GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tenchi-security → camp

tenchi-security / camp

Licence: Apache-2.0 License
CloudSplaining on AWS Managed Policies

Programming Languages

Jupyter Notebook
11667 projects

Labels

awssecurityiammanaged-policies

Projects that are alternatives of or similar to camp

ec2-tags-env
☁️ Import AWS EC2 tags as environment variables
Stars: ✭ 59 (+96.67%)
Mutual labels:  iam
bakery
(Not maintained anymore) Bakery - Centralised AWS identity and access management solution for multiple accounts
Stars: ✭ 50 (+66.67%)
Mutual labels:  iam
aws-iam-slack-notifer
Notifies slack when an IAM policy is created, changed or assigned to a role
Stars: ✭ 35 (+16.67%)
Mutual labels:  iam
aws-leastprivilege
Generates an IAM policy for the CloudFormation service role that adheres to least privilege.
Stars: ✭ 85 (+183.33%)
Mutual labels:  iam
chef-handler-sns
Chef report handler to send Amazon SNS notifications on failures or changes.
Stars: ✭ 12 (-60%)
Mutual labels:  iam
iamzero
Identity & Access Management simplified and secure.
Stars: ✭ 192 (+540%)
Mutual labels:  iam
iam-role-injector
Assumes an IAM role via awscli STS call, injecting temporary credentials into shell environment
Stars: ✭ 27 (-10%)
Mutual labels:  iam
ory-reference-compose
Reference ORY Docker Compose setup
Stars: ✭ 33 (+10%)
Mutual labels:  iam
terraform-aws-iam-user
A Terraform module to create and manage Identity and Access Management (IAM) Users on Amazon Web Services (AWS). https://aws.amazon.com/iam
Stars: ✭ 17 (-43.33%)
Mutual labels:  iam
kubernetes-vault-example
Placeholder for training material related to TA usage of Vault for securing Kubernetes apps.
Stars: ✭ 16 (-46.67%)
Mutual labels:  iam
aa-policy-validator
Validate all your Customer IAM Policies against AWS Access Analyzer - Policy Validation
Stars: ✭ 42 (+40%)
Mutual labels:  iam
iam
企业级的 Go 语言实战项目:认证和授权系统
Stars: ✭ 1,900 (+6233.33%)
Mutual labels:  iam
pyark
CyberArk Enterprise Password Vault API CLI tool
Stars: ✭ 25 (-16.67%)
Mutual labels:  iam
Transformer-ocr
Handwritten text recognition using transformers.
Stars: ✭ 92 (+206.67%)
Mutual labels:  iam
iam-ddd-cqrs-es-nestjs
Identity and Access Management
Stars: ✭ 34 (+13.33%)
Mutual labels:  iam
riam
AWS IAM inspired policy engine in Rust
Stars: ✭ 19 (-36.67%)
Mutual labels:  iam
access-controller
A highly scalable open-source implementation of an access-control engine inspired by Google Zanzibar-"Google’s Consistent, Global Authorization System"
Stars: ✭ 61 (+103.33%)
Mutual labels:  iam
stsauth
A CLI tool that allows easy generation of AWS credentials using STS, ADFS, and Active Directory.
Stars: ✭ 18 (-40%)
Mutual labels:  iam
xcloud-dopaas
One stop solution of PaaS platform based on DevSecOps --- Based on SpringCloud/Docker/k8s/ServiceMesh(Istio), primary integrated modules: CMDB, Unified Continuous delivery of CI/CD (distributed compilation and deployment), IAM Certification Center, Unified monitoring center, Unified configuration center, Unified Distributed task scheduling cente…
Stars: ✭ 76 (+153.33%)
Mutual labels:  iam
aws-runas
Run commands or shell under an AWS IAM role
Stars: ✭ 28 (-6.67%)
Mutual labels:  iam
View All Similar Projects ➔

CloudSplaining on AWS Managed Policies (camp)

This is a tool that automatically downloads and keeps a local copy of all AWS IAM Managed Policies, and also runs Cloudsplaining on each.

The code is written in Python 3. It was built to be executed regularly, and just download and analyze new policies and versions that are not in the local directory yet. The execution of Cloudsplaining is parallelized over downloaded policies.

Installation

    $ make install

Usage

This will run camp telling it to populate policies and Cloudsplaining output at ./policies:

    $ make run

Data

This repo uses GitHub actions to download and analyse any new policies and versions every 2 hours.

The directory structure is as follows:

Each policy gets a directory called ./policies/{policy name}. Inside it there is a file called metadata.json with a structure similar to this:

{
    "PolicyName": "AdministratorAccess",
    "PolicyId": "ANPAIWMBCKSKIEE64ZLYK",
    "Arn": "arn:aws:iam::aws:policy/AdministratorAccess",
    "Path": "/",
    "DefaultVersionId": "v1",
    "AttachmentCount": 5,
    "PermissionsBoundaryUsageCount": 0,
    "IsAttachable": true,
    "CreateDate": "2015-02-06T18:39:46+00:00",
    "UpdateDate": "2015-02-06T18:39:46+00:00"
}

Additionally, each policy version gets a directory called ./policies/{policy name}/{policy version} with three files:

  • policy.json which contains the actual IAM policy content.
  • metadata.json with a structure similar to this:
{
    "VersionId": "v1",
    "IsDefaultVersion": true,
    "CreateDate": "2015-02-06T18:39:46+00:00",
    "PolicyName": "AdministratorAccess"
}
  • cloudsplaining.json with the output of Cloudsplaining processing.

On the root folder a CSV file called versions_summary.csv will also be created with a summary of findings, listing one policy version per row.

Contributors

  • Alexandre Sieira
  • Victor Grenu

We want help! Two contributions that would be very much appreciated:

  • Generating and keeping the HTML output of Cloudsplaining on the folders;
  • Creation of a single page web application to interactively explore and visualize the summary and also the policy content.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].