Skip to main content

A tool for detecting resources running on your AWS cloud environment but not provisioned through Terraform

Project description

Casper

CircleCI PyPI version PyPI - Python Version codecov Code style: black

Casper is a tool for detecting ghosts running on your AWS cloud environment. Ghosts are resources running on your cloud environment but not provisioned through infrastructure as code (IaC) tools such as Terraform. Casper currently works only with AWS and Terraform.

Benefits

Some of the benefits Casper provides includes:

  • Security and resource management: Ghosts in your infrastructure can be a sign of a security exploit because the resources were not provisioned through the traditional means used in your organization.

  • Coverage: It would help to measure coverage for an organization gradually using Terraform to provision their AWS infrastructure. Running Casper on an empty terraform state directory would detect all the (supported) resources in your cloud as ghosts. Then you can gradually import those resources to terraform and improve coverage.

Installation

Install Casper by running:

pip install aws-terraform-casper

Usage

Run Casper using:

casper <sub_command> [options]`

Casper currently has two subcommands: BUILD and SCAN.

Subcommand Description
build Collects and stores information about the infrastructure captured in terraform.
scan Compares the resources on terraform with that running in the cloud.

Casper currently supports the following options:

Options Description
-h, --help Display help message and exit
--root-dir The root terraform directory
--aws-profile AWS profile to use. If not set, uses the value in AWS_PROFILE environment variable
--bucket-name Bucket name created to save and retrieve state. If not set, uses the value in CASPER_BUCKET environment variable
--exclude-dirs Comma separated list of directories to ignore
--exclude-state-res Comma separated list of terraform state resources to ignore
--services Comma separated list of services to scan, the default is to scan all supported services
--exclude-cloud-res Comma separated list of cloud resources ids to ignore
--rebuild Rebuild and save state first before scanning
--detailed Retrieve and include details about the resources discovered through scan
--output-file Output detailed result to specified file
--loglevel Log level. Defaults to INFO if unspecified

Refer to the usage guide for examples, results format and how to use Casper from your code.

Contributing

Contributions to the development of Casper is very much welcome. Please refer to CONTRIBUTING.md for details on ways to contribute.

License

Mozilla Public License v2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

aws_terraform_casper-0.4.0-py3.7.egg (36.2 kB view details)

Uploaded Source

File details

Details for the file aws_terraform_casper-0.4.0-py3.7.egg.

File metadata

  • Download URL: aws_terraform_casper-0.4.0-py3.7.egg
  • Upload date:
  • Size: 36.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.42.0 CPython/3.7.4

File hashes

Hashes for aws_terraform_casper-0.4.0-py3.7.egg
Algorithm Hash digest
SHA256 18241da85836f29f7cec3f613f810088e12e993480a835aea96db6a11d2e84f5
MD5 52fe8691568e6aa6045839ae9c886859
BLAKE2b-256 2e400d39654ac837da2289caa6c3236e60f5e4b22015ce2036a513d692f42b11

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page