Tool to assess the state of security infrastructure in Mozilla's AWS accounts

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gene1wood from gravatar.com gene1wood Avatar for mozilla-infosec from gravatar.com mozilla-infosec

Unverified details

These details have not been verified by PyPI
Project links
Meta

Project description

assess-mozilla-aws-security-infrastructure

This tool scans Mozilla AWS accounts checking for security infrastructure. It reports accounts which are missing elements of that infrastructure.

This includes any accounts either missing or with misconfigured

  • GuardDuty IAM Roles that the GuardDuty Multi Account Master uses to accept invitations
  • GuardDuty relationships between member and parent
  • CloudTrail
  • Security Audit IAM Roles and Incident Response IAM Roles
  • Mozilla Single Sign On (SSO)

Usage

Run assess-mozilla-aws-security-infrastructure

Future Work

Currently, the tool just prints out information. This could be improved or turned into machine-readable structured data

The tool does not assess whether there are any IAM users with passwords defined in an account that has SSO enabled (these IAM users should be removed in favor of SSO)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gene1wood from gravatar.com gene1wood Avatar for mozilla-infosec from gravatar.com mozilla-infosec

Unverified details

These details have not been verified by PyPI
Project links
Meta

Release history Release notifications | RSS feed

This version

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

assess-mozilla-aws-security-infrastructure-1.0.tar.gz (14.4 kB view details)

Uploaded Source

Built Distribution

assess_mozilla_aws_security_infrastructure-1.0-py3-none-any.whl (15.3 kB view details)

Uploaded Python 3

File details

Details for the file assess-mozilla-aws-security-infrastructure-1.0.tar.gz.

File metadata

File hashes

Hashes for assess-mozilla-aws-security-infrastructure-1.0.tar.gz
Algorithm Hash digest
SHA256 81dffbea7f4a2b9df692a0aea379c0b872bc940a000fea42ce89ebdd5856d3bf
MD5 31c7a092d089e8dd878660a38e06d9b8
BLAKE2b-256 00781e0d637fb77a904ce077660cbdb72ea49f2bda7f55c3e0991b98e3c1c9a2

See more details on using hashes here.

File details

Details for the file assess_mozilla_aws_security_infrastructure-1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for assess_mozilla_aws_security_infrastructure-1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8e1a16c0a953412e129ae5937b1be40f423563c1009b7622574decf24d79cbaf
MD5 a5a32a4bd79b3b0d53cc6dfd9561cf1c
BLAKE2b-256 bce3887ce9742fc8a625bce7b3275f5aa5b37f7894a50fe69fce0a9fdbf44397

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page