aws-leastprivilege
PMapper
Our great sponsors
aws-leastprivilege | PMapper | |
---|---|---|
5 | 7 | |
109 | 1,323 | |
- | 1.1% | |
3.4 | 0.0 | |
8 months ago | 6 months ago | |
Python | Python | |
MIT License | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
aws-leastprivilege
- “IAM Access Analyzer” for a Cloudformation Stack’s Service Role?
-
Can you build an IAM list of Actions based on running infrastructure and/or cloud formation template?
From a template, this is the closest I've gotten: https://github.com/iann0036/aws-leastprivilege , and also check out iamlive (thanks /u/rowanu!) if you can insert the recorder between the application and the AWS endpoints.
-
IAM Least Privilege for IAM for SAM/CloudFormation?
Check out https://github.com/iann0036/aws-leastprivilege, though note that it doesn't currently support SAM, so you might want to create a change set and grab the transformed template to use.
-
Permissions - is there an easy way?
I've personally attempted to fix this before with https://github.com/iann0036/aws-leastprivilege, which uses mappings with permissions (based on some incremental permissions testing), but also defaults down to examining the permission schemes publicly available in some (but not all) resource types. More info in the README.
- CloudFormation Stack Permissions
PMapper
-
How to conduct security assesment of AWS?
In addition to ScoutSuite, I recommend PMapper. https://github.com/nccgroup/PMapper
-
Anyone tried to create a halfway decent least privilege policy for a CDK deployment?
There are tons of other escape hatches, so it's a pretty big moving target. If you'd like to get a hint about your setup, I'd suggest trying: https://github.com/nccgroup/PMapper
- Do you know a way to visulize access flow between users and resources?
-
Graphviz: Open-source graph visualization software
I maintain an open-source project [1] that uses graphs to model data. I wanted to make my project as accessible as possible, so Graphviz was perfect since it's dead-simple to install and use on all major OS platforms.
[1] https://github.com/nccgroup/PMapper
- Principal Mapper v1.1.0 - AWS IAM Security Analysis
-
Show HN: Principal Mapper v1.1.0 – AWS IAM Security Analysis
Hi HN!
Principal Mapper is a tool + library for analyzing and securing your AWS IAM configuration. It generates a model of your account and/or organization and uses it to give you a better idea of the effective permissions of your IAM Users and Roles. It has privilege escalation detection built-in and is hopefully written in a way that will let you extend it for your use-cases.
This v1.1.0 update covers more types of policies (resource policies, permission boundaries, session policies, SCPs), supports AWS Organizations, enables cross-account checks, and more!
https://github.com/nccgroup/PMapper
Happy to answer any questions you have here!
What are some alternatives?
iamlive - Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy
awesome-aws - A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.