-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathday8.py
120 lines (101 loc) · 3.5 KB
/
day8.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
import boto3
import uuid
rt53r = boto3.client('route53resolver')
def create_dnsfw_for_vpc():
'''
This function creates and attaches a DNSFW with a managed domain list to all VPCs in your current Region
'''
# Create request id
creatorRequestId = str(uuid.uuid4())
# Call helper functions
vpcs = find_vpcs()
domainListId = find_default_malware_domain_list()
firewallRuleGroupId = create_firewall_rule_group()
# Create the DNSFW Rule
create_firewall_rule(domainListId, firewallRuleGroupId)
# Associate the Firewall Group with all VPCs
for vpc in vpcs:
try:
rt53r.associate_firewall_rule_group(
CreatorRequestId=creatorRequestId,
FirewallRuleGroupId=firewallRuleGroupId,
VpcId=vpc,
Priority=101,
Name=f'{vpc}100DaysOfCloudMalwareAlerts',
)
print(f'Associated VPC {vpc} with DNSFW {firewallRuleGroupId}!')
except Exception as e:
raise e
def find_vpcs():
'''
Loops VPCs in your current region and returns a list of them
'''
ec2 = boto3.client('ec2')
vpcs = []
try:
for vpc in ec2.describe_vpcs()['Vpcs']:
vpcId = vpc['VpcId']
if vpc['State'] != 'available':
continue
else:
if vpcId not in vpcs:
vpcs.append(vpcId)
except Exception as e:
raise e
print('Gathered all VPCs in Region.')
return vpcs
def find_default_malware_domain_list():
'''
Attempts to find the ID of the Route53 Resolver DNS Firewall Domain List associated with malware domains
'''
try:
for fdl in rt53r.list_firewall_domain_lists()['FirewallDomainLists']:
if fdl['Name'] == 'AWSManagedDomainsMalwareDomainList':
domainListId = fdl['Id']
break
else:
continue
except Exception as e:
raise e
print('Found the Domain List ID for the "AWSManagedDomainsMalwareDomainList" managed list.')
return domainListId
def create_firewall_rule_group():
'''
Creates and returns the ID of a finalized Route53 Resolver DNS Firewall Rule Group to be associated with VPCs
'''
# Create request id
creatorRequestId = str(uuid.uuid4())
try:
firewallRuleGroupId = rt53r.create_firewall_rule_group(
CreatorRequestId=creatorRequestId,
Name='100DaysOfCloudMalwareRules',
Tags=[
{
'Key': 'Name',
'Value': '100DaysOfCloudMalwareRules'
}
]
)['FirewallRuleGroup']['Id']
except Exception as e:
raise e
print('Created a new Route53 Resolver DNS Firewall Rule Group.')
return firewallRuleGroupId
def create_firewall_rule(domain_list_id, firewall_group_id):
'''
Creates a Route53 Resolver DNS Firewall Rule that contains the managed Domain List for malware domains
'''
# Create request id
creatorRequestId = str(uuid.uuid4())
try:
rt53r.create_firewall_rule(
CreatorRequestId=creatorRequestId,
FirewallRuleGroupId=firewall_group_id,
FirewallDomainListId=domain_list_id,
Priority=101,
Action='ALERT',
Name='100DaysOfCloudMalwareAlerts'
)
except Exception as e:
raise e
print(f'Created ALERT rule for Route53 Resolver DNS Firewall Rule Group {firewall_group_id}')
create_dnsfw_for_vpc()