PMapper
MAMIP
Our great sponsors
| PMapper | MAMIP | |
|---|---|---|
| 7 | 9 | |
| 1,323 | 455 | |
| 1.1% | 0.9% | |
| 0.0 | 9.8 | |
| 6 months ago | 6 days ago | |
| Python | Python | |
| GNU Affero General Public License v3.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PMapper
-
How to conduct security assesment of AWS?
In addition to ScoutSuite, I recommend PMapper. https://github.com/nccgroup/PMapper
-
Anyone tried to create a halfway decent least privilege policy for a CDK deployment?
There are tons of other escape hatches, so it's a pretty big moving target. If you'd like to get a hint about your setup, I'd suggest trying: https://github.com/nccgroup/PMapper
- Do you know a way to visulize access flow between users and resources?
-
Graphviz: Open-source graph visualization software
I maintain an open-source project [1] that uses graphs to model data. I wanted to make my project as accessible as possible, so Graphviz was perfect since it's dead-simple to install and use on all major OS platforms.
[1] https://github.com/nccgroup/PMapper
- Principal Mapper v1.1.0 - AWS IAM Security Analysis
-
Show HN: Principal Mapper v1.1.0 – AWS IAM Security Analysis
Hi HN!
Principal Mapper is a tool + library for analyzing and securing your AWS IAM configuration. It generates a model of your account and/or organization and uses it to give you a better idea of the effective permissions of your IAM Users and Roles. It has privilege escalation detection built-in and is hopefully written in a way that will let you extend it for your use-cases.
This v1.1.0 update covers more types of policies (resource policies, permission boundaries, session policies, SCPs), supports AWS Organizations, enables cross-account checks, and more!
https://github.com/nccgroup/PMapper
Happy to answer any questions you have here!
MAMIP
-
We are members of AWS Premium Support, ask us anything
For anyone else who wants to see the role permissions themselves, look here: https://github.com/z0ph/MAMIP/blob/master/policies/AWSSupportServiceRolePolicy
- LocalStack and AWS Parity Explained
-
AWS Support able to access any S3 object due to permission change
Reverted 22 hours ago: https://github.com/z0ph/MAMIP/commit/b6f696cebc7b9a4f71dd34c...
- AWS quietly adds s3:GetObject support to AWSSupportServiceRolePolicy which is only supposed to have metadata access
-
Monitor AWS Managed IAM Policies
- https://github.com/z0ph/MAMIP/blob/master/DEPRECATED.json
-
What is Amazon Nimble Studio?
Saw it referenced at https://github.com/z0ph/MAMIP/commit/acb0ede and Google is failing me.
-
I've run AWS Access Analyzer Policy Validation on all 837 AWS Managed Policies
That page includes an explanation as to why the finding did not result in a deprecation of a managed policy. All other findings from the report not already surfaced and discussed on our documentation page are associated with deleted or deprecated policies (presumably still available in the MAMIP repo, leading to why your work referenced some managed policies that are no longer applicable).
What are some alternatives?
awesome-aws - A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
data-science-ipython-notebooks - Data science Python notebooks: Deep learning (TensorFlow, Theano, Caffe, Keras), scikit-learn, Kaggle, big data (Spark, Hadoop MapReduce, HDFS), matplotlib, pandas, NumPy, SciPy, Python essentials, AWS, and various command lines.
serverless-localstack - ⚡ Serverless plugin for running against LocalStack
policy_sentry - IAM Least Privilege Policy Generator
aws_breaking_changes - List of changes announced for AWS that may break existing code
aws-leastprivilege - Generates an IAM policy for the CloudFormation service role that adheres to least privilege.
AirIAM - Least privilege AWS IAM Terraformer
d3-dag - Layout algorithms for visualizing directed acyclic graphs
DFB - A mini development environment for developing and troubleshooting the Cypress PSoC Digital Filter Block
introspector - A schema and set of tools for using SQL to query cloud infrastructure.
PSGraph - A set of utilities for working with Graphviz in Powershell