AWS Boto3和Classic ELB

时间:2017-07-10 02:08:16

标签: boto boto3 elastic-load-balancer botocore

我试图在经典的负载均衡器(elb,而不是elbv2)上获取有效的TLS策略,而且我无法识别出错的地方:

import boto3
from botocore.exceptions import ClientError

#Declare Constant
EXPECTED_POLICY = 'ELBSecurityPolicy-TLS-1-1-2017-01'
IAMID = '518031149234'

def set_session(awsprofile, awsregion):
    try:
        session = boto3.Session(profile_name=awsprofile, region_name=awsregion)
        return session
    except ClientError as e:
        print("Failed to run session setter for profile: {0} %s" % e).format(awsprofile)

def assume_role_into_account(profileId, assumeId, sessionName, assetType, regionName):
    try:
        setSession = set_session(profileId, regionName)
        stsSession = setSession.client('sts')
        response = stsSession.assume_role(RoleArn=("arn:aws:iam::{0}:role/security").format(assumeId),RoleSessionName=sessionName)
        credentials = response['Credentials']
        session = setSession.client(assetType, aws_access_key_id=credentials['AccessKeyId'],aws_secret_access_key=credentials['SecretAccessKey'],aws_session_token=credentials['SessionToken'])
        return session
    except ClientError as e:
        print("AssumeRole exception for profile: {0} %s" % e).format(profileId)

def main():

    try:
        srev2 = assume_role_into_account('sre', IAMID,'Security-Audit-AssumeRole-Session2', 'elb', 'us-east-1')
        print("AssumeRole into Account: {0} for Region: {1} .").format(IAMID, 'us-east-1')

    elbs = srev2.describe_load_balancers()

    for elb in elbs:
        policy = session.describe_load_balancer_policies(LoadBalancerName=elb)

    except ClientError as e:
        print("AssumeRole: Cannot assumerole for id: {0}." % e).format(IAMID)

if __name__ == '__main__':
    main()

因此,当我在调用describe_load_balancer_policies()时返回策略时,无法区分选择了哪个策略。

任何帮助?

TIA!

2 个答案:

答案 0 :(得分:0)

如果您不粘贴相关的错误消息,很难提供帮助。

从快速查看,我猜您在session中定义了无法在assume_role_into_account

中访问的本地变量main()

如果这是问题,您可以将其更改为

def assume_role_into_account(profileId, assumeId, sessionName, assetType, regionName):
  global session
  ....

参考:

Python - Global, Local and nonlocal Variables

答案 1 :(得分:0)

好的,经过与亚马逊的API和ELB团队人员的长时间讨论......这就是我们想出的,请注意这只适用于经典的ELB&#39。这确实会返回您在AWS Web Console中看到的ELB策略。

我花了很多时间在这上面,我希望它能让其他人也受益,而这些人也在考虑这个时间 - 近乎无效的努力:

elbs = client.describe_load_balancers()

for elb in elbs:
    #Get Named Policy to pass to get the active policy. -1 denotes the last in the list.
    policy_name = jmespath.search('ListenerDescriptions[].PolicyNames[] | [-1]', elb)

    policy_description = client.describe_load_balancer_policies(LoadBalancerName=elb, PolicyNames=[policyname])
    console_policy = jmespath.search('PolicyDescriptions[?PolicyName==`{0}`] | [0].PolicyAttributeDescriptions[0].AttributeValue'.format(policyname), policy_description)

    return console_policy
相关问题
最新问题