diff --git a/local-app/python-tools/cross-organization/check_cloudtrail.py b/local-app/python-tools/cross-organization/check_cloudtrail.py index 1eff5810..98f7962b 100644 --- a/local-app/python-tools/cross-organization/check_cloudtrail.py +++ b/local-app/python-tools/cross-organization/check_cloudtrail.py @@ -23,20 +23,25 @@ def get_s3_metrics(session, bucket_name, region): return metrics def get_log_group_details(session, group_arn, region): - """Restored: Fetches CloudWatch Log Group retention and size.""" + """RESTORED: Queries CloudWatch for specific log group metadata.""" if not group_arn: return {} try: - # Extract name from ARN (arn:aws:logs:region:account:log-group:name) - group_name = group_arn.split(':')[-1] + # Extract name from ARN (arn:aws:logs:region:acc:log-group:NAME:*) + # CloudWatch names can contain colons, but usually are the last part + group_name = group_arn.split(':log-group:')[-1].replace(':*', '') + logs = session.client('logs', region_name=region) + # describe_log_groups returns a list; we filter by prefix for efficiency resp = logs.describe_log_groups(logGroupNamePrefix=group_name) + for g in resp.get('logGroups', []): if g['logGroupName'] == group_name: return { "cw_logs_retention_days": g.get('retentionInDays', 'Never Expire'), "cw_logs_size_bytes": g.get('storedBytes', 0) } - except: pass + except Exception: + pass return {} def account_task(account_session, account_id, account_name, region): @@ -82,10 +87,10 @@ def account_task(account_session, account_id, account_name, region): "log_file_validation": str(trail.get('LogFileValidationEnabled', False)), "sns_topic": trail.get('SnsTopicARN', 'N/A'), "kms_key_id": trail.get('KmsKeyId', 'SSE-S3'), - "cw_logs_arn": trail.get('CloudWatchLogsLogGroupArn', 'N/A') # Restored Field + "cw_logs_arn": trail.get('CloudWatchLogsLogGroupArn', 'N/A') } - # Retrieve restored CloudWatch details + # RE-INTEGRATED CLOUDWATCH CHECK if t_data["cw_logs_arn"] != 'N/A': t_data.update(get_log_group_details(account_session, t_data["cw_logs_arn"], reg))