CLI for discovering overprivileged AWS IAM roles
Project description
overprivileged
Overprivileged is a utility for discovering over privileged IAM roles in AWS.
Caution: This software is in version 0.0.1 and not currently tested
Installation
From PyPi:
$ pip install overprivileged
Usage
Overprivileged utilizes Cloudtrail logs stored in Cloudwatch to parse out exactly which IAM actions have been performed by an IAM role over a given number of days and returns a diff of which IAM actions have been used and which ones have not.
Prerequisites
- Cloudtrail logging enabled
- Cloudtrail logs saved to Cloudwatch log group
CLI
Check Role Privileges
Example Usage:
op check-privileges \
--role-name role-name \
--log-group-name cloudtrail-log-group-name \
--days 5
Example Output:
{
"usedActions": [
"route53:ListHostedZones",
"route53:ListResourceRecordSets"
],
"unusedActions": [
"route53:ChangeResourceRecordSets"
]
}
Help:
op check-privileges --help
Usage: op check-privileges [OPTIONS]
Checks what actions are used and unused by a role
Options:
--role-name TEXT The name of the role to check privileges for.
--log-group-name TEXT The name of the log group where the Cloudtrail logs
are stored.
--days INTEGER RANGE The number of days in the past that the current
privileges should be checked against.
--region TEXT The aws region where the log group is stored.
--help Show this message and exit.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
overprivileged-0.0.1.tar.gz
(44.6 kB
view hashes)
Built Distribution
Close
Hashes for overprivileged-0.0.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1acd3e824d8b14af4d31a7e42b8237d9845517520f4cd6c59b8246ea11ebd762 |
|
| MD5 | 3e7196752a2b33c5e233a4081f467168 |
|
| BLAKE2b-256 | 23202f46111490c012f10c24bcda07a9fee3e250a39642283afe7ee8710282ea |