lemur_aws Package¶

`lemur_aws` Package¶

`elb` Module¶

lemur.plugins.lemur_aws.elb.attach_certificate(name, port, certificate_id, **kwargs)

Attaches a certificate to a listener, throws exception if certificate specified does not exist in a particular account.

Parameters:	name – port – certificate_id –

lemur.plugins.lemur_aws.elb.attach_certificate_v2(listener_arn, port, certificates, **kwargs)

Attaches a certificate to a listener, throws exception if certificate specified does not exist in a particular account.

Parameters:	listener_arn – port – certificates –

lemur.plugins.lemur_aws.elb.describe_listeners_v2(**kwargs)

Fetches one page of listener objects for a given elb arn.

Parameters:	kwargs –
Returns:

lemur.plugins.lemur_aws.elb.describe_load_balancer_policies(load_balancer_name, policy_names, **kwargs)

Fetching all policies currently associated with an ELB.

Parameters:	load_balancer_name –
Returns:

lemur.plugins.lemur_aws.elb.describe_load_balancer_types(policies, **kwargs)

Describe the policies with policy details.

Parameters:	policies –
Returns:

lemur.plugins.lemur_aws.elb.describe_ssl_policies_v2(policy_names, **kwargs)

Fetching all policies currently associated with an ELB.

Parameters:	policy_names –
Returns:

lemur.plugins.lemur_aws.elb.get_all_elbs(**kwargs)

Fetches all elbs for a given account/region

Parameters:	kwargs –
Returns:

lemur.plugins.lemur_aws.elb.get_all_elbs_v2(**kwargs)

Fetches all elbs for a given account/region

Parameters:	kwargs –
Returns:

lemur.plugins.lemur_aws.elb.get_elbs(**kwargs): Fetches one page elb objects for a given account and region.

lemur.plugins.lemur_aws.elb.get_elbs_v2(**kwargs)

Fetches one page of elb objects for a given account and region.

Parameters:	kwargs –
Returns:

lemur.plugins.lemur_aws.elb.get_listener_arn_from_endpoint(endpoint_name, endpoint_port, **kwargs): Get a listener ARN from an endpoint. :param endpoint_name: :param endpoint_port: :return:

lemur.plugins.lemur_aws.elb.is_valid(listener_tuple)

There are a few rules that aws has when creating listeners, this function ensures those rules are met before we try and create or update a listener.

While these could be caught with boto exception handling, I would rather be nice and catch these early before we sent them out to aws. It also gives us an opportunity to create nice user warnings.

This validity check should also be checked in the frontend but must also be enforced by server.

Parameters:	listener_tuple –

lemur.plugins.lemur_aws.elb.retry_throttled(exception): Determines if this exception is due to throttling :param exception: :return:

`iam` Module¶

lemur.plugins.lemur_aws.iam.create_arn_from_cert(account_number, region, certificate_name): Create an ARN from a certificate. :param account_number: :param region: :param certificate_name: :return:

lemur.plugins.lemur_aws.iam.delete_cert(cert_name, **kwargs)

Delete a certificate from AWS

Parameters:	cert_name –
Returns:

lemur.plugins.lemur_aws.iam.get_all_certificates(**kwargs): Use STS to fetch all of the SSL certificates from a given account

lemur.plugins.lemur_aws.iam.get_certificate(name, **kwargs)

Retrieves an SSL certificate.

Returns:

lemur.plugins.lemur_aws.iam.get_certificates(**kwargs): Fetches one page of certificate objects for a given account. :param kwargs: :return:

lemur.plugins.lemur_aws.iam.get_name_from_arn(arn)

Extract the certificate name from an arn.

Parameters:	arn – IAM SSL arn
Returns:	name of the certificate as uploaded to AWS

lemur.plugins.lemur_aws.iam.retry_throttled(exception): Determines if this exception is due to throttling :param exception: :return:

lemur.plugins.lemur_aws.iam.upload_cert(name, body, private_key, path, cert_chain=None, **kwargs)

Upload a certificate to AWS

Parameters:	name – body – private_key – cert_chain – path –
Returns:

`plugin` Module¶

class lemur.plugins.lemur_aws.plugin.AWSDestinationPlugin

Bases: lemur.plugins.bases.destination.DestinationPlugin

author = 'Kevin Glisson'

author_url = 'https://github.com/netflix/lemur'

deploy(elb_name, account, region, certificate)

description = 'Allow the uploading of certificates to AWS IAM'

options = [{'validation': '/^[0-9]{12,12}$/', 'required': True, 'type': 'str', 'name': 'accountNumber', 'helpMessage': 'Must be a valid AWS account number!'}, {'helpMessage': 'Path to upload certificate.', 'default': '/', 'type': 'str', 'name': 'path'}]

slug = 'aws-destination'

title = 'AWS'

upload(name, body, private_key, cert_chain, options, **kwargs)

version = 'unknown'

class lemur.plugins.lemur_aws.plugin.AWSSourcePlugin

Bases: lemur.plugins.bases.source.SourcePlugin

author = 'Kevin Glisson'

author_url = 'https://github.com/netflix/lemur'

clean(certificate, options, **kwargs)

description = 'Discovers all SSL certificates and ELB endpoints in an AWS account'

get_certificates(options, **kwargs)

get_endpoints(options, **kwargs)

options = [{'validation': '/^[0-9]{12,12}$/', 'required': True, 'type': 'str', 'name': 'accountNumber', 'helpMessage': 'Must be a valid AWS account number!'}, {'helpMessage': 'Comma separated list of regions to search in, if no region is specified we look in all regions.', 'type': 'str', 'name': 'regions'}]

slug = 'aws-source'

title = 'AWS'

update_endpoint(endpoint, certificate)

version = 'unknown'

class lemur.plugins.lemur_aws.plugin.S3DestinationPlugin(*args, **kwargs)

Bases: lemur.plugins.bases.destination.ExportDestinationPlugin

additional_options = [{'validation': '/^$|\\s+/', 'required': True, 'type': 'str', 'name': 'bucket', 'helpMessage': 'Must be a valid S3 bucket name!'}, {'validation': '/^[0-9]{12,12}$/', 'required': True, 'type': 'str', 'name': 'accountNumber', 'helpMessage': 'A valid AWS account number with permission to access S3'}, {'helpMessage': 'Region bucket exists', 'default': 'us-east-1', 'name': 'region', 'available': ['us-east-1', 'us-west-2', 'eu-west-1'], 'required': False, 'type': 'str'}, {'helpMessage': 'Enable server side encryption', 'required': False, 'default': True, 'type': 'bool', 'name': 'encrypt'}, {'validation': '/^$|\\s+/', 'required': False, 'type': 'str', 'name': 'prefix', 'helpMessage': 'Must be a valid S3 object prefix!'}]

author = 'Mikhail Khodorovskiy, Harm Weites <harm@weites.com>'

author_url = 'https://github.com/Netflix/lemur'

description = 'Allow the uploading of certificates to Amazon S3'

slug = 'aws-s3'

title = 'AWS-S3'

upload(name, body, private_key, chain, options, **kwargs)

lemur.plugins.lemur_aws.plugin.format_elb_cipher_policy(policy): Attempts to format cipher policy information into a common format. :param policy: :return:

lemur.plugins.lemur_aws.plugin.format_elb_cipher_policy_v2(policy): Attempts to format cipher policy information for elbv2 into a common format. :param policy: :return:

lemur.plugins.lemur_aws.plugin.get_elb_endpoints(account_number, region, elb_dict): Retrieves endpoint information from elb response data. :param account_number: :param region: :param elb_dict: :return:

lemur.plugins.lemur_aws.plugin.get_elb_endpoints_v2(account_number, region, elb_dict): Retrieves endpoint information from elbv2 response data. :param account_number: :param region: :param elb_dict: :return:

lemur.plugins.lemur_aws.plugin.get_region_from_dns(dns)

`sts` Module¶

lemur.plugins.lemur_aws.sts.sts_client(service, service_type='client')

lemur_aws Package¶