https://github.com/fatz/aws-iam-auditing
python tooling getting credentials reports out of any org account
https://github.com/fatz/aws-iam-auditing
aws
Last synced: about 2 months ago
JSON representation
python tooling getting credentials reports out of any org account
- Host: GitHub
- URL: https://github.com/fatz/aws-iam-auditing
- Owner: fatz
- Created: 2018-03-28T10:05:16.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2018-03-28T13:38:42.000Z (over 8 years ago)
- Last Synced: 2025-01-06T16:24:17.892Z (over 1 year ago)
- Topics: aws
- Language: Python
- Size: 7.81 KB
- Stars: 3
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# AWS IAM Auditing
this tool collects for every active AWS Organizations Account the credential report and parses it through a Jinja2 template the resulting overview Report will be send by Email.
It expects working credentials for calling `sts:AssumeRole` into all sub accounts as well as `iam:GenerateCredentialReport`, `iam:GetCredentialReport`
```
usage: awsiamreport.py [-h] [--blacklisted BLACKLISTED [BLACKLISTED ...]]
[--roleName ROLENAME [ROLENAME ...]]
[--smtp-server [SMTP_SERVER]] [--smtp-port [SMTP_PORT]]
[--smtp-ssl] [--smtp-user [SMTP_USER]]
[--smtp-password [SMTP_PASSWORD]]
[--smtp-to SMTP_TO [SMTP_TO ...]]
[--smtp-from [SMTP_FROM]]
optional arguments:
-h, --help show this help message and exit
--blacklisted BLACKLISTED [BLACKLISTED ...], -b BLACKLISTED [BLACKLISTED ...]
blacklisted accounts are getting ignored
--roleName ROLENAME [ROLENAME ...], -r ROLENAME [ROLENAME ...]
role name to use for assume
--smtp-server [SMTP_SERVER]
the smtp server to use
--smtp-port [SMTP_PORT]
smtp port
--smtp-ssl use ssl
--smtp-user [SMTP_USER]
smtp user
--smtp-password [SMTP_PASSWORD]
smtp users password
--smtp-to SMTP_TO [SMTP_TO ...]
email address(es) receiving the report
--smtp-from [SMTP_FROM]
email address used as from
```