AWS Boto3 和经典 ELB
AWS Boto3 and Classic ELBs
我正在尝试在经典负载均衡器(elb,而不是 elbv2)上获取活动 TLS 策略,但我无法确定这里出了什么问题:
import boto3
from botocore.exceptions import ClientError
#Declare Constant
EXPECTED_POLICY = 'ELBSecurityPolicy-TLS-1-1-2017-01'
IAMID = '518031149234'
def set_session(awsprofile, awsregion):
try:
session = boto3.Session(profile_name=awsprofile, region_name=awsregion)
return session
except ClientError as e:
print("Failed to run session setter for profile: {0} %s" % e).format(awsprofile)
def assume_role_into_account(profileId, assumeId, sessionName, assetType, regionName):
try:
setSession = set_session(profileId, regionName)
stsSession = setSession.client('sts')
response = stsSession.assume_role(RoleArn=("arn:aws:iam::{0}:role/security").format(assumeId),RoleSessionName=sessionName)
credentials = response['Credentials']
session = setSession.client(assetType, aws_access_key_id=credentials['AccessKeyId'],aws_secret_access_key=credentials['SecretAccessKey'],aws_session_token=credentials['SessionToken'])
return session
except ClientError as e:
print("AssumeRole exception for profile: {0} %s" % e).format(profileId)
def main():
try:
srev2 = assume_role_into_account('sre', IAMID,'Security-Audit-AssumeRole-Session2', 'elb', 'us-east-1')
print("AssumeRole into Account: {0} for Region: {1} .").format(IAMID, 'us-east-1')
elbs = srev2.describe_load_balancers()
for elb in elbs:
policy = session.describe_load_balancer_policies(LoadBalancerName=elb)
except ClientError as e:
print("AssumeRole: Cannot assumerole for id: {0}." % e).format(IAMID)
if __name__ == '__main__':
main()
所以当我returnpolicy在调用describe_load_balancer_policies()
的时候,没有办法区分选择了哪个policy
有什么帮助吗?
TIA!
不贴出相关的错误信息就很难帮到你了。
从快速的角度来看,我猜你在 assume_role_into_account
中定义了局部变量 session
而在 main()
中无法访问
如果这是问题所在,您可以将其更改为
def assume_role_into_account(profileId, assumeId, sessionName, assetType, regionName):
global session
....
参考:
好的,在与亚马逊的 API 和 ELB 团队成员进行了长时间的讨论之后...这是我们得出的结论,请注意这仅适用于经典的 ELB。这确实会 return 您每次在 AWS Web 控制台中看到的 ELB 策略。
我在这上面花了很多时间,我希望它能对同样研究过这段时间的其他人有所帮助,这些努力很糟糕,几乎没有结果:
elbs = client.describe_load_balancers()
for elb in elbs:
#Get Named Policy to pass to get the active policy. -1 denotes the last in the list.
policy_name = jmespath.search('ListenerDescriptions[].PolicyNames[] | [-1]', elb)
policy_description = client.describe_load_balancer_policies(LoadBalancerName=elb, PolicyNames=[policyname])
console_policy = jmespath.search('PolicyDescriptions[?PolicyName==`{0}`] | [0].PolicyAttributeDescriptions[0].AttributeValue'.format(policyname), policy_description)
return console_policy
我正在尝试在经典负载均衡器(elb,而不是 elbv2)上获取活动 TLS 策略,但我无法确定这里出了什么问题:
import boto3
from botocore.exceptions import ClientError
#Declare Constant
EXPECTED_POLICY = 'ELBSecurityPolicy-TLS-1-1-2017-01'
IAMID = '518031149234'
def set_session(awsprofile, awsregion):
try:
session = boto3.Session(profile_name=awsprofile, region_name=awsregion)
return session
except ClientError as e:
print("Failed to run session setter for profile: {0} %s" % e).format(awsprofile)
def assume_role_into_account(profileId, assumeId, sessionName, assetType, regionName):
try:
setSession = set_session(profileId, regionName)
stsSession = setSession.client('sts')
response = stsSession.assume_role(RoleArn=("arn:aws:iam::{0}:role/security").format(assumeId),RoleSessionName=sessionName)
credentials = response['Credentials']
session = setSession.client(assetType, aws_access_key_id=credentials['AccessKeyId'],aws_secret_access_key=credentials['SecretAccessKey'],aws_session_token=credentials['SessionToken'])
return session
except ClientError as e:
print("AssumeRole exception for profile: {0} %s" % e).format(profileId)
def main():
try:
srev2 = assume_role_into_account('sre', IAMID,'Security-Audit-AssumeRole-Session2', 'elb', 'us-east-1')
print("AssumeRole into Account: {0} for Region: {1} .").format(IAMID, 'us-east-1')
elbs = srev2.describe_load_balancers()
for elb in elbs:
policy = session.describe_load_balancer_policies(LoadBalancerName=elb)
except ClientError as e:
print("AssumeRole: Cannot assumerole for id: {0}." % e).format(IAMID)
if __name__ == '__main__':
main()
所以当我returnpolicy在调用describe_load_balancer_policies()
的时候,没有办法区分选择了哪个policy
有什么帮助吗?
TIA!
不贴出相关的错误信息就很难帮到你了。
从快速的角度来看,我猜你在 assume_role_into_account
中定义了局部变量 session
而在 main()
如果这是问题所在,您可以将其更改为
def assume_role_into_account(profileId, assumeId, sessionName, assetType, regionName):
global session
....
参考:
好的,在与亚马逊的 API 和 ELB 团队成员进行了长时间的讨论之后...这是我们得出的结论,请注意这仅适用于经典的 ELB。这确实会 return 您每次在 AWS Web 控制台中看到的 ELB 策略。
我在这上面花了很多时间,我希望它能对同样研究过这段时间的其他人有所帮助,这些努力很糟糕,几乎没有结果:
elbs = client.describe_load_balancers()
for elb in elbs:
#Get Named Policy to pass to get the active policy. -1 denotes the last in the list.
policy_name = jmespath.search('ListenerDescriptions[].PolicyNames[] | [-1]', elb)
policy_description = client.describe_load_balancer_policies(LoadBalancerName=elb, PolicyNames=[policyname])
console_policy = jmespath.search('PolicyDescriptions[?PolicyName==`{0}`] | [0].PolicyAttributeDescriptions[0].AttributeValue'.format(policyname), policy_description)
return console_policy