aws-security-test

Test automation to determine adherence to pre-defined set of security recommendations

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

# Runtime #### Requirements - Python: 2.7.12 - Boto3: 1.4.1

#### Configuring Tests

##### Credentials

Credentials need to be setup as described in [Boto3 Documentation](http://boto3.readthedocs.io/en/latest/guide/configuration.html). Access needed by the users’ API keys configured:

AmazonEC2ReadOnlyAccess
IAMReadOnlyAccess
AWSCloudTrailReadOnlyAccess
AmazonS3ReadOnlyAccess
CloudWatchLogsReadOnlyAccess
CloudWatchReadOnlyAccess
AmazonSNSReadOnlyAccess
KMSReadOnlyPolicy - There is no pre-defined AWS Policy with the necessary privileges. The custom policy can defined as mentioned in the [documentation](https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-read-only-console)

##### Tests to run

Setup a config file similar to [default.yml](https://github.com/mikhailadvani/aws-security-test/blob/master/config/default.yml) to execute desired tests. Value for each test should be True or False.

#### Execution Steps

##### Run as script python aws_security_test.py -c config/default.yml - Will use the credentials from the environment variables if found or will fall back to the default profile in ~/.aws/config

python aws_security_test.py -c config/default.yml -p profile_name - Will use the credentials from the corresponding profile defined in ~/.aws/config

#### Artifacts

Certain artifacts will be created at the end of every execution for additional verification. The will be in the artifacts directory

root_login.txt : Will be useful in monitoring root account access in case CloudWatch is not used.

sns_subscribers.csv : Lists subscribers for each SNS topic. Can be used to ensure notifications are being sent to the right audience.

internet_open_security_groups.csv : Lists security groups with access open to the Internet. This list might contain rules where access open from the Internet is desired, but can also be used to check for misconfigurations.

# License Apache License 2.0

Project details

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.1.0

Oct 4, 2017

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws-security-test-0.1.0.tar.gz (20.3 kB view hashes)

Uploaded Oct 4, 2017 Source

Built Distribution

aws_security_test-0.1.0-py2-none-any.whl (30.6 kB view hashes)

Uploaded Oct 4, 2017 Python 2

Hashes for aws-security-test-0.1.0.tar.gz

Hashes for aws-security-test-0.1.0.tar.gz
Algorithm	Hash digest
SHA256	`5335650f03206fdac7850837a488d46afb103edd95449f23153aed413fc682fe`
MD5	`c70026fae090138a8276dd2481238498`
BLAKE2b-256	`19ede15d9c855bf429ee526005784f9ef9c2cb80f21524dd507f1c7c99ab319f`

Hashes for aws_security_test-0.1.0-py2-none-any.whl

Hashes for aws_security_test-0.1.0-py2-none-any.whl
Algorithm	Hash digest
SHA256	`b9d5b57d3e33c38e85223a1e533c0a816232aa585bab5ceba7b1b3533d2bd1ed`
MD5	`982ab864d8336e47b749856081de302c`
BLAKE2b-256	`4f168f4af0b916374d785a1fe6821f8f66794bf111f1b49646f5aee6746b2c9c`