Comments (15)
Released in 0.1.5
from cloudsplaining.
Honestly, in a perfect world, I'd love to be able to scan, provide exclusions, and get the html format in as a str, when I could just use the function to do whatever i want, upload to a bucket, send alerts blah blah. Just having the ability to run the tool as a script instead of from the CLI.
from cloudsplaining.
I completely agree :) we have hundreds of accounts and have been talking about how in order to scale this over years (and once we get to 1000s of accounts if we aren't there already) we need a fully self-service model for both assessment and remediation.
The JSON output data file is definitely going to change. Would you want to see this more structured so you could parse, identify diffs, and alert on its contents if desired?
All of this input helps drive the roadmap btw so for real, the input is appreciated. (For anyone else out there reading this, please feel free to open up issues and provide input or feature requests, as we consider all of them)
from cloudsplaining.
@getsec @Kwinnieprince - this is next up on my list. I’m out of office from June 1st through June 15th though so I will likely have to address when I get back.
I listed it as help wanted because I thought it might be helpful if someone could stitch together some Terraform code so it can be easily deployed as a demo. For example, if it runs as a Lambda function, then it will need an IAM role (just IAM:GetAccountAuthorizationDetails), the S3 bucket, and a few other things. I should have explained that when I placed the help wanted label.
If you are interested in helping on that part, I’d appreciate it. I’ll tackle the actual revisions to the python code that are needed so it can be returned as a string etc
from cloudsplaining.
@kmcquade I will beta test for you within our environments and report back. Sorry for being so absent, I've been very pre-occupied with mergers and GCP security (god help me)
from cloudsplaining.
@kmcquade Good talk :D
from cloudsplaining.
True. Yes, we have one internally. I’ll see what I can do for making that available, or creating a minimized version of it dedicated to Cloudsplaining.
Of course, PRs are not expected but are definitely appreciated.
What kind of format would you be looking for? Frankly, while I’ve worked on Lambda functions, I’ve never published one with a Terraform module, or crafted one in a way that is easily parameterized. For example, I know that everyone will name their cross account role differently. Would you just want the example function itself, with storing the results in S3, and perhaps the IAM privs to stash it in S3? Let me know. Brainstorming is helpful here.
from cloudsplaining.
I've only just began evaluating and I'm sure theres a lot more for me to identify. Is there a better place we can discuss (gitter / slack)? Or does the PR chat for you.
from cloudsplaining.
Gitter is great. I can be easily contacted on there.
from cloudsplaining.
Hi i am also trying to achieve the same thing by running a lambda function to periodically check with a python script.
Is there some progress regarding this issue?
Thanks!
from cloudsplaining.
@Kwinnieprince I raised they question but im unsure of this status. As it says "Help Wanted" I'm sure they are looking for someone to take on the load and submit a pull request. I will try to take a look when time arises, but as of now, my cycles are at full capacity.
from cloudsplaining.
Update: I'm still traveling. Will likely wrap this up first week of July, since I am prepping for a conference talk on June 29th.
I got a version of this working - like you can leverage a function and return it as a string - but it needs some cleanup. Again, I'll wrap that up first week of July.
I appreciate your patience on this, @getsec and @Kwinnieprince.
from cloudsplaining.
@getsec hah! No worries. I will let you know when it's ready. I'll work on it next week after I'm done with my conference talk on Policy Sentry (feel free to join if you are interested - it's related to this tool as well - https://fwdcloudsec.org/speakers.html#policy-sentry).
from cloudsplaining.
@kmcquade Ooooh. I'll make sure to book it in my calendar! Good luck on the talk, I had to give a virtual talk on a SANS webcast to like 1000 people and I was shaking in my boots 👀.
from cloudsplaining.
@getsec @Kwinnieprince thanks for your patience on this issue. I haven't written a Lambda function for it - but I recently made a merge that allows you to get the HTML as a string, per your request. The full example is available here: https://github.com/salesforce/cloudsplaining/blob/master/examples/scripts/scripting_example.py
Example snippet - see the line starting with rendered_html_report
below.
def scripting_example(file):
with open(file) as f:
contents = f.read()
account_authorization_details_cfg = json.loads(contents)
rendered_html_report = scan_account_authorization_details(
account_authorization_details_cfg, DEFAULT_EXCLUSIONS, account_name="example"
)
print(rendered_html_report)
I'll release a new version shortly so the feature is available to you. Let me know if you have any questions.
from cloudsplaining.
Related Issues (20)
- Provide option to flag all risky actions, regardless of resource constraints or conditions
- Multi-Account Scan Strips Leading Zeros From Account ID HOT 3
- Migrate from Vue 2 -> Vue 3 and upgrade dependencies HOT 4
- Not able to run the tool HOT 2
- It would be nice to have an inclusion specifying version of scanning
- Unable to scan multiple accounts HOT 1
- Add new read actions to detection list
- Incorrect Link in Docs
- Infrastructure Modification check ignores conditions set on policy HOT 6
- is this solution runnable within a lambda HOT 1
- (InvalidClientTokenId) when calling the GetAccountAuthorizationDetails operation HOT 5
- Unable to identify "Policy leveraged by Compute Service Role" HOT 1
- Rightsizing the broad IAM policies Automatically
- Unhandled exception when running multi-account scan HOT 3
- Cannot build due to pyyaml-6.0 errors
- problem with installation from brew
- TypeError: list indices must be integers or slices, not str (Windows 10) HOT 5
- Security Risk Assessment HOT 1
- ARN Not found HOT 2
- Automatically publish container to Docker Hub via GitHub Actions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloudsplaining.