boto3 Access Analyzer list not all findings: boto3访问分析器未列出所有发现。

huangapple go评论77阅读模式
英文:

boto3 Access Analyzer list not all findings

问题

I'm trying to List ALL findings from AWS Access analyzer and save them to a csv file. But i always get only 2047 findings but in AWS console I see about 7000. I'm using boto3 version 1.26.123

我尝试列出 AWS 访问分析器中的所有发现并将它们保存到 CSV 文件中。但我总是只能获得 2047 个发现,但在 AWS 控制台中我看到大约有 7000 个。我正在使用 boto3 版本 1.26.123

Below my code:

下面是我的代码:

from boto3.session import Session
from boto3 import __version__ as vv
from csv import writer
 
print(vv)
 
mySession = Session(profile_name='nonprod-security-engine')
 
conn = mySession.client('accessanalyzer')
 
paginator = conn.get_paginator('list_findings')
 
data = []
number = 0
 
for page in paginator.paginate(
        analyzerArn='arn:aws:access-analyzer:ap-southeast-1:XXXXXXXXX:analyzer/access-analyzer',
        PaginationConfig={
            'PageSize': 100
        }
    ):
    for finding in page['findings']:
        ### generate matrix table for each finding
        action=''
        if 'action' in finding:
            action = " ".join(finding['action'])
            test = finding['action']
        principal=''
        if 'principal' in finding:
            principal =  finding['principal']
        isPublic=''
        if 'isPublic' in finding:
            isPublic =  finding['isPublic']
        condition=''
        if 'condition' in finding:
            condition =  finding['condition']
        error=''
        if 'error' in finding:
            error =  finding['error']
        sources=''
        if 'sources' in finding:
            sources =  finding['sources']
        data.append([
            finding['id'],
            principal,
            action,
            finding['resource'],
            isPublic,
            finding['resourceType'],
            condition,
            finding['createdAt'],
            finding['analyzedAt'],
            finding['updatedAt'],
            finding['status'],
            finding['resourceOwnerAccount'],
            error,
            sources
        ])
        number += 1
    print(number)
    print(test)
 
print(f"Total number {number}")
 
## Header for CSV file
header = [
    'id',
    'principal',
    'action',
    'resource',
    'isPublic',
    'resourceType',
    'condition',
    'createdAt',
    'analyzedAt',
    'updatedAt',
    'status',
    'resourceOwnerAccount',
    'error',
    'sources'
    ]
 
### Save CSV Report to findings.csv
with open('findings.csv', 'w', encoding='UTF8', newline='') as f:
    writer = writer(f,delimiter=';')
    writer.writerow(header)
    writer.writerows(data)
 

I'm tried to use other paginator configurations but every time the same result. I would like to know why in AWS Console I see much more findings that in csv file which I generated.

我尝试使用其他分页配置,但每次都获得相同的结果。我想知道为什么在 AWS 控制台中我看到的发现比我生成的 CSV 文件中的要多。

I have also tried to use filters for ACTIVE and RESOLVED. When I use RESOLVED in boto3, I receive 237 findings, but in the console, I see almost 1000. Is this possible that on console are outdated findings?

我还尝试使用 ACTIVE 和 RESOLVED 过滤器。当我在 boto3 中使用 RESOLVED 时,我收到了 237 个发现,但在控制台中,我看到了近 1000 个。这可能是因为控制台上的发现已经过时吗?

英文:

I'm trying to List ALL findings from AWS Access analyzer and save them to csv file.
But i always get only 2047 findings but in AWS console I see about 7000.
I'm using boto3 version 1.26.123
Below my code:

from boto3.session import Session
from boto3 import __version__ as vv
from csv import writer
print(vv)
mySession = Session(profile_name='nonprod-security-engine')
conn = mySession.client('accessanalyzer')
paginator = conn.get_paginator('list_findings')
data = []
number = 0
for page in paginator.paginate(
analyzerArn='arn:aws:access-analyzer:ap-southeast-1:XXXXXXXXX:analyzer/access-analyzer',
PaginationConfig={
'PageSize': 100
}
):
for finding in page['findings']:
### generate matrix table for each finding
action=''
if 'action' in finding:
action = " ".join(finding['action'])
test = finding['action']
principal=''
if 'principal' in finding:
principal =  finding['principal']
isPublic=''
if 'isPublic' in finding:
isPublic =  finding['isPublic']
condition=''
if 'condition' in finding:
condition =  finding['condition']
error=''
if 'error' in finding:
error =  finding['error']
sources=''
if 'sources' in finding:
sources =  finding['sources']
data.append([
finding['id'],
principal,
action,
finding['resource'],
isPublic,
finding['resourceType'],
condition,
finding['createdAt'],
finding['analyzedAt'],
finding['updatedAt'],
finding['status'],
finding['resourceOwnerAccount'],
error,
sources
])
number += 1
print(number)
print(test)
print(f"Total number {number}")
## Header for CSV file
header = [
'id',
'principal',
'action',
'resource',
'isPublic',
'resourceType',
'condition',
'createdAt',
'analyzedAt',
'updatedAt',
'status',
'resourceOwnerAccount',
'error',
'sources'
]
### Save CSV Report to findings.csv
with open('findings.csv', 'w', encoding='UTF8', newline='') as f:
writer = writer(f,delimiter=";")
writer.writerow(header)
writer.writerows(data)

I'm tried to use other paginator configurations but every time the same result.
I would like to know why in AWS Console I see much more findings that in csv file which i generated.

I have also try to use filter for ACTIVE and RESOLVED,
when i use RESOLVED in boto3 i receive 237 findings but in console i see almost 1000.

Is this possible that on console are outdated findings?

答案1

得分: 0

感谢AWS Support的帮助,我们已经确定了与AWS控制台GUI相关的问题的原因。看起来重复点击“下一页”按钮可能会导致显示的问题数量不正确。但是,我要向您保证,AWS已经意识到这个问题,并正在积极努力解决它。

英文:

Thanks to the assistance of AWS Support, we have identified the cause of the issue related to the AWS Console GUI. It appears that repeatedly clicking on the "next page" button can result in an incorrect number of findings being displayed. However, I want to assure you that AWS is aware of this issue and is actively working on a resolution to fix it.

huangapple
  • 本文由 发表于 2023年5月10日 21:22:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/76218975.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定