lemur_aws Package

lemur_aws Package

elb Module

lemur.plugins.lemur_aws.elb.attach_certificate(account_number, region, name, port, certificate_id)

Attaches a certificate to a listener, throws exception if certificate specified does not exist in a particular account.

Parameters:

• account_number –
• region –
• name –
• port –
• certificate_id –

lemur.plugins.lemur_aws.elb.create_new_listeners(account_number, region, name, listeners=None)

Creates a new listener and attaches it to the ELB.

Parameters:

• account_number –
• region –
• name –
• listeners –

Returns:

lemur.plugins.lemur_aws.elb.delete_listeners(account_number, region, name, ports)

Deletes a listener from an ELB.

Parameters:

• account_number –
• region –
• name –
• ports –

Returns:

lemur.plugins.lemur_aws.elb.get_all_elbs(account_number, region)

Fetches all elb objects for a given account and region.

Parameters:

• account_number –
• region –

lemur.plugins.lemur_aws.elb.get_all_regions()

Retrieves all current EC2 regions.

Returns:

lemur.plugins.lemur_aws.elb.get_listeners(account_number, region, name)

Gets the listeners configured on an elb and returns a array of tuples

Parameters:

• account_number –
• region –
• name –

Returns:

list of tuples

lemur.plugins.lemur_aws.elb.is_valid(listener_tuple)

There are a few rules that aws has when creating listeners, this function ensures those rules are met before we try and create or update a listener.

While these could be caught with boto exception handling, I would rather be nice and catch these early before we sent them out to aws. It also gives us an opportunity to create nice user warnings.

This validity check should also be checked in the frontend but must also be enforced by server.

Parameters:listener_tuple –

lemur.plugins.lemur_aws.elb.update_listeners(account_number, region, name, listeners, ports)

We assume that a listener with a specified port already exists. We can then delete the old listener on the port and create a new one in it’s place.

If however we are replacing a listener e.g. changing a port from 80 to 443 we need to make sure we kept track of which ports we needed to delete so that we don’t create two listeners (one 80 and one 443)

Parameters:

• account_number –
• region –
• name –
• listeners –
• ports –

iam Module

lemur.plugins.lemur_aws.iam.delete_cert(account_number, cert)

Delete a certificate from AWS

Parameters:

• account_number –
• cert –

Returns:

lemur.plugins.lemur_aws.iam.digest_aws_cert_response(response)

Processes an AWS certifcate response and retrieves the certificate body and chain.

Parameters:response – Returns:

lemur.plugins.lemur_aws.iam.get_all_server_certs(account_number)

Use STS to fetch all of the SSL certificates from a given account

Parameters:account_number –

lemur.plugins.lemur_aws.iam.get_cert_from_arn(arn)

Retrieves an SSL certificate from a given ARN.

Parameters:arn – Returns:

lemur.plugins.lemur_aws.iam.get_name_from_arn(arn)

Extract the certificate name from an arn.

Parameters:arn – IAM SSL arn Returns:name of the certificate as uploaded to AWS

lemur.plugins.lemur_aws.iam.upload_cert(account_number, name, body, private_key, cert_chain=None)

Upload a certificate to AWS

Parameters:

• account_number –
• name –
• private_key –
• cert_chain –

Returns:

plugin Module

class lemur.plugins.lemur_aws.plugin.AWSDestinationPlugin

Bases: lemur.plugins.bases.destination.DestinationPlugin

author = 'Kevin Glisson'

author_url = 'https://github.com/netflix/lemur'

description = 'Allow the uploading of certificates to AWS IAM'

options = [{'helpMessage': 'Must be a valid AWS account number!', 'required': True, 'type': 'str', 'name': 'accountNumber', 'validation': '/^[0-9]{12,12}$/'}]

slug = 'aws-destination'

title = 'AWS'

upload(name, body, private_key, cert_chain, options, **kwargs)

version = 'unknown'

class lemur.plugins.lemur_aws.plugin.AWSSourcePlugin

Bases: lemur.plugins.bases.source.SourcePlugin

author = 'Kevin Glisson'

author_url = 'https://github.com/netflix/lemur'

description = 'Discovers all SSL certificates in an AWS account'

get_certificates(options, **kwargs)

options = [{'helpMessage': 'Must be a valid AWS account number!', 'required': True, 'type': 'str', 'name': 'accountNumber', 'validation': '/^[0-9]{12,12}$/'}]

slug = 'aws-source'

title = 'AWS'

version = 'unknown'

lemur.plugins.lemur_aws.plugin.find_value(name, options)

sts Module

lemur.plugins.lemur_aws.sts.assume_service(account_number, service, region=None)