Comments (11)
2019-08-19 10:16:46,881 INFO: [-->] Looking for changes in account: monkeytest, technology: alb [in /usr/local/lib/python2.7/dist-packages/security_monkey/task_scheduler/tasks.py:224]
Traceback (most recent call last):
File "/usr/local/bin/monkey", line 11, in
load_entry_point('security-monkey==1.1.1', 'console_scripts', 'monkey')()
File "/usr/local/lib/python2.7/dist-packages/security_monkey/manage.py", line 868, in main
manager.run()
File "/usr/local/lib/python2.7/dist-packages/flask_script/init.py", line 397, in run
result = self.handle(sys.argv[0], sys.argv[1:])
File "/usr/local/lib/python2.7/dist-packages/flask_script/init.py", line 376, in handle
return handle(app, *positional_args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/flask_script/commands.py", line 145, in handle
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/security_monkey/manage.py", line 91, in find_changes
manual_run_change_finder(account_names, monitor_names)
File "/usr/local/lib/python2.7/dist-packages/security_monkey/task_scheduler/tasks.py", line 199, in manual_run_change_finder
find_changes(account, tech)
File "/usr/local/lib/python2.7/dist-packages/security_monkey/task_scheduler/tasks.py", line 229, in find_changes
(items, exception_map) = cw.slurp() or ([], {})
File "/usr/local/lib/python2.7/dist-packages/security_monkey/cloudaux_watcher.py", line 84, in slurp
regions=self._get_regions(), conn_type='dict')
File "/usr/local/lib/python2.7/dist-packages/security_monkey/cloudaux_watcher.py", line 45, in _get_regions
_, regions = get_regions(account, self.service_name)
File "/usr/local/lib/python2.7/dist-packages/security_monkey/decorators.py", line 183, in get_regions
role = sts.assume_role(**assume_role_kwargs)
File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the AssumeRole operation: Access denied
from security_monkey.
Did you grant SecurityMonkeyInstanceProfile
the proper sts:AssumeRole
permissions? Your screenshots don't showcase it.
from security_monkey.
Hi Mike, Thanks for the response. I have provided is as stated in the doc, please find the below screenshot.
from security_monkey.
security monkey is working fine when I work it though a EC2 instance and able to scan the account with out any issues, but when I setup through docker [ which is business requirement ] and trying to scan I am getting permission issues.
from security_monkey.
Ohhh! That is expected.
You need to find a way to get the credentials from your instance onto the container.
from security_monkey.
i didn't get you mike, I have passed the access key and secret key through secmonkey.env . can you help me to fix this issue.. its driving me crazy from days.
from security_monkey.
You won't be able to use IAM roles for this use case (unless you have some special metadata proxy thing running for your container, but let's not go there)
In your case, you will need to mint an IAM User, and create static keys. From there, you will need to set up your docker container to have the static keys available where boto expects them.
from security_monkey.
The best docs we have on this are here: https://github.com/Netflix/security_monkey/blob/develop/docs/docker.md
from security_monkey.
I am trying with the same doc from days Mike.. got this issue which i am unable to fix.
Another question, is it possible to scan multiple accounts with docker case ?
from security_monkey.
Yes -- you just need the credentials in your container, which for Docker, our recommendation is to make use of IAM static credentials.
While we understand that static credentials are not great, it's the easiest solution for something without direct access to the AWS metadata service.
Alternatively, you might want to investigate the use of Fargate or ECS.
from security_monkey.
Ok Mike, thanks for your time. I will try it out today and will get back to you
from security_monkey.
Related Issues (20)
- not getting description of Unknown issue HOT 2
- Problemas al ejecutar pub get
- Error al ejecutar Pub build HOT 2
- Ubuntu- Create a Self Signed SSL Certificate
- error when running monkey db upgrade HOT 4
- Google SSO Crashes on /api/1/auth/providers HOT 1
- Hardcoded reference to Riot Games HOT 4
- No way to see what we are about to justify
- monkey db upgrade fails HOT 2
- ALB/ELB scans are not working HOT 4
- monkey db upgrade - issues HOT 5
- frequent null value in column "item_id" violates not-null constraint exception HOT 4
- monkey db upgrade is throwing error HOT 1
- monkey db upgrade issue is still there HOT 1
- Python 3 inconsistent list ordering causing frequent change detections
- pkg_resources.DistributionNotFound: The 'octodns' distribution was not found and is required by the application HOT 1
- How to Generate a change item email HOT 11
- Where to Submit a Security Vulnerability
- How to run SecMonkey locally HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security_monkey.