trailscraper
cloudtracker
trailscraper | cloudtracker | |
---|---|---|
6 | 3 | |
761 | 863 | |
- | 0.0% | |
8.8 | 0.0 | |
3 days ago | over 2 years ago | |
Python | Python | |
Apache License 2.0 | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
trailscraper
- TrailScraper
-
How to get the exact IAM services/roles needed to run a command
I like using https://github.com/flosell/trailscraper for this
- flosell/trailscraper - a command-line tool to get valuable information out of AWS CloudTrail
- TrailScraper: A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies
- Trailscraper can scrape your Cloudtrail logs and generate IAM Policies from the resources and verbs used by your users or roles
-
Is there a tool that tells you which IAM actions to allow if you give it an API operation?
I’ve used this project in the past to pull out policy information https://github.com/flosell/trailscraper (it’s a CLI, FYI)
cloudtracker
-
WANTED: People wishing to clean up their IAM environment - Try Our Tool for Free
How does it differ from AWS access advisor, Cloudtracker or Repokid? Can you export the results? Is it a SaaS or can it be run locally?
- duo-labs/cloudtracker - CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
-
Is there a tool that tells you which IAM actions to allow if you give it an API operation?
There are a few tools around that do this. There is another to show you what permissions a role or user has used in the last x time period. https://github.com/duo-labs/cloudtracker
What are some alternatives?
aws-secure-environment-accelerator - The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
parliament - AWS IAM linting library
actionhero
aws-leastprivilege - Generates an IAM policy for the CloudFormation service role that adheres to least privilege.
repokid - AWS Least Privilege for Distributed, High-Velocity Deployment
cloudsplaining - Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
aws-cloudformation-templates - A collection of useful CloudFormation templates
iamlive - Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy
aws-allowlister - Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.
my-arsenal-of-aws-security-tools - List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.