From 17d11478558e978f4020ff22b20eaa2469c4c2de Mon Sep 17 00:00:00 2001 From: Juwon Date: Mon, 12 Aug 2024 11:17:57 +0900 Subject: [PATCH] Add feature : SNS bp check --- services/sns.py | 36 ++++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/services/sns.py b/services/sns.py index b8addee..5bde7f4 100644 --- a/services/sns.py +++ b/services/sns.py @@ -1,17 +1,45 @@ -from models import RuleCheckResult import boto3 -# client = boto3.client("") +client = boto3.client("sns") def sns_encrypted_kms(): + compliant_resources = [] + non_compliant_resources = [] + topics = client.list_topics()["Topics"] + + for topic in topics: + topic = client.get_topic_attributes(TopicArn=topic["TopicArn"])["Attributes"] + if "KmsMasterKeyId" in topic: + compliant_resources.append(topic["TopicArn"]) + else: + non_compliant_resources.append(topic["TopicArn"]) + return RuleCheckResult( - passed=False, compliant_resources=[], non_compliant_resources=[] + passed=not non_compliant_resources, + compliant_resources=compliant_resources, + non_compliant_resources=non_compliant_resources, ) def sns_topic_message_delivery_notification_enabled(): + compliant_resources = [] + non_compliant_resources = [] + topics = client.list_topics()["Topics"] + + for topic in topics: + topic = client.get_topic_attributes(TopicArn=topic["TopicArn"])["Attributes"] + + for key in topic.keys(): + if key.endswith("FeedbackRoleArn") == True: + compliant_resources.append(topic["TopicArn"]) + break + else: + non_compliant_resources.append(topic["TopicArn"]) + return RuleCheckResult( - passed=False, compliant_resources=[], non_compliant_resources=[] + passed=not non_compliant_resources, + compliant_resources=compliant_resources, + non_compliant_resources=non_compliant_resources, )