{"id":13819717,"url":"https://github.com/cookpad/uguisu","last_synced_at":"2026-06-01T09:00:45.975Z","repository":{"id":40282885,"uuid":"280040426","full_name":"cookpad/uguisu","owner":"cookpad","description":"AWS resource monitoring tool based on CIS benchmarks","archived":false,"fork":false,"pushed_at":"2026-03-30T11:08:31.000Z","size":585,"stargazers_count":3,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-04-01T01:00:17.801Z","etag":null,"topics":["aws","cdk","go","slack","typescript"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cookpad.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-07-16T03:13:07.000Z","updated_at":"2026-03-27T15:57:27.000Z","dependencies_parsed_at":"2024-01-13T15:43:49.018Z","dependency_job_id":"795477ca-dfd7-4a5a-b75b-6d44a182c1ef","html_url":"https://github.com/cookpad/uguisu","commit_stats":{"total_commits":62,"total_committers":1,"mean_commits":62.0,"dds":0.0,"last_synced_commit":"5d367bd301374cb0ed5efc5b11e268023e6e3315"},"previous_names":["m-mizutani/uguisu"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/cookpad/uguisu","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookpad%2Fuguisu","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookpad%2Fuguisu/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookpad%2Fuguisu/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookpad%2Fuguisu/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cookpad","download_url":"https://codeload.github.com/cookpad/uguisu/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookpad%2Fuguisu/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33767439,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cdk","go","slack","typescript"],"created_at":"2024-08-04T08:00:52.085Z","updated_at":"2026-06-01T09:00:45.969Z","avatar_url":"https://github.com/cookpad.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Uguisu\n\n![icon](https://user-images.githubusercontent.com/605953/74091901-6d0eef80-4b00-11ea-88c4-b4ae90cd3331.png)\n\n`uguisu` is an AWS CDK Construct that watches CloudTrail logs and sends Slack notifications when events of interest occur. Rules cover resource lifecycle events, security service tampering, and the AWS CIS Benchmark monitoring controls.\n\n\u003cimg width=\"657\" alt=\"uguisu\" src=\"https://user-images.githubusercontent.com/605953/88273381-147d8880-cd15-11ea-8403-1125f4bed14f.png\"\u003e\n\n\nThe name comes from *uguisubari (鶯張り)* - floors that make a chirping sound when walked upon, alerting to intruders. In English, this is called a *Nightingale floor*. See [wikipedia](https://en.wikipedia.org/wiki/Nightingale_floor) for more detail.\n\n# Rules\n\n- Based on AWS CIS Benchmark\n  - 3.1: Unauthorized API calls monitoring\n  - 3.2: Management Console sign-in without MFA\n  - 3.3: Usage of root account (write actions only)\n  - 3.4: IAM policy changes\n  - 3.5: CloudTrail configuration changes\n  - 3.6: AWS Management Console authentication failures\n  - 3.7: Disabling or scheduled deletion of customer created CMKs\n  - 3.8: S3 bucket policy changes\n  - 3.9: AWS Config configuration changes\n  - 3.10: Security group changes\n  - 3.11: Network Access Control Lists (NACL)\n  - 3.12: Changes to network gateways\n  - 3.13: Route table changes\n  - 3.14: VPC changes\n- Resource life events\n  - ACM: Certificate export, import, renew, or delete\n  - EC2: Instance launch or termination (excludes autoscaling, batch, and ECS)\n  - EKS: Cluster creation or deletion\n  - IAM: User/role creation or deletion, access key changes, login profile changes, group membership changes\n  - Lambda: Function creation, deletion, code updates, or permission changes\n  - RDS: Instance creation or deletion\n  - S3: Bucket creation or deletion\n  - Secrets Manager: Secret creation, deletion, updates, rotation, or resource policy changes\n  - VPC: New VPC created\n  - Organization/Account: Account and organization lifecycle events\n- Security service tampering\n  - GuardDuty detector deletion or disassociation\n  - Security Hub disabled or insights deleted\n  - CloudWatch alarms deleted or disabled\n\n\n# How to use\n\n## 0. Prerequisites\n\n### CDK tools\n\nSee official getting started page. https://docs.aws.amazon.com/cdk/latest/guide/getting_started.html. Please install CDK tools. Note that currently, CDK v2 is not supported. Please use CDK v1.\n\n### Slack Incoming Webhook URL\n\nSee https://api.slack.com/messaging/webhooks to create your Incoming Webhook URL. You will get a URL like this:\n\n```\nhttps://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX\n```\n\n### Setup CloudTrail logging to S3 and SNS topic\n\nCloudTrail logs are required to monitor AWS resources. `uguisu` requires not only CloudTrail logs but also an SNS topic to notify `s3:ObjectCreated:*` event from S3 bucket.\n\n- Enable CloudTrail and logging to S3: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html\n- Change S3 bucket policy: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-s3-bucket-policy-for-cloudtrail.html\n- Configure S3 event notification to SNS: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html\n\n## 1. Create your new CDK project\n\n```bash\n$ mkdir your-cdk-app\n$ cd your-cdk-app\n$ cdk init --language typescript\n```\n\n## 2. Install Uguisu module\n\n```bash\n$ npm install uguisu\n```\n\n## 3. Write your construct\n\nPut construct code to `bin/your-cdk-app.ts` like the following. Replace `s3BucketName`, `snsTopicARN`, `lambdaBuildPath`, `lambdaPackagePath`, and `slackWebhookURL` with your values.\n\n```ts\n#!/usr/bin/env node\nimport \"source-map-support/register\";\nimport * as cdk from \"@aws-cdk/core\";\nimport { UguisuStack } from \"uguisu\";\n\nconst app = new cdk.App();\nnew UguisuStack(app, \"secops-uguisu\", {\n  lambdaBuildPath: \"./\",\n  lambdaPackagePath: \"./lambda/tracker\",\n  s3BucketName: \"your-cloudtrail-logs-bucket\",\n  snsTopicARN: \"arn:aws:sns:ap-northeast-1:1234567890:your-cloudtrail-event-topic\",\n  slackWebhookURL: \"https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX\",\n});\n```\n\n### Optional parameters\n\n| Parameter | Description |\n|---|---|\n| `lambdaRoleARN` | ARN of an existing IAM role to use for the Lambda. If omitted, a role is created automatically and granted read access to `s3BucketName`. Either `lambdaRoleARN` or `s3BucketName` must be provided. |\n| `disabledRules` | Comma-separated list of rule IDs to disable, e.g. `\"resource_lifeevent_ec2,aws_cis_3.1\"`. Useful for suppressing noisy rules without redeploying code. |\n| `sentryDSN` | Sentry DSN for error reporting. |\n\n## 4. Deploy your construct\n\n```bash\n$ cdk deploy\n```\n\n# License\n\nMIT License\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcookpad%2Fuguisu","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcookpad%2Fuguisu","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcookpad%2Fuguisu/lists"}