{"id":21325479,"url":"https://github.com/mrcloudsec/mitre-aws-checks","last_synced_at":"2025-10-24T10:55:21.750Z","repository":{"id":117538077,"uuid":"399883547","full_name":"MrCloudSec/mitre-aws-checks","owner":"MrCloudSec","description":"Script for analyzing the compliance of your AWS account based on the adversary techniques on the MITRE ATT\u0026CK Iaas Matrix.","archived":false,"fork":false,"pushed_at":"2021-08-31T23:20:43.000Z","size":285,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-25T19:40:28.142Z","etag":null,"topics":["aws","mitre","security","security-scanner","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MrCloudSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-25T16:18:17.000Z","updated_at":"2025-05-29T03:33:47.000Z","dependencies_parsed_at":null,"dependency_job_id":"544a3464-dfef-4cbe-852b-3704bed9f4de","html_url":"https://github.com/MrCloudSec/mitre-aws-checks","commit_stats":null,"previous_names":["mrcloudsec/mitre-aws-checks","sergargar/mitre-aws-checks"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MrCloudSec/mitre-aws-checks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrCloudSec%2Fmitre-aws-checks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrCloudSec%2Fmitre-aws-checks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrCloudSec%2Fmitre-aws-checks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrCloudSec%2Fmitre-aws-checks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MrCloudSec","download_url":"https://codeload.github.com/MrCloudSec/mitre-aws-checks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrCloudSec%2Fmitre-aws-checks/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280783850,"owners_count":26390279,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-24T02:00:06.418Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","mitre","security","security-scanner","security-tools"],"created_at":"2024-11-21T21:04:53.644Z","updated_at":"2025-10-24T10:55:21.727Z","avatar_url":"https://github.com/MrCloudSec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS MITRE Compliance Checks\n\nScript for analyzing the compliance of your AWS account based on the adversary techniques on the [MITRE ATT\u0026CK Iaas Matrix](https://attack.mitre.org/matrices/enterprise/cloud/iaas/).\n\n\n## Getting Started\n\n### Dependencies\n\n* It is necessary to have Python3 installed with the packages boto3 and termcolor\n* The packages can be installed with the following command:\n```\npip3 install boto3 termcolor\n```\n\n### User Creation\n\n* The script needs the following permissions to run all the checks:\n```\ncloudtrail:describetrails\nconfig:describeconfigurationrecorderstatus\nguardduty:listdetectors\ninspector:listassessmenttemplates\ninspector:listassessmentruns\ninspector:describeassessmentruns\nec2:describeflowlogs\nec2:describevolumes\nec2:describevpcs\nec2:describesecuritygroups\ns3:getaccountpublicaccessblock\ns3:ListAllMyBuckets\ns3:GetBucketPublicAccessBlock\ns3:GetEncryptionConfiguration\ns3:GetBucketVersioning\niam:GetAccountSummary\niam:ListUsers\niam:ListAccessKeys\niam:ListMFADevices\niam:GetServiceLastAccessedDetails\niam:ListVirtualMFADevices\niam:GenerateServiceLastAccessedDetails\niam:GetAccountPasswordPolicy\n```\n* To facilitate the creation of these permissions, this repository has a [CloudFormation template](https://github.com/sergargar/mitre-aws-checks/blob/main/user-creation.yaml) to automatically deploy an user with the necessary permissions.\n* Once the stack is created with the template, it gives you the access and secret keys of the new user in the Output Section.\n* Finally, both the output credentials and the region to be analyzed must be configured locally through the following command:\n```\naws configure\n```\n\n### Customize verification functions\n\n* The following parameters can be customized in some functions:\n\n| Function                 | Input Parameter                                                                                          | Description                                                                                                                                                                                           |\n|-------------------------|----------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| inactive_users          | days_without_access                                                                                | Days without access of a user to be considered as inactive.                                                                                                                                   |\n| access_keys_rotation    | keys_older_than_days                                                                               | Days old of the access keys so that they are rotated.                                                                                                                                         |\n| s3_public_access        | account                                                                                            | AWS account where you want to verify the public access policies of S3.                                                                                                                           |\n| strong_password_policy  | password_length, password_expiration_days, last_passwords_reuse                                                                                    | Minimum length and maximum expiration days of user passwords, and the number of last passwords that cannot be reused, required in the password policy of the AWS account.          |\n| least_privilege_iam     | JobId                                                                                              | Job ID that the user has previously generated with the AWS call generate_service_last_accessed_details(Arn=\u003centityArn\u003e,Granularity='ACTION_LEVEL'), choosing the entity to analyze. |\n|  | days_without_being_used |  Days without using a service and / or actions by an entity for it to be considered as unused.                                                                                                                                                                                                     |\n| inspector_enabled       | days_since_last_assessment                                                                         | Days since the last Inspector evaluation to be considered non-compliant.                                                                                                                  |                                                                                                       |\n\n### Executing program\n\n* Once the user is created and the credentials were configured, the script can be executed with:\n```\npython3 main.py\n```\n\n### [Demo Video](https://www.youtube.com/watch?v=H11duhLptKE)\n\n## MITRE ATT\u0026CK Relationship\n\n* The functions of the script can mitigate the following adversary techniques that are describe in the [IaaS Matrix](https://attack.mitre.org/matrices/enterprise/cloud/iaas/):\n\n![Alt text](mitre-relationship.png?raw=true \"MITRE ATT\u0026CK Relationship\")\n\n\n## Version History\n\n* 1.0\n    * Initial Release\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrcloudsec%2Fmitre-aws-checks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrcloudsec%2Fmitre-aws-checks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrcloudsec%2Fmitre-aws-checks/lists"}