Search code examples
pythonamazon-web-servicesboto3

boto3 Access Analyzer list not all findings

I'm trying to List ALL findings from AWS Access analyzer and save them to csv file. But i always get only 2047 findings but in AWS console I see about 7000. I'm using boto3 version 1.26.123 Below my code:

from boto3.session import Session
from boto3 import __version__ as vv
from csv import writer
 
print(vv)
 
mySession = Session(profile_name='nonprod-security-engine')
 
conn = mySession.client('accessanalyzer')
 
paginator = conn.get_paginator('list_findings')
 
data = []
number = 0
 
for page in paginator.paginate(
        analyzerArn='arn:aws:access-analyzer:ap-southeast-1:XXXXXXXXX:analyzer/access-analyzer',
        PaginationConfig={
            'PageSize': 100
        }
    ):
    for finding in page['findings']:
        ### generate matrix table for each finding
        action=''
        if 'action' in finding:
            action = " ".join(finding['action'])
            test = finding['action']
        principal=''
        if 'principal' in finding:
            principal =  finding['principal']
        isPublic=''
        if 'isPublic' in finding:
            isPublic =  finding['isPublic']
        condition=''
        if 'condition' in finding:
            condition =  finding['condition']
        error=''
        if 'error' in finding:
            error =  finding['error']
        sources=''
        if 'sources' in finding:
            sources =  finding['sources']
        data.append([
            finding['id'],
            principal,
            action,
            finding['resource'],
            isPublic,
            finding['resourceType'],
            condition,
            finding['createdAt'],
            finding['analyzedAt'],
            finding['updatedAt'],
            finding['status'],
            finding['resourceOwnerAccount'],
            error,
            sources
        ])
        number += 1
    print(number)
    print(test)
 
print(f"Total number {number}")
 
## Header for CSV file
header = [
    'id',
    'principal',
    'action',
    'resource',
    'isPublic',
    'resourceType',
    'condition',
    'createdAt',
    'analyzedAt',
    'updatedAt',
    'status',
    'resourceOwnerAccount',
    'error',
    'sources'
    ]
 
### Save CSV Report to findings.csv
with open('findings.csv', 'w', encoding='UTF8', newline='') as f:
    writer = writer(f,delimiter=";")
    writer.writerow(header)
    writer.writerows(data)

I'm tried to use other paginator configurations but every time the same result. I would like to know why in AWS Console I see much more findings that in csv file which i generated.

I have also try to use filter for ACTIVE and RESOLVED, when i use RESOLVED in boto3 i receive 237 findings but in console i see almost 1000.

Is this possible that on console are outdated findings?

Solution

  • Thanks to the assistance of AWS Support, we have identified the cause of the issue related to the AWS Console GUI. It appears that repeatedly clicking on the "next page" button can result in an incorrect number of findings being displayed. However, I want to assure you that AWS is aware of this issue and is actively working on a resolution to fix it.