aws-secure-environment-accelerator
trailscraper
| aws-secure-environment-accelerator | trailscraper | |
|---|---|---|
| 4 | 6 | |
| 711 | 762 | |
| 0.8% | - | |
| 7.2 | 8.9 | |
| 19 days ago | 9 days ago | |
| HTML | Python | |
| Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
aws-secure-environment-accelerator
-
An AWS account just for getting into other AWS accounts
https://github.com/aws-samples/aws-secure-environment-accele...
I've used the ASEA to get a number of organizations setup. I prefer it to Control Tower (it can be installed on top of CT). The ASEA is open source and written in AWS cdk so it can be forked and modified if needed.
- Managing AWS in a Large Organization: Looking for best practices and experience.
-
Multi-account with AWS Organization + VPN server access to multiple VPC/regions: best practices?
Hey ! If you plan to create a new Landing zone, take a look at Control Tower, or this Env Accelerator you can also do it with Terraform.
-
AWS Control Tower Advice
We are more interested in https://github.com/aws-samples/aws-secure-environment-accelerator which seems to be a way better successor to the original landing zone solution. Nearly all CDK and highly customisable. Just need a fresh new environment to deploy it into and test! By the looks of their commit history it seems they also thought of it as a better control tower before being told to change the wording.
trailscraper
- TrailScraper
-
How to get the exact IAM services/roles needed to run a command
I like using https://github.com/flosell/trailscraper for this
- flosell/trailscraper - a command-line tool to get valuable information out of AWS CloudTrail
- TrailScraper: A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies
- Trailscraper can scrape your Cloudtrail logs and generate IAM Policies from the resources and verbs used by your users or roles
-
Is there a tool that tells you which IAM actions to allow if you give it an API operation?
I’ve used this project in the past to pull out policy information https://github.com/flosell/trailscraper (it’s a CLI, FYI)
What are some alternatives?
cfn_nag - Linting tool for CloudFormation templates
cloudtracker - CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
parliament - AWS IAM linting library
panther - [DEPRECATED] Detect threats with log data and improve cloud security posture
aws-leastprivilege - Generates an IAM policy for the CloudFormation service role that adheres to least privilege.
CapRover - Scalable PaaS (automated Docker+nginx) - aka Heroku on Steroids
cloudsplaining - Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
Completion-n-Queens-Problem - A linear algorithm is described for solving the n-Queens Completion problem for an arbitrary composition of k queens, consistently distributed on a chessboard of size n x n. Two important rules are used in the algorithm: a) the rule of sequential risk elimination for the entire system as a whole; b) the rule of formation of minimal damage in the given selection conditions. For any composition of k queens (1<= k<n), a solution is provided, or a decision is made that this composition can't be completed. The probability of an error in making such a decision does not exceed 0.0001, and its value decreases, with increasing n. It is established that the average time, required for the queen to be placed on one row, decreases with increasing value of n. A description is given of two random selection models and the results of their comparative analysis. A model for organizing the Back Tracking procedure is proposed based on the separation of the solution matrix into two basic levels. Regression
aws-cloudformation-templates - A collection of useful CloudFormation templates
glauth - A lightweight LDAP server for development, home use, or CI
iamlive - Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy