Skip to content

hmrc/platsec-aws-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

413 Commits
docs
docs
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.pipenv-version
.pipenv-version
 
 
.python-version
.python-version
 
 
.remarkrc.yaml
.remarkrc.yaml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
Pipfile
Pipfile
 
 
Pipfile.lock
Pipfile.lock
 
 
README.md
README.md
 
 
aws_scanner_config_template.ini
aws_scanner_config_template.ini
 
 
aws_scanner_test_config.ini
aws_scanner_test_config.ini
 
 
buildspec.yml
buildspec.yml
 
 
lambda.Dockerfile
lambda.Dockerfile
 
 
local.Dockerfile
local.Dockerfile
 
 
mypy.ini
mypy.ini
 
 
platsec_aws_scanner.py
platsec_aws_scanner.py
 
 
platsec_aws_scanner.sh
platsec_aws_scanner.sh
 
 
platsec_aws_scanner_lambda.py
platsec_aws_scanner_lambda.py
 
 
repository.yaml
repository.yaml
 
 

Repository files navigation

platsec-aws-scanner

PlatSec AWS Scanner is a Python command-line tool that can run parallel tasks against a set of AWS accounts. Tasks can be anything, from querying CloudTrail logs with Athena, scanning for AWS service and AWS IAM role usage, finding principals by source IP address, listing accounts in an AWS organization, etc.

Documentation

Explore the documentation directory to learn more about the requirements, configuration and usage of PlatSec AWS Scanner.

Usage example

./platsec_aws_scanner.sh role_usage -u john.doo --token 123456 --year 2021 --month 3 --role SomeIAMRole
[
  {
    "account": {
      "identifier": "999888777666",
      "name": "some account"
    },
    "description": "AWS SomeIAMRole usage scan",
    "partition": {
      "year": "2021",
      "month": "03",
      "region": "eu-west-1"
    },
    "results": {
      "role_usage": [
        {
          "event_source": "cloudformation.amazonaws.com",
          "event_name": "DescribeChangeSet",
          "count": 44
        },
        {
          "event_source": "cloudformation.amazonaws.com",
          "event_name": "ExecuteChangeSet",
          "count": 9
        },
        {
          "event_source": "signin.amazonaws.com",
          "event_name": "RenewRole",
          "count": 2
        }
      ]
    }
  }
]

CI/CD pipeline

Where can I find a CI/CD pipeline for this code base?

How is the CI/CD pipeline configured?

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

7 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 20
+ 6 contributors

Languages