forked from aws-samples/data-protection
-
Notifications
You must be signed in to change notification settings - Fork 0
/
check-gendatakey-Step-3.py
52 lines (47 loc) · 2.15 KB
/
check-gendatakey-Step-3.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
"""
#####################################################
# Check for generatedatakey API call for the #
# alias/kms_key_cse_usecase_3 KMS master key #
#####################################################
"""
import subprocess
import sys
import boto3
def main():
"""
##############################################################
# Using CW events to check for GenerateDataKey calls for #
# the KMS master key alias/kms_key_cse_usecase_3 #
##############################################################
"""
try:
gendatakey = False
az = subprocess.check_output(['curl', '-s', 'http://169.254.169.254/latest/meta-data/placement/availability-zone'])
list_az = az.split('-')
region = list_az[0]+ '-' + list_az[1] + '-' + list_az[2][0]
s3_client = boto3.client('s3', region)
response = s3_client.list_buckets()
for bucket in response['Buckets']:
if bucket['Name'].startswith("dp-workshop-bucket-cw-event-usecase-3"):
bucket_name = bucket['Name']
response = s3_client.get_bucket_tagging(
Bucket=bucket_name
)
if response['TagSet'][0]['Value'] == 'usecase-3-cse':
print "GenerateDataKey API Called\n"
print "Eventhough plaintext_u.txt file was encrypted twice only one GenerateDataKey API call was made."
print "This is because the data key was cached"
print "\n Step 3 completed successfully"
gendatakey= True
if gendatakey == False:
print "\n Re-run this python module until you see the print GenerateDataKey API Called"
print "\n The GenerateDataKey API call for the key alias kms_key_cse_usecase_3 that you created in Step 1"
print "\n is being monitored using a CloudWatch event"
print "\n It should take about 30-45 seconds for the print to appear"
except:
print "Unexpected error:", sys.exc_info()[0]
raise
else:
exit(0)
if __name__ == "__main__":
main()