def sync_role_policies()

in cartography/intel/aws/iam.py [0:0]

• 16 lines of code
• 4 McCabe index (conditional complexity)

def sync_role_policies(neo4j_session, boto3_session, current_aws_account_id, aws_update_tag, common_job_parameters):
    logger.debug("Syncing IAM role policies for account '%s'.", current_aws_account_id)
    query = """
    MATCH (role:AWSRole)<-[:AWS_ROLE]-(AWSAccount{id: {AWS_ACCOUNT_ID}})
    WHERE exists(role.name)
    RETURN role.name AS name;
    """
    result = neo4j_session.run(query, AWS_ACCOUNT_ID=current_aws_account_id)
    roles = [r['name'] for r in result]
    roles_policies = {}
    for role_name in roles:
        roles_policies[role_name] = {}
        for policy_name in get_role_policies(boto3_session, role_name)['PolicyNames']:
            roles_policies[role_name][policy_name] = get_role_policy_info(boto3_session, role_name, policy_name)
    load_role_policies(neo4j_session, roles_policies, aws_update_tag)
    run_cleanup_job(
        'aws_import_roles_policy_cleanup.json',
        neo4j_session,
        common_job_parameters
    )