Giter VIP home page Giter VIP logo

aws-leastprivilege's Introduction

WebsiteTwitterLinkedInContact

About

Hi there 👋

I'm Ian, an AWS Community Hero, AWS Ambassador and general cloud enthusiast. I work in Sydney as the Cloud Principal at Kablamo, a cloud consultancy with a focus on delivering digital products and solutions, but I also regularly contribute to open-source projects here with a focus on AWS automation and tooling, especially involving cloud security and Infrastructure-as-Code.

I also enjoy speaking at meetups, co-hosting podcasts, engaging with the community on Slack, and posting about my latest experiences within AWS on my blog. You can find more of my work below.

My Work

aws-leastprivilege's People

Contributors

andrew-kline avatar iann0036 avatar laurencewarne avatar mgmarino avatar patmyron avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

jwilmott orquestracd alaptseu raghuversent andrew-kline mosen jocousen leibowitz testingiacwithnewaccount laurencewarne gcasilva jimini55 drpdr samtimur

aws-leastprivilege's Issues

Has an alternative been found?

Hi @iann0036

This tool looks really promising and just the kind of thing I've been looking for.

My use case is that I'm deploying infrastructure within CircleCI builds and I want to give the IAM User for the agents a lot less than full admin access 🤣

I've noticed the repo has been quiet for a fair few months - do you have an alternative to use now?

I would love to hear any experience you've got in least privileged exploration!

hardcoded aws partition in ARNs

https://github.com/iann0036/aws-leastprivilege/tree/master/cfnlp/mappings
https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arns-syntax

grep 'arn:aws:' cfnlp/mappings/*.py

Thought about just find-and-replacing all of them:

brew install gnu-sed
gsed -i 's/arn:aws:/arn:aws*:/' cfnlp/mappings/*.py

but a few shouldn't have that exact find-and-replace:

aws-leastprivilege/cfnlp/mappings/cloudwatch.py

Lines 31 to 42 in 6f9f8a2

if alarmactions:
for alarmaction in self._forcelist(alarmactions):
if alarmaction.startswith("arn:aws:automate"):
createslr = True
if insufficientdataactions:
for insufficientdataaction in self._forcelist(insufficientdataactions):
if insufficientdataaction.startswith("arn:aws:automate"):
createslr = True
if okactions:
for okaction in self._forcelist(okactions):
if okaction.startswith("arn:aws:automate"):
createslr = True

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.