DEVHIDE
Login Or Sign up

Migration Code: Amazon Inspector Classic to Amazon Inspector2

12 Views Asked by At

Currently, I am using Inspector Classic with Python-Boto3 library to scan AMIs within my AWS account. And, this scan is part of my stepfunction pipeline. Now, I need to migrate to Inspector2.

I noticed describe_rules_packages and list_rules_packages has been removed in Inspector2. Moreover, we do not require to create assessment or rule package.

Question: As written on AWS Inspector2 documentation, it automatically does above work. Refer: AWS Document Now, What changes I have to make to run Inspector2. I need to remove assessment creation task. Correct me if wrong.

Snippet:

def handler(event, context):
RULES_NAMES = [x,y,z]
setup = SetupModel.load(event)

# Get role info and assume the role
env_info = WorkerRoles.get_environment_info(setup.ami_env)
aws_session = AwsRoleManager(env_info["role"], env_info["region"])

# Connect to inspector
inspector = aws_session.client("inspector") # `TODO - inspector2`

# Build list of rules to use
rules_arns_to_use = []
rules_packages = inspector.list_rules_packages() # `TODO-Remove. How rules will work for inspector2`
for rules_package in inspector.describe_rules_packages(
    rulesPackageArns=rules_packages["rulesPackageArns"]
)["rulesPackages"]:
    if (
        rules_package["provider"] == "Amazon Web Services, Inc."
        and rules_package["name"] in RULES_NAMES 
    ):
        rules_arns_to_use.append(rules_package["arn"])

logger.info("Creating assessment target")
# Create assessment target
resGroup = inspector.create_resource_group(
    resourceGroupTags=[{"key": setup.tag_name, "value": "true"}]
)
logger.info("resGroup: {}".format(resGroup))
target = inspector.create_assessment_target(
    assessmentTargetName=setup.tag_name, resourceGroupArn=resGroup["resourceGroupArn"]
)
logger.info("target: {}".format(target))
# Create assessment template - What change need to done for inspector2
template = inspector.create_assessment_template(
    assessmentTargetArn=target["assessmentTargetArn"],
    assessmentTemplateName=setup.tag_name,
    durationInSeconds=1800,
    rulesPackageArns=rules_arns_to_use,
)
return {
    "template_arn": template["assessmentTemplateArn"],
    "target_arn": target["assessmentTargetArn"]
}

What will be the equivalent Inspector2 code for this?

amazon-web-services migration boto3 inspector
Original Q&A
0

There are 0 best solutions below

Related Questions in AMAZON-WEB-SERVICES

Related Questions in MIGRATION

Related Questions in BOTO3

Related Questions in INSPECTOR

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.