CLI for discovering overprivileged AWS IAM roles
Project description
overprivileged
Overprivileged is a utility for discovering over privileged IAM roles in AWS.
Caution: This software is in version 0.0.1 and not currently tested
Installation
From PyPi:
$ pip install overprivileged
Usage
Overprivileged utilizes Cloudtrail logs stored in Cloudwatch to parse out exactly which IAM actions have been performed by an IAM role over a given number of days and returns a diff of which IAM actions have been used and which ones have not.
Prerequisites
- Cloudtrail logging enabled
- Cloudtrail logs saved to Cloudwatch log group
CLI
Check Role Privileges
Example Usage:
op check-privileges \
--role-name role-name \
--log-group-name cloudtrail-log-group-name \
--days 5
Example Output:
{
"usedActions": [
"route53:ListHostedZones",
"route53:ListResourceRecordSets"
],
"unusedActions": [
"route53:ChangeResourceRecordSets"
]
}
Help:
op check-privileges --help
Usage: op check-privileges [OPTIONS]
Checks what actions are used and unused by a role
Options:
--role-name TEXT The name of the role to check privileges for.
--log-group-name TEXT The name of the log group where the Cloudtrail logs
are stored.
--days INTEGER RANGE The number of days in the past that the current
privileges should be checked against.
--region TEXT The aws region where the log group is stored.
--help Show this message and exit.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file overprivileged-0.0.1.tar.gz
.
File metadata
- Download URL: overprivileged-0.0.1.tar.gz
- Upload date:
- Size: 44.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/40.6.2 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.6.11
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
6dfe55c7590cfbcfb9e816b886bc4a51b02f17ea4914074571a450be1bf51b19
|
|
MD5 |
406a35ab6e3b67e11d57da26ba6db88a
|
|
BLAKE2b-256 |
5b5b0001ff7e0b7c3f50928d993390e6149c431eb01513baf4e93d96eb78959b
|
File details
Details for the file overprivileged-0.0.1-py3-none-any.whl
.
File metadata
- Download URL: overprivileged-0.0.1-py3-none-any.whl
- Upload date:
- Size: 46.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/40.6.2 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.6.11
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
1acd3e824d8b14af4d31a7e42b8237d9845517520f4cd6c59b8246ea11ebd762
|
|
MD5 |
3e7196752a2b33c5e233a4081f467168
|
|
BLAKE2b-256 |
23202f46111490c012f10c24bcda07a9fee3e250a39642283afe7ee8710282ea
|