trailscraper
aws-leastprivilege
| trailscraper | aws-leastprivilege | |
|---|---|---|
| 6 | 5 | |
| 762 | 109 | |
| - | - | |
| 8.9 | 3.4 | |
| 10 days ago | 8 months ago | |
| Python | Python | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
trailscraper
- TrailScraper
-
How to get the exact IAM services/roles needed to run a command
I like using https://github.com/flosell/trailscraper for this
- flosell/trailscraper - a command-line tool to get valuable information out of AWS CloudTrail
- TrailScraper: A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies
- Trailscraper can scrape your Cloudtrail logs and generate IAM Policies from the resources and verbs used by your users or roles
-
Is there a tool that tells you which IAM actions to allow if you give it an API operation?
I’ve used this project in the past to pull out policy information https://github.com/flosell/trailscraper (it’s a CLI, FYI)
aws-leastprivilege
- “IAM Access Analyzer” for a Cloudformation Stack’s Service Role?
-
Can you build an IAM list of Actions based on running infrastructure and/or cloud formation template?
From a template, this is the closest I've gotten: https://github.com/iann0036/aws-leastprivilege , and also check out iamlive (thanks /u/rowanu!) if you can insert the recorder between the application and the AWS endpoints.
-
IAM Least Privilege for IAM for SAM/CloudFormation?
Check out https://github.com/iann0036/aws-leastprivilege, though note that it doesn't currently support SAM, so you might want to create a change set and grab the transformed template to use.
-
Permissions - is there an easy way?
I've personally attempted to fix this before with https://github.com/iann0036/aws-leastprivilege, which uses mappings with permissions (based on some incremental permissions testing), but also defaults down to examining the permission schemes publicly available in some (but not all) resource types. More info in the README.
- CloudFormation Stack Permissions
What are some alternatives?
aws-secure-environment-accelerator - The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
iamlive - Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy
cloudtracker - CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
PMapper - A tool for quickly evaluating IAM permissions in AWS.
parliament - AWS IAM linting library
aws-cloudformation-templates - Cloud Formation Templates for getting you started in AWS with Fortinet.
cloudsplaining - Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
policy_sentry - IAM Least Privilege Policy Generator
aws-cloudformation-templates - A collection of useful CloudFormation templates
cfn-leaprog - cfn-LEAst-Privilege-ROle-Generator: Experimental tool for generating least privileged IAM roles for CloudFormation and Service Catalog Launch Constraints.
awesome-aws - A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.