GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mikhailadvani → aws-security-test

mikhailadvani / aws-security-test

Licence: Apache-2.0 license
No description or website provided.

Programming Languages

python
139335 projects - #7 most used programming language
shell
77523 projects
ruby
36898 projects - #4 most used programming language

Labels

awssecuritynetworkingmonitoringec2ciloggingiamboto3

Projects that are alternatives of or similar to aws-security-test

Awesome Aws
A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
Stars: ✭ 9,895 (+70578.57%)
Mutual labels:  ec2, iam
Aws
A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.
Stars: ✭ 493 (+3421.43%)
Mutual labels:  ec2, iam
Aegea
Amazon Web Services Operator Interface
Stars: ✭ 51 (+264.29%)
Mutual labels:  ec2, iam
Keymaker
Lightweight SSH key management on AWS EC2
Stars: ✭ 221 (+1478.57%)
Mutual labels:  ec2, iam
stork
Retrieve tokens from Vault for your EC2 instances.
Stars: ✭ 12 (-14.29%)
Mutual labels:  ec2, iam
nifi
Deploy a secured, clustered, auto-scaling NiFi service in AWS.
Stars: ✭ 37 (+164.29%)
Mutual labels:  ec2, iam
aws-tag-sched-ops
Retired, please see https://github.com/sqlxpert/lights-off-aws
Stars: ✭ 24 (+71.43%)
Mutual labels:  ec2, iam
go-localstack
Go Wrapper for using localstack
Stars: ✭ 56 (+300%)
Mutual labels:  ec2, iam
otto
Otto is your friendly continuous delivery companion.
Stars: ✭ 80 (+471.43%)
Mutual labels:  ci
cognises-flask
Flask Cognises: AWS Cognito group based authorization with user management
Stars: ✭ 16 (+14.29%)
Mutual labels:  boto3
golangci-lint
Fast linters Runner for Go
Stars: ✭ 11,019 (+78607.14%)
Mutual labels:  ci
saint-build
monitor your jenkins operations, jobs in async and functional elegance
Stars: ✭ 13 (-7.14%)
Mutual labels:  ci
react-firebase-template
Bootstrap a React + Firebase full stack application with every thing you need pre-configured: hosting, database, authentication, CI, Typescript, Material UI, PWA and other goodies.
Stars: ✭ 24 (+71.43%)
Mutual labels:  ci
mod authnz jwt
An authentication module for Apache httpd using JSON Web Tokens
Stars: ✭ 74 (+428.57%)
Mutual labels:  iam
botor
Reticulate wrapper on 'boto3' with convenient helper functions -- aka "boto fo(u)r R"
Stars: ✭ 28 (+100%)
Mutual labels:  boto3
jenkinsapi
A Python API for accessing resources and configuring Hudson & Jenkins continuous-integration servers
Stars: ✭ 790 (+5542.86%)
Mutual labels:  ci
plugins
Codefresh plugins repository
Stars: ✭ 16 (+14.29%)
Mutual labels:  ci
steps-ios-auto-provision-appstoreconnect
No description or website provided.
Stars: ✭ 15 (+7.14%)
Mutual labels:  ci
depsbot
⚙️ GitHub action to check freshness of your deno dependencies
Stars: ✭ 28 (+100%)
Mutual labels:  ci
ForgeModdingSkeleton
Skeletons for building Forge mods
Stars: ✭ 21 (+50%)
Mutual labels:  ci
View All Similar Projects ➔

Runtime

Requirements

  • Python: 2.7.12
  • Boto3: 1.4.1

Configuring Tests

Credentials

Credentials need to be setup as described in Boto3 Documentation. Access needed by the users' API keys configured:

  • AmazonEC2ReadOnlyAccess
  • IAMReadOnlyAccess
  • AWSCloudTrailReadOnlyAccess
  • AmazonS3ReadOnlyAccess
  • CloudWatchLogsReadOnlyAccess
  • CloudWatchReadOnlyAccess
  • AmazonSNSReadOnlyAccess
  • KMSReadOnlyPolicy - There is no pre-defined AWS Policy with the necessary privileges. The custom policy can defined as mentioned in the documentation
Tests to run

Setup a config file similar to default.yml to execute desired tests. Value for each test should be True or False.

Execution Steps

Run as script

python aws_security_test.py -c config/default.yml - Will use the credentials from the environment variables if found or will fall back to the default profile in ~/.aws/config

python aws_security_test.py -c config/default.yml -p profile_name - Will use the credentials from the corresponding profile defined in ~/.aws/config

Artifacts

Certain artifacts will be created at the end of every execution for additional verification. The will be in the artifacts directory

root_login.txt : Will be useful in monitoring root account access in case CloudWatch is not used.

sns_subscribers.csv : Lists subscribers for each SNS topic. Can be used to ensure notifications are being sent to the right audience.

internet_open_security_groups.csv : Lists security groups with access open to the Internet. This list might contain rules where access open from the Internet is desired, but can also be used to check for misconfigurations.

License

Apache License 2.0

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].