Table Of Contents

  1. Docs
  2. API Reference
  3. Built-in plugins
  4. Auditors
  5. probator_auditor_cloudtrail

probator_auditor_cloudtrail

class probator_auditor_cloudtrail.CloudTrailAuditor

CloudTrail auditor

Ensures that CloudTrail is enabled and logging to a central location and that SNS/SQS notifications are enabled and being sent to the correct queues for the CloudTrail Logs application

run(*args, **kwargs)

Entry point for the scheduler

Parameters:
  • *args – Optional arguments
  • **kwargs – Optional keyword arguments
Returns:

None
validate_sqs_policy(accounts)

Given a list of accounts, ensures that the SQS policy allows all the accounts to write to the queue

Parameters:accounts (list of Account) – List of accounts
Returns:None
class probator_auditor_cloudtrail.CloudTrail(account, bucket_name, bucket_region, logger)

CloudTrail object

validate_trail_settings(ct, aws_region, trail)

Validates logging, SNS and S3 settings for the global trail.

Has the capability to:

  • start logging for the trail
  • create SNS topics & queues
  • configure or modify a S3 bucket for logging
create_sns_topic(region)

Creates an SNS topic if needed. Returns the ARN if the created SNS topic

Parameters:region (str) – Region name
Returns:str
validate_sns_topic_subscription(region)

Validates SQS subscription to the SNS topic. Returns True if subscribed or False if not subscribed or topic is missing

Parameters:region (str) – Name of AWS Region
Returns:bool
subscribe_sns_topic_to_sqs(region)

Subscribe SQS to the SNS topic. Returns the ARN of the SNS Topic subscribed

Parameters:region (str) – Name of the AWS region
Returns:str
create_cloudtrail(region)

Creates a new CloudTrail Trail

Parameters:region (str) – Name of the AWS region
Returns:None
enable_sns_notification(region, trailName)

Enable SNS notifications for a Trail

Parameters:
  • region (str) – Name of the AWS region
  • trailName (str) – Name of the CloudTrail Trail
Returns:

None
start_logging(region, name)

Turn on logging for a CloudTrail Trail

Parameters:
  • region (str) – Name of the AWS region
  • name (str) – Name of the CloudTrail Trail
Returns:

None
set_s3_prefix(region, name)

Sets the S3 prefix for a CloudTrail Trail

Parameters:
  • region (str) – Name of the AWS region
  • name (str) – Name of the CloudTrail Trail
Returns:

None
set_s3_bucket(region, name, bucketName)

Sets the S3 bucket location for logfile delivery

Parameters:
  • region (str) – Name of the AWS region
  • name (str) – Name of the CloudTrail Trail
  • bucketName (str) – Name of the S3 bucket to deliver log files to
Returns:

None
classmethod create_s3_bucket(bucket_name, bucket_region, bucket_account, template)

Creates the S3 bucket on the account specified as the destination account for log files

Parameters:
  • bucket_name (str) – Name of the S3 bucket
  • bucket_region (str) – AWS Region for the bucket
  • bucket_account (Account) – Account to create the S3 bucket in
  • template (Template) – Jinja2 Template object for the bucket policy
Returns:

None
Auditors
probator_auditor_domain_hijacking
© Copyright 2019 Asbjorn Kjaer. Created using Sphinx.