Aws-imds-packet-analyzer Alternatives

Similar projects and alternatives to aws-imds-packet-analyzer

vcluster

70 5,577 9.7 Go aws-imds-packet-analyzer VS vcluster

vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
hierarchical-namespaces

8 581 6.6 Go aws-imds-packet-analyzer VS hierarchical-namespaces

Home of the Hierarchical Namespace Controller (HNC). Adds hierarchical policies and delegated creation to Kubernetes namespaces for improved in-cluster multitenancy.
InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
cluster-api-provider-nested

6 293 4.7 Go aws-imds-packet-analyzer VS cluster-api-provider-nested

Cluster API Provider for Nested Clusters
cloud_metadata_extractor

1 32 0.0 Python aws-imds-packet-analyzer VS cloud_metadata_extractor

Cloud metadata extraction tools and scripts
cluster-api-provider-nest

1 - - aws-imds-packet-analyzer VS cluster-api-provider-nest
WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better aws-imds-packet-analyzer alternative or higher similarity.

Suggest an alternative to aws-imds-packet-analyzer

aws-imds-packet-analyzer reviews and mentions

Posts with mentions or reviews of aws-imds-packet-analyzer. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-11-27.

Amazon EC2 Enhances Defense in Depth with Default IMDSv2
6 projects | news.ycombinator.com | 27 Nov 2023

I'm the technical lead for IMDS. Without an IMDS, the alternative is usually hard-coding long-lived credentials, which is much worse.
We've looked a few times at different ways that IMDS could vend different credentials to different user-ids. We documented how to use local firewall rules, which you've linked to. This gives single uid restrictions, similar to filterd. We also have a BPF based tracer tool, https://github.com/aws/aws-imds-packet-analyzer which can monitor which user ids and processes are calling IMDS (and which version they are using).
Our next thought was to expose IMDS as a filesystem. That way ordinary POSIX filesystem permissions could be used to control which user ids could read which credentials, and it would even work on Windows. But our research found that security issues (in applications and libraries that customers run) that grant local file reading privileges are even more common than SSRF issues (in part this because many SSRF issues allow "file://" urls, so they become a subset).
We've looked at interfacing with the kernel keyring and the TPM 2.0 interface (and we now have Nitro TPM) ... but both are difficult to call to user space. The latter doesn't get user ID granularity, and the former is hard to coordinate with from the outside for revoking and rotating credentials.
GitHub - aws/aws-imds-packet-analyzer: traces TCP interactions with the EC2 Instance Metadata Service (IMDS)
1 project | /r/blueteamsec | 8 Jun 2023

Stats

Basic aws-imds-packet-analyzer repo stats

Mentions

Stars

Activity

5.0

Last Commit

11 days ago

aws/aws-imds-packet-analyzer is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of aws-imds-packet-analyzer is Python.

Popular Comparisons