我有一个使用自定义库(nwmaws)的脚本,该库循环遍历我拥有的所有AWS帐户,并构建一个动态ARN,我用它来假设一个管理员在所有帐户中打印所有EC2实例ID的角色。但是,由于某种原因,我for loop只迭代一个帐户(我拥有至少20个帐户左右)。以下是我的代码和输出:
CODE:
import boto3
import nwmaws
accounts = nwmaws.Accounts().list()
def get_sts_token(**kwargs):
role_arn = kwargs['RoleArn']
region_name = kwargs['RegionName']
sts = boto3.client(
'sts',
region_name=region_name,
)
token = sts.assume_role(
RoleArn=role_arn,
RoleSessionName='GetInstances',
DurationSeconds=900,
)
return token["Credentials"]
def create_role_arn():
for i in accounts:
account_list = i.account_id
role_arn = "arn:aws:iam::{}:role/ADFS-
GlobalAdmins".format(account_list)
tokens = get_sts_token(RoleArn=role_arn, RegionName="us-east-1")
print(role_arn)
access_key = tokens['AccessKeyId']
secret_key = tokens['SecretAccessKey']
session_token = tokens['SessionToken']
s = boto3.session.Session(aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
aws_session_token=session_token
)
return s.resource('ec2')
def get_all_instances():
ec2 = create_role_arn()
instances = ec2.instances.filter(
Filters=[{'Name': 'instance-state-name', 'Values': ['running']}])
for instance in instances:
print(instance.id)
get_all_instances()
OUTPUT:
arn:aws:iam::XXXXXXXXXXXX:role/ADFS-GlobalAdmins
i-xxxxxxxx
i-xxxxxxxx
i-xxxxxxxx
i-xxxxxxxx
i-xxxxxxxx
i-xxxxxxxx
i-xxxxxxxx
etc etc
如您所见,它只创建一个ARN,在该帐户中打印实例,然后退出。