Skip to main content

A tool for detecting resources running on your AWS cloud environment but not provisioned through Terraform

Project description

Casper

CircleCI PyPI version PyPI - Python Version codecov Code style: black

Casper is a tool for detecting ghosts running on your AWS cloud environment. Ghosts are resources running on your cloud environment but not provisioned through infrastructure as code (IaC) tools such as Terraform. Casper currently works only with AWS and Terraform.

Benefits

Some of the benefits Casper provides includes:

  • Security and resource management: Ghosts in your infrastructure can be a sign of a security exploit because the resources were not provisioned through the traditional means used in your organization.

  • Coverage: It would help to measure coverage for an organization gradually using Terraform to provision their AWS infrastructure. Running Casper on an empty terraform state directory would detect all the (supported) resources in your cloud as ghosts. Then you can gradually import those resources to terraform and improve coverage.

Installation

Install Casper by running:

pip install aws-terraform-casper

Usage

Run Casper using:

casper <sub_command> [options]`

Casper currently has two subcommands: BUILD and SCAN.

Subcommand Description
build Collects and stores information about the infrastructure captured in terraform.
scan Compares the resources on terraform with that running in the cloud.

Casper currently supports the following options:

Options Description
-h, --help Display help message and exit
--root-dir The root terraform directory
--aws-profile AWS profile to use. If not set, uses the value in AWS_PROFILE environment variable
--bucket-name Bucket name created to save and retrieve state. If not set, uses the value in CASPER_BUCKET environment variable
--exclude-dirs Comma separated list of directories to ignore
--exclude-state-res Comma separated list of terraform state resources to ignore
--services Comma separated list of services to scan, the default is to scan all supported services
--exclude-cloud-res Comma separated list of cloud resources ids to ignore
--rebuild Rebuild and save state first before scanning
--detailed Retrieve and include details about the resources discovered through scan
--output-file Output detailed result to specified file
--loglevel Log level. Defaults to INFO if unspecified

Refer to the usage guide for examples, results format and how to use Casper from your code.

Contributing

Contributions to the development of Casper is very much welcome. Please refer to CONTRIBUTING.md for details on ways to contribute.

License

Mozilla Public License v2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

aws_terraform_casper-0.4.0-py3.7.egg (36.2 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page