A command-line tool to get valuable information out of AWS CloudTrail
Project description
TrailScraper
A command-line tool to get valuable information out of AWS CloudTrail
Installation
# install custom dependeny since PR cloudtools/awacs#87 isn't merged yet
$ pip install 'http://github.com/flosell/awacs/tarball/add_equality_and_hashes#egg=awacs-0.7.2'
# install trailscraper
$ pip install trailscraper
Usage
# Download some logs
$ trailscraper download --bucket <some-bucket> \
--account-id <some account id> \
--region <some region to look at> \
--past-days <number of past days to look at> \
# Generate an IAM Policy
$ trailscraper generate
{
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::1111111111:role/someRole"
]
}
],
"Version": "2012-10-17"
}
Development
$ ./go setup # set up venv, dependencies and tools
$ ./go test # run some tests
$ ./go check # run some style checks
$ ./go # let's see what we can do here
Troubleshooting
Click thinks you are in an ASCII environment
Click will abort further execution because Python 3 was configured to use ASCII as encoding for the environment.
Set these environment variables:
LC_ALL=C.UTF-8 LANG=C.UTF-8
Changelog
This changelog contains a loose collection of changes in every release including breaking changes to the API.
The format is based on Keep a Changelog
0.3.0
Changed
Added
Support for Python >= 2.7
Changed
Do not download CloudTrail Logs from S3 if they already exist in the target folder (#9)
Removed dependency on fork of the awacs-library to simplify installation and development
Fixed
Bug that led to policy-statements with the same set of actions not being combined properly in some cases (#7)
0.2.0
Added
Basic filtering for role-arns when generating policy (#3)
0.1.0
Initial Release
Added
Basic feature to download CloudTrail Logs from S3 for certain accounts and timeframe
Basic feature to generate IAM Policies from a set of downloaded CloudTrail logs
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for trailscraper-0.3.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7f086299c54d44c7bcaddb068299f277f411c4293f699d4001360ee14f1856f5 |
|
MD5 | 51778d6d4d628a7664a3f0dee4bbfab3 |
|
BLAKE2b-256 | 48240b4ff516ba9f4be93ce97a205558d94ed304ad65f615bcc5ffc7637e2eaa |