GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Skyscanner → Cfripper

Skyscanner / Cfripper

Licence: apache-2.0
Library and CLI tool for analysing CloudFormation templates and check them for security compliance.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

awsstatic-analysiscloudformationcompliance

Projects that are alternatives of or similar to Cfripper

Checkov
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+1247.92%)
Mutual labels:  aws, cloudformation, static-analysis, compliance
Cfn nag
Linting tool for CloudFormation templates
Stars: ✭ 808 (+204.91%)
Mutual labels:  aws, cloudformation, static-analysis
Tfsec
Security scanner for your Terraform code
Stars: ✭ 3,622 (+1266.79%)
Mutual labels:  aws, static-analysis, compliance
Terraform Security Scan
Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec
Stars: ✭ 64 (-75.85%)
Mutual labels:  aws, static-analysis, compliance
Aws Labs
step by step guide for aws mini labs. Currently maintained on : https://github.com/Cloud-Yeti/aws-labs Youtube playlist for labs:
Stars: ✭ 153 (-42.26%)
Mutual labels:  aws, cloudformation
Stratosphere
Haskell EDSL and type-checker for AWS CloudFormation templates
Stars: ✭ 151 (-43.02%)
Mutual labels:  aws, cloudformation
Aws Sdk Perl
A community AWS SDK for Perl Programmers
Stars: ✭ 153 (-42.26%)
Mutual labels:  aws, cloudformation
Aws Cf Templates
A cloudonaut.io project. Engineered by widdix.
Stars: ✭ 2,399 (+805.28%)
Mutual labels:  aws, cloudformation
Scar
Deploy static websites in seconds - with HTTPS, a global CDN, and custom domains.
Stars: ✭ 1,715 (+547.17%)
Mutual labels:  aws, cloudformation
Autospotting
Saves up to 90% of AWS EC2 costs by automating the use of spot instances on existing AutoScaling groups. Installs in minutes using CloudFormation or Terraform. Convenient to deploy at scale using StackSets. Uses tagging to avoid launch configuration changes. Automated spot termination handling. Reliable fallback to on-demand instances.
Stars: ✭ 2,014 (+660%)
Mutual labels:  aws, cloudformation
Cluster Lifecycle Manager
Cluster Lifecycle Manager (CLM) to provision and update multiple Kubernetes clusters
Stars: ✭ 200 (-24.53%)
Mutual labels:  aws, cloudformation
Cloudformation Cli
The CloudFormation Provider Development Toolkit allows you to author your own resource providers and modules that can be used by CloudFormation.
Stars: ✭ 149 (-43.77%)
Mutual labels:  aws, cloudformation
Serverless Ide Vscode
Serverless IDE: Enhanced support for AWS SAM and CloudFormation in VS Code
Stars: ✭ 145 (-45.28%)
Mutual labels:  aws, cloudformation
Awscloudformation Samples
Sample AWS CloudFormation templates
Stars: ✭ 153 (-42.26%)
Mutual labels:  aws, cloudformation
Serverless Dynamodb Autoscaling
Serverless Plugin for Amazon DynamoDB Auto Scaling configuration.
Stars: ✭ 142 (-46.42%)
Mutual labels:  aws, cloudformation
Docs
Rapid CloudFormation: Modular, production ready, open source.
Stars: ✭ 209 (-21.13%)
Mutual labels:  aws, cloudformation
Aws Toolkit Eclipse
AWS Toolkit for Eclipse – an open-source plugin for developing, deploying, and managing AWS applications.
Stars: ✭ 252 (-4.91%)
Mutual labels:  aws, cloudformation
cfsec
Static analysis for CloudFormation templates to identify common misconfiguration
Stars: ✭ 53 (-80%)
Mutual labels:  cloudformation, static-analysis
Cloudformation
Some CF templates
Stars: ✭ 123 (-53.58%)
Mutual labels:  aws, cloudformation
Kumogata
Kumogata is a tool for AWS CloudFormation. It can define a template in Ruby DSL.
Stars: ✭ 128 (-51.7%)
Mutual labels:  aws, cloudformation
View All Similar Projects ➔

CFRipper

Build Status PyPI version Total alerts Language grade: Python

CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates. You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins.

Docs and more details available in https://cfripper.readthedocs.io/

CLI Usage

Normal execution

$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
Issues found:
 - FullWildcardPrincipalRule: rootRole should not allow wildcards in principals (principal: '*')
 - IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root'
Analysing /tmp/root_bypass.json...
Valid: True

Using the "resolve" flag

$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt --resolve
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
Issues found:
 - FullWildcardPrincipalRule: rootRole should not allow wildcards in principals (principal: '*')
 - IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root'
Analysing /tmp/root_bypass.json...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
Issues found:
 - IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root'
Monitored issues found:
 - PartialWildcardPrincipalRule: rootRole contains an unknown principal: 123456789012
 - PartialWildcardPrincipalRule: rootRole should not allow wildcard in principals or account-wide principals
(principal: 'arn:aws:iam::123456789012:root')

Using json format and output-folder argument

$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format json --resolve --output-folder /tmp
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Result saved in /tmp/root.yaml.cfripper.results.json
Analysing /tmp/root_bypass.json...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Result saved in /tmp/root_bypass.json.cfripper.results.json

Using rules config file

$ cfripper tests/test_templates/config/security_group_firehose_ips.json --rules-config-file cfripper/config/rule_configs/example_rules_config_for_cli.py
Analysing tests/test_templates/config/security_group_firehose_ips.json...
Valid: True

Using rules filters files

$ cfripper tests/test_templates/config/security_group_firehose_ips.json --rules-filters-folder cfripper/config/rule_configs/
example_rules_config_for_cli.py loaded
Analysing tests/test_templates/config/security_group_firehose_ips.json...
Valid: True

Exit Codes

"""
Analyse AWS Cloudformation templates passed by parameter.
Exit codes:
  - 0 = all templates valid and scanned successfully
  - 1 = error / issue in scanning at least one template
  - 2 = at least one template is not valid according to CFRipper (template scanned successfully)
  - 3 = unknown / unhandled exception in scanning the templates
"""
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].