Class: Cucloud::CloudTrailUtils

Inherits:
Object
  • Object
show all
Defined in:
lib/cucloud/cloud_trail_utils.rb

Overview

CloudTrailUtils - Utilities for Cloud Trail

Constant Summary collapse

ITSO_CLOUDTRAIL_ARN_REGEX =

Regex used to determine if a cloudtrail rule belongs to ITSO

%r{arn:aws:cloudtrail:us-east-1:.*:trail\/.*[Ii][Tt][Ss][Oo].*}

Instance Method Summary collapse

Constructor Details

#initialize(ct_client = Aws::CloudTrail::Client.new, cs_utils = Cucloud::ConfigServiceUtils.new) ⇒ CloudTrailUtils

Constructor for CloudTrailUtils class

Parameters:

  • ct_client (Aws::CloudTrail::Client) (defaults to: Aws::CloudTrail::Client.new)

    AWS CloudTrail SDK Client



9
10
11
12
13
14
 
# File 'lib/cucloud/cloud_trail_utils.rb', line 9

def initialize(ct_client = Aws::CloudTrail::Client.new, cs_utils = Cucloud::ConfigServiceUtils.new)
  ## DI for testing purposes
  @ct = ct_client
  @cs_utils = cs_utils
  @region = Cucloud.region
end

Instance Method Details

#cornell_itso_trail?(trail) ⇒ Boolean

Is Cornell ITSO Trail?

Parameters:

  • (Aws::CloudTrail::Types::Trail)

Returns:

  • (Boolean) 


56
57
58
 
# File 'lib/cucloud/cloud_trail_utils.rb', line 56

def cornell_itso_trail?(trail)
  !(trail.trail_arn =~ ITSO_CLOUDTRAIL_ARN_REGEX).nil?
end

#get_cloud_trail_by_name(trail_name) ⇒ Aws::CloudTrail::Types::Trail

Get all cloud trails for this region

Returns:

  • (Aws::CloudTrail::Types::Trail) 


33
34
35
36
 
# File 'lib/cucloud/cloud_trail_utils.rb', line 33

def get_cloud_trail_by_name(trail_name)
  # https://docs.aws.amazon.com/sdkforruby/api/Aws/CloudTrail/Client.html#describe_trails-instance_method
  @ct.describe_trails(trail_name_list: [trail_name], include_shadow_trails: false).trail_list.first
end

#get_cloud_trailsArray<Aws::CloudTrail::Types::Trail>

Get all cloud trails for this region

Returns:

  • (Array<Aws::CloudTrail::Types::Trail>) 


18
19
20
21
 
# File 'lib/cucloud/cloud_trail_utils.rb', line 18

def get_cloud_trails
  # https://docs.aws.amazon.com/sdkforruby/api/Aws/CloudTrail/Client.html#describe_trails-instance_method
  @ct.describe_trails(include_shadow_trails: false).trail_list
end

#get_config_rulesArray<Aws::ConfigService::Types::ConfigRule>

Get all cloud trail config rules for this region

Returns:

  • (Array<Aws::ConfigService::Types::ConfigRule>) 


25
26
27
28
29
 
# File 'lib/cucloud/cloud_trail_utils.rb', line 25

def get_config_rules
  @cs_utils.get_config_rules.select do |rule|
    rule.source.source_identifier == 'CLOUD_TRAIL_ENABLED' && rule.source.owner == 'AWS'
  end
end

#get_trail_status(trail) ⇒ Aws::CloudTrail::Types::GetTrailStatusResponse

Is this trail a global trail

Parameters:

  • (Aws::CloudTrail::Types::Trail)

Returns:

  • (Aws::CloudTrail::Types::GetTrailStatusResponse) 


41
42
43
44
 
# File 'lib/cucloud/cloud_trail_utils.rb', line 41

def get_trail_status(trail)
  # https://docs.aws.amazon.com/sdkforruby/api/Aws/CloudTrail/Client.html#get_trail_status-instance_method
  @ct.get_trail_status(name: trail.name)
end

#global_trail?(trail) ⇒ Boolean

Is this trail a global trail

Parameters:

  • (Aws::CloudTrail::Types::Trail)

Returns:

  • (Boolean) 


49
50
51
 
# File 'lib/cucloud/cloud_trail_utils.rb', line 49

def global_trail?(trail)
  trail.include_global_service_events && trail.is_multi_region_trail
end

#hours_since_last_delivery(trail) ⇒ Integer

Get hours since last delivery

Parameters:

  • (Aws::CloudTrail::Types::Trail)

Returns:

  • (Integer)

    Hours



71
72
73
74
75
76
 
# File 'lib/cucloud/cloud_trail_utils.rb', line 71

def hours_since_last_delivery(trail)
  status = get_trail_status(trail)
  return nil if status.latest_delivery_time.nil?

  ((Time.now - status.latest_delivery_time) / 60 / 60).to_i
end

#trail_logging_active?(trail) ⇒ Boolean

Is this trail logging?

Parameters:

  • (Aws::CloudTrail::Types::Trail)

Returns:

  • (Boolean) 


63
64
65
66
 
# File 'lib/cucloud/cloud_trail_utils.rb', line 63

def trail_logging_active?(trail)
  status = get_trail_status(trail)
  status.is_logging && !status.latest_delivery_time.nil?
end