Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var VpcCalls = []types.AWSService{ { Name: "ec2:DescribeVpcs", Call: func(ctx context.Context, sess *session.Session) (interface{}, error) { infra := &VPCInfrastructure{} var lastErr error anyRegionSucceeded := false for _, region := range types.Regions { regionSess := sess.Copy(&aws.Config{Region: aws.String(region)}) svc := ec2.New(regionSess) regionFailed := false // DescribeVpcs var regionVpcs []*ec2.Vpc vpcInput := &ec2.DescribeVpcsInput{} for { output, err := svc.DescribeVpcsWithContext(ctx, vpcInput) if err != nil { lastErr = err regionFailed = true break } regionVpcs = append(regionVpcs, output.Vpcs...) if output.NextToken == nil { break } vpcInput.NextToken = output.NextToken } if regionFailed { continue } // DescribeSubnets var regionSubnets []*ec2.Subnet subnetInput := &ec2.DescribeSubnetsInput{} for { output, err := svc.DescribeSubnetsWithContext(ctx, subnetInput) if err != nil { infra.PartialErrors = append(infra.PartialErrors, fmt.Errorf("ec2:DescribeSubnets in %s: %v", region, err)) break } regionSubnets = append(regionSubnets, output.Subnets...) if output.NextToken == nil { break } subnetInput.NextToken = output.NextToken } // DescribeSecurityGroups var regionSGs []*ec2.SecurityGroup sgInput := &ec2.DescribeSecurityGroupsInput{} for { output, err := svc.DescribeSecurityGroupsWithContext(ctx, sgInput) if err != nil { infra.PartialErrors = append(infra.PartialErrors, fmt.Errorf("ec2:DescribeSecurityGroups in %s: %v", region, err)) break } regionSGs = append(regionSGs, output.SecurityGroups...) if output.NextToken == nil { break } sgInput.NextToken = output.NextToken } infra.VPCs = append(infra.VPCs, regionVpcs...) infra.Subnets = append(infra.Subnets, regionSubnets...) infra.SecurityGroups = append(infra.SecurityGroups, regionSGs...) anyRegionSucceeded = true } if !anyRegionSucceeded && lastErr != nil { return nil, lastErr } return infra, nil }, Process: func(output interface{}, err error, debug bool) []types.ScanResult { var results []types.ScanResult if err != nil { utils.HandleAWSError(debug, "ec2:DescribeVpcs", err) return []types.ScanResult{ { ServiceName: "VPC", MethodName: "ec2:DescribeVpcs", Error: err, Timestamp: time.Now(), }, } } infra, ok := output.(*VPCInfrastructure) if !ok { utils.HandleAWSError(debug, "ec2:DescribeVpcs", fmt.Errorf("unexpected output type %T", output)) return results } if len(infra.VPCs) == 0 && len(infra.Subnets) == 0 && len(infra.SecurityGroups) == 0 { utils.PrintAccessGranted(debug, "ec2:DescribeVpcs", "VPC infrastructure") return []types.ScanResult{} } for _, partialErr := range infra.PartialErrors { results = append(results, types.ScanResult{ ServiceName: "VPC", MethodName: "ec2:DescribeVpcs", Error: partialErr, Timestamp: time.Now(), }) } results = append(results, processVPCs(infra, debug)...) results = append(results, processSubnets(infra, debug)...) results = append(results, processSecurityGroups(infra, debug)...) return results }, ModuleName: types.DefaultModuleName, }, }
Functions ¶
This section is empty.
Types ¶
type VPCInfrastructure ¶
type VPCInfrastructure struct {
VPCs []*ec2.Vpc
Subnets []*ec2.Subnet
SecurityGroups []*ec2.SecurityGroup
PartialErrors []error
}
VPCInfrastructure holds aggregated VPC, Subnet, and Security Group results.
Source Files
Click to show internal directories.
Click to hide internal directories.