in cartography/intel/aws/__init__.py [0:0]
def start_aws_ingestion(session, config):
common_job_parameters = {
"UPDATE_TAG": config.update_tag,
}
try:
default_boto3_session = boto3.Session()
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e:
logger.debug("Error occurred calling boto3.Session().", exc_info=True)
logger.error(
(
"Unable to initialize the default AWS session, an error occurred: %s. Make sure your AWS credentials "
"are configured correctly, your AWS config file is valid, and your credentials have the SecurityAudit "
"policy attached."
),
e
)
return
if config.aws_sync_all_profiles:
aws_accounts = organizations.get_aws_accounts_from_botocore_config(default_boto3_session)
else:
aws_accounts = organizations.get_aws_account_default(default_boto3_session)
if not aws_accounts:
logger.warning(
"No valid AWS credentials could be found. No AWS accounts can be synced. Exiting AWS sync stage."
)
return
if len(list(aws_accounts.values())) != len(set(aws_accounts.values())):
logger.warning(
(
"There are duplicate AWS accounts in your AWS configuration. It is strongly recommended that you run "
"cartography with an AWS configuration which has exactly one profile for each AWS account you want to "
"sync. Doing otherwise will result in undefined and untested behavior."
)
)
try:
regions = ec2.get_ec2_regions(default_boto3_session)
except botocore.exceptions.ClientError as e:
logger.debug("Error occurred getting EC2 regions.", exc_info=True)
logger.error(
(
"Failed to retrieve AWS region list, an error occurred: %s. The AWS sync cannot run without a valid "
"region list."
),
e
)
return
_sync_multiple_accounts(session, aws_accounts, regions, config.update_tag, common_job_parameters)
run_analysis_job(
'aws_ec2_asset_exposure.json',
session,
common_job_parameters
)