From 4439a5f18459f502d5843c9de598f98fde4a6c1f Mon Sep 17 00:00:00 2001 From: AlexClineBB Date: Wed, 31 May 2017 15:05:04 -0400 Subject: [PATCH] Add a configuration option to configure max-items for large resources This change adds a -m option which configures the --max-items API parameter for large AWS resources. Currently, SNS topic subscriptions are limited to the default of 100 items. SNS topics can easily surpass 100,000 subscriptions which is too many to show by default. Since check 3.15 is confirming that subscribers exist - not what they actually are - it's a waste to display all 100,000 entries. --- prowler | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/prowler b/prowler index ef949a0a..35a4fd23 100755 --- a/prowler +++ b/prowler @@ -49,6 +49,7 @@ WHITE="" PROFILE="default" REGION="us-east-1" FILTERREGION="" +MAXITEMS=100 # Command usage menu usage(){ @@ -59,12 +60,13 @@ usage(){ -r specify an AWS region to direct API requests to (i.e.: us-east-1) -c specify a check number or group from the AWS CIS benchmark (i.e.: check11 for check 1.1 or check3 for entire section 3) -f specify an AWS region to run checks against (i.e.: us-west-1) + -m specify the maximum number of items to return for long-running requests (default: 100) -h this help " exit } -while getopts "hp:r:c:f:" OPTION; do +while getopts "hp:r:c:f:m:" OPTION; do case $OPTION in h ) usage @@ -82,6 +84,9 @@ while getopts "hp:r:c:f:" OPTION; do f ) FILTERREGION=$OPTARG ;; + m ) + MAXITEMS=$OPTARG + ;; : ) echo -e "\n$RED ERROR!$NORMAL -$OPTARG requires an argument\n" exit 1 @@ -1004,7 +1009,7 @@ check315(){ TOPICS_LIST=$($AWSCLI sns list-topics --profile $PROFILE --region $regx --output text --query 'Topics[*].TopicArn') if [[ $TOPICS_LIST ]];then for topic in $TOPICS_LIST; do - CHECK_TOPIC_LIST=$($AWSCLI sns list-subscriptions-by-topic --topic-arn $topic --profile $PROFILE --region $regx --query 'Subscriptions[*].{Endpoint:Endpoint,Protocol:Protocol}' --output text) + CHECK_TOPIC_LIST=$($AWSCLI sns list-subscriptions-by-topic --topic-arn $topic --profile $PROFILE --region $regx --query 'Subscriptions[*].{Endpoint:Endpoint,Protocol:Protocol}' --output text --max-items $MAXITEMS | grep -v "None") if [[ $CHECK_TOPIC_LIST ]]; then TOPIC_SHORT=$(echo $topic | awk -F: '{ print $7 }') echo -e " $NOTICE Region $regx with Topic $TOPIC_SHORT: $NORMAL "