type: list elements: str default: [] description: - Specifies a list of trail names, trail ARNs, or both, of the trails to describe. - If an empty list is specified, information for the trail in the current region is returned. include_shadow_trails: type: bool default: true description: Specifies whether to include shadow trails in the response. extends_documentation_fragment: - amazon.aws.aws - amazon.aws.ec2 - amazon.aws.boto3 ''' EXAMPLES = ''' # Note: These examples do not set authentication details, see the AWS Guide for details. # Gather information about all trails - amazon.aws.cloudtrail_info: # Gather information about a particular trail - amazon.aws.cloudtrail_info: trail_names: - arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail ''' RETURN = ''' trail_list: description: List of trail objects. Each element consists of a dict with all the information related to that cloudtrail. type: list elements: dict returned: always contains: name: description: Name of the trail. type: str sample: "MyTrail" s3_bucket_name: description: Name of the Amazon S3 bucket into which CloudTrail delivers the trail files. type: str sample: "aws-cloudtrail-logs-xxxx" s3_key_prefix: description: Amazon S3 key prefix that comes after the name of the bucket that is designated for log file delivery. type: str sample: "xxxx" sns_topic_arn: description: ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. type: str sample: "arn:aws:sns:us-east-2:123456789012:MyTopic" include_global_service_events: description: If True, AWS API calls from AWS global services such as IAM are included. type: bool sample: true is_multi_region_trail: description: Specifies whether the trail exists only in one region or exists in all regions. type: bool sample: true home_region: description: The region in which the trail was created. type: str sample: "us-east-1" trail_arn: description: Specifies the ARN of the trail. type: str sample: "arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail" log_file_validation_enabled: description: Specifies whether log file validation is enabled. type: bool sample: true cloud_watch_logs_log_group_arn: description: Specifies an ARN, that represents the log group to which CloudTrail logs will be delivered. type: str sample: "arn:aws:sns:us-east-2:123456789012:Mylog" cloud_watch_logs_role_arn: description: Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. type: str sample: "arn:aws:sns:us-east-2:123456789012:Mylog" kms_key_id: description: Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. type: str sample: "arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012" has_custom_event_selectors: description: Specifies if the trail has custom event selectors. type: bool sample: true has_insight_selectors: description: Specifies whether a trail has insight types specified in an InsightSelector list. type: bool sample: true is_organization_trail: description: Specifies whether the trail is an organization trail. type: bool sample: true is_logging: description: Whether the CloudTrail is currently logging AWS API calls. type: bool sample: true latest_delivery_error: description: Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver log files to the designated bucket. type: str latest_notification_error: description: Displays any Amazon SNS error that CloudTrail encountered when attempting to send a notification. type: str latest_delivery_time: description: Specifies the date and time that CloudTrail last delivered log files to an account's Amazon S3 bucket. type: str start_logging_time: description: Specifies the most recent date and time when CloudTrail started recording API calls for an AWS account. type: str stop_logging_time: description: Specifies the most recent date and time when CloudTrail stopped recording API calls for an AWS account. type: str latest_cloud_watch_logs_delivery_error: description: Displays any CloudWatch Logs error that CloudTrail encountered when attempting to deliver logs to CloudWatch Logs. type: str latest_cloud_watch_logs_delivery_time: description: Displays the most recent date and time when CloudTrail delivered logs to CloudWatch Logs. type: str latest_digest_delivery_time: description: Specifies the date and time that CloudTrail last delivered a digest file to an account's Amazon S3 bucket. type: str latest_digest_delivery_error: description: Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver a digest file to the designated bucket. type: str resource_id: description: Specifies the ARN of the resource. type: str tags: description: Any tags assigned to the cloudtrail. type: dict returned: always sample: "{ 'my_tag_key': 'my_tag_value' }" ''' try: import botocore except ImportError: pass # Handled by AnsibleAWSModule from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule from ansible_collections.amazon.aws.plugins.module_utils.ec2 import AWSRetry from ansible_collections.amazon.aws.plugins.module_utils.ec2 import boto3_tag_list_to_ansible_dict def get_trails(connection, module): all_trails = [] try: result = connection.get_paginator('list_trails') except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to get the trails.") for trail in result.paginate(): all_trails.extend(list_cloud_trails(trail)) return all_trails def list_cloud_trails(trail_dict): return [x["TrailARN"] for x in trail_dict["Trails"]] def get_trail_detail(connection, module): output = {} trail_name_list = module.params.get("trail_names") include_shadow_trails = module.params.get("include_shadow_trails") if not trail_name_list: trail_name_list = get_trails(connection, module) try: result = connection.describe_trails(trailNameList=trail_name_list, includeShadowTrails=include_shadow_trails, aws_retry=True) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to get the trails.") # Turn the boto3 result in to ansible_friendly_snaked_names snaked_cloud_trail = [] for cloud_trail in result['trailList']: try: status_dict = connection.get_trail_status(Name=cloud_trail["TrailARN"], aws_retry=True) cloud_trail.update(status_dict) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg="Failed to get the trail status") try: tag_list = connection.list_tags(ResourceIdList=[cloud_trail["TrailARN"]]) for tag_dict in tag_list["ResourceTagList"]: cloud_trail.update(tag_dict) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.warn("Failed to get the trail tags - {0}".format(e)) snaked_cloud_trail.append(camel_dict_to_snake_dict(cloud_trail)) # Turn the boto3 result in to ansible friendly tag dictionary for tr in snaked_cloud_trail: if 'tags_list' in tr: tr['tags'] = boto3_tag_list_to_ansible_dict(tr['tags_list'], 'key', 'value') del (tr['tags_list']) if 'response_metadata' in tr: del (tr['response_metadata']) output['trail_list'] = snaked_cloud_trail return output def main(): argument_spec = dict( trail_names=dict(type='list', elements='str', default=[]), include_shadow_trails=dict(type='bool', default=True), ) module = AnsibleAWSModule(argument_spec=argument_spec, supports_check_mode=True) try: connection = module.client('cloudtrail', retry_decorator=AWSRetry.jittered_backoff()) except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e: module.fail_json_aws(e, msg='Failed to connect to AWS') result = get_trail_detail(connection, module) module.exit_json(**result) if __name__ == '__main__': main()