https://github.com/netflix-skunkworks/repokid-extras
https://github.com/netflix-skunkworks/repokid-extras
security
Last synced: 12 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/netflix-skunkworks/repokid-extras
- Owner: Netflix-Skunkworks
- License: apache-2.0
- Created: 2018-04-23T16:29:07.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2018-04-25T19:59:56.000Z (about 8 years ago)
- Last Synced: 2025-03-30T06:11:11.127Z (over 1 year ago)
- Topics: security
- Language: Python
- Size: 7.81 KB
- Stars: 10
- Watchers: 131
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Authors: AUTHORS
Awesome Lists containing this project
README
Repokid
=======
[](https://gitter.im/netflix-repokid)
[]()
# Repokid Extras
Repokid Extras is a repository for helper scripts, plugins, and others for [Repokid](https://github.com/Netflix/repokid).
As a Skunkworks project these are not maintained or supported officially, but if you have questions you can ask in our Gitter
channel and we'll do our best to help you.
## cloudtrail-hook
CloudTrail hook is a reference implemenation of using [AWS CloudTrail](https://aws.amazon.com/cloudtrail/) to take away
permissions beyond the service level that Access Advisor provides. In our implementation we are querying ElasticSearch, but
CloudTrail could be stored in other forms such as [Amazon Athena](https://aws.amazon.com/athena) as well. The important part
is implementing the `DURING_REPOABLE_CALCULATION` hook and modifying the passed `potentially_repoable_permissions`.