forked from aws-samples/service-screener-v2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
organizationAccountsInit.py
92 lines (72 loc) · 2.83 KB
/
organizationAccountsInit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import boto3, botocore, json
from simple_term_menu import TerminalMenu
## Setting
defaultOrgazinationAccountAccessRole = 'OrganizationAccountAccessRole'
org = boto3.client('organizations')
acctLists = []
sts = boto3.client('sts')
resp = sts.get_caller_identity()
myAccountId = resp.get('Account')
## Welcome
print("Welcome to Service-Screener-v2 helper: OrganizationAccountsJson Generator")
print("You are currently in this account: \033[4m{}\033[0m, which will be automatically included in the scan".format(myAccountId))
print()
print("Select the accounts to be included into the list")
params = {}
hasNextToken = True
while(hasNextToken):
try:
resp = org.list_accounts(**params)
accts = resp.get('Accounts')
acctLists = acctLists + accts
hasNextToken = resp.get('NextToken')
params['NextToken'] = hasNextToken
except botocore.exceptions.ClientError as e:
print(e.response['Error']['Code'])
exit()
# Build multiselect cli
print("=================================================")
mlist = [f"{acct['Id']}::{acct['Name']}" for acct in acctLists if acct['Status'] == 'ACTIVE' and acct['Id'] != myAccountId]
# print(mlist)
tMenu = TerminalMenu(
mlist,
multi_select=True,
show_multi_select_hint=True
)
tControl = tMenu.show()
accounts = tMenu.chosen_menu_entries
# print
accessRole = input("Enter organization cross accounts role (Leave it blank to use the default role: [{}]): ".format(defaultOrgazinationAccountAccessRole))
## check if accessRole is empty after trim
if accessRole.strip() == '':
accessRole = defaultOrgazinationAccountAccessRole
# print(accessRole)
#Get ExternalId
externalId = input("Enter your external id (leave it blank if NONE): ")
# print(externalId)
#Summary before general the JSON files
print()
print("===================Summary=======================")
print("({}) Accounts selected, they are: {}".format(len(accounts), accounts))
print("OrganizationAccessRole: {}".format(accessRole))
print("ExternalId: {}".format(externalId))
print("=================================================")
confirm = input("Confirm to proceed JSON output creation? (y/n) ")
if confirm.upper() == 'N':
print("User decided not to proceed, operation cancelled")
else:
selected = {}
for acct in accounts:
acctId = acct.split('::')[0]
selected[acctId] = {}
general = {
'IncludeThisAccount': True,
'RoleName': accessRole,
'ExternalId': externalId
}
crossAccountsJson = {'general': general, 'accountLists': selected}
## write the JSON into a filepath
with open('crossAccounts.json', 'w') as outfile:
json.dump(crossAccountsJson, outfile, indent=4)
print("JSON file generated: crossAccounts.json")
print("You can now run ``` screener --regions ALL --crossAccounts 1 ``` to perform cross accounts scan")