Skip to content

Commit

Permalink
fix again?
Browse files Browse the repository at this point in the history
  • Loading branch information
badra001 committed Jan 2, 2026
1 parent 52e0177 commit cdab2e2
Showing 1 changed file with 11 additions and 6 deletions.
17 changes: 11 additions & 6 deletions local-app/python-tools/cross-organization/check_cloudtrail.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,20 +23,25 @@ def get_s3_metrics(session, bucket_name, region):
return metrics

def get_log_group_details(session, group_arn, region):
"""Restored: Fetches CloudWatch Log Group retention and size."""
"""RESTORED: Queries CloudWatch for specific log group metadata."""
if not group_arn: return {}
try:
# Extract name from ARN (arn:aws:logs:region:account:log-group:name)
group_name = group_arn.split(':')[-1]
# Extract name from ARN (arn:aws:logs:region:acc:log-group:NAME:*)
# CloudWatch names can contain colons, but usually are the last part
group_name = group_arn.split(':log-group:')[-1].replace(':*', '')

logs = session.client('logs', region_name=region)
# describe_log_groups returns a list; we filter by prefix for efficiency
resp = logs.describe_log_groups(logGroupNamePrefix=group_name)

for g in resp.get('logGroups', []):
if g['logGroupName'] == group_name:
return {
"cw_logs_retention_days": g.get('retentionInDays', 'Never Expire'),
"cw_logs_size_bytes": g.get('storedBytes', 0)
}
except: pass
except Exception:
pass
return {}

def account_task(account_session, account_id, account_name, region):
Expand Down Expand Up @@ -82,10 +87,10 @@ def account_task(account_session, account_id, account_name, region):
"log_file_validation": str(trail.get('LogFileValidationEnabled', False)),
"sns_topic": trail.get('SnsTopicARN', 'N/A'),
"kms_key_id": trail.get('KmsKeyId', 'SSE-S3'),
"cw_logs_arn": trail.get('CloudWatchLogsLogGroupArn', 'N/A') # Restored Field
"cw_logs_arn": trail.get('CloudWatchLogsLogGroupArn', 'N/A')
}

# Retrieve restored CloudWatch details
# RE-INTEGRATED CLOUDWATCH CHECK
if t_data["cw_logs_arn"] != 'N/A':
t_data.update(get_log_group_details(account_session, t_data["cw_logs_arn"], reg))

Expand Down

0 comments on commit cdab2e2

Please sign in to comment.