Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/madhuakula/aws-iam-analyser
AWS IAM Analysis utility to gather entire useful information from an AWS account
https://github.com/madhuakula/aws-iam-analyser
aws aws-iam cloud-security iam infosec pentesting security security-audit
Last synced: about 1 month ago
JSON representation
AWS IAM Analysis utility to gather entire useful information from an AWS account
- Host: GitHub
- URL: https://github.com/madhuakula/aws-iam-analyser
- Owner: madhuakula
- License: mit
- Created: 2020-04-11T14:03:20.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-05-29T22:10:50.000Z (over 4 years ago)
- Last Synced: 2024-08-05T17:36:53.205Z (4 months ago)
- Topics: aws, aws-iam, cloud-security, iam, infosec, pentesting, security, security-audit
- Language: Python
- Homepage:
- Size: 19.5 KB
- Stars: 10
- Watchers: 6
- Forks: 2
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - madhuakula/aws-iam-analyser - AWS IAM Analysis utility to gather entire useful information from an AWS account (Python)
README
# aws-iam-analyser
This is a simple AWS IAM Analysis utility to gather enitre useful information from a AWS account.
## Usage
The below command uses the `default` AWS credentials configured in your system and saves the entire output in JSON format `output.json`. To perform this analysis you need AWS `SecurityAudit` policy permissions, which has read-only privileges to your AWS resources.
```bash
python app.py
```## Installation
the aws-iam-analyzer requires boto3 to run, just install it by typing:
```bash
pip install -r requirements.txt
```* The output looks like below
```json
{
"AccountAliases": [
"madhuakula-account"
],
"AccountAuthorizationDetails": {
"GroupDetailList": [
{
"Arn": "arn:aws:iam::123456789012:group/madhuakula",
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess",
"PolicyName": "AmazonAPIGatewayInvokeFullAccess"
},
{
"PolicyArn": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess",
"PolicyName": "AmazonAthenaFullAccess"
},
```## To-Do
- [ ] Implement AWS credentials input/validation
- [ ] Check initially for arguments passed with AWS `access_key` and `secret_access_key` and `region`
- [ ] Else, see the OS environment variables available `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_DEFAULT_REGION`
- [ ] Then finally check and use system aws configurations at `~/.aws/config` and `~/.aws/credentials`
- [ ] Many ohter...