ascot

package module
v0.0.0-...-869a489 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2024 License: MIT Imports: 7 Imported by: 0

README

ascot - AWS Security Compliance and Operations Toolkit

Security Rating Vulnerabilities Maintainability Rating Reliability Rating

This is a single-binary tool that can be easily used by GRC (Compliance) and Security Operations teams if they need to support AWS infrastructure but don't have good experience yet with the AWS CLI. This tool is intended to complement the use of AWS CLI, not replace it.

This tool is also intended as a learning tool, for those that lack the experience in AWS. You can find what IAM permissions are needed for a command by running ascot [COMMAND] --show-required-permissions. You can also run ascot [COMMAND] --how-it-works in order to understand the business logic being run, which can aid you when you want to use the AWS CLI directly instead of this tool.

Most, if not all, of the commands in this tool can also be done with the AWS CLI and some bash, but not everyone is comfortable in this environment. This tool solves for that.

The tool is built to have multiple sub-commands, one for each type of investigation being performed.

Features

A list of all supported commands can be found by runnning ascot -h.

Figure out who you are

Running ascot with no arguments will print out the ARN of the user you have authenticated with (or assumed, when using a role).

$ ascot
AWS login was successful.
You are currently logged in as arn:aws:iam::012345678901:user/johndoe
Find the Owner of a given AWS Access Key ID

Given an AWS Access Key ID, this command searches all IAM users in your AWS account (either given a --profile or using the default) and attempts to find a matching owner.

ascot access-key-owner --access-key-id AKIA123...

If an owner is found, the ARN of the IAM user is displayed. If the key is active, which is presents a risk during a key exposure incident, the output displays an alert.

It is recommended to have unrestricted iam:ListUser privileges in the AWS account in order to ensure all users are searched.

List all Active AWS Regions

Returns an alphabetical list of the regions that are active within the AWS account. This is helpful when needing to iterate over all regions looking for a particular resource (e.g. listing all EC2 instances in all regions).

ascot active-regions
Audit Default VPCs

Allows you to see which regions in the AWS account still allow their default VPCs to exist.

ascot audit-default-vpcs

If a default VPC exists in the region, the result is FAIL. Otherwise, the region receives a PASS.

Missing Images

Lists any EC2 instances that are using AMIs that no longer exist. This means if the EC2 instance needs to be rebuilt, it will fail because it depends on an AMI that cannot be found.

This searches all regions.

ascot missing-images

The output is a list of instance IDs that are affected by the missing AMI, and the AMI ID that is missing.

Contributing

Any help is appreciated. Please put your changes in a branch and then create a Pull Request (PR).

License

MIT

Documentation

Index

Constants

View Source 
const DEFAULT_REGION string = "us-east-1"

for API calls that are global but require a region, use this

Variables

This section is empty.

Functions

func GetAWSConfig 

func GetAWSConfig(region string, profile string) (aws.Config, error)

Types

type AccessKeyOwnerRunner 

type AccessKeyOwnerRunner struct {
	ListUsersClient      iam.ListUsersAPIClient
	ListAccessKeysClient iam.ListAccessKeysAPIClient
	AccessKeyId          string
}

func (AccessKeyOwnerRunner) HowItWorks 

func (AccessKeyOwnerRunner) HowItWorks() ([]string, []string)

func (AccessKeyOwnerRunner) RequiredPermissions 

func (AccessKeyOwnerRunner) RequiredPermissions() []string

func (AccessKeyOwnerRunner) Run 

func (s AccessKeyOwnerRunner) Run() (iam_types.AccessKeyMetadata, error)

type ActiveRegionsRunner 

type ActiveRegionsRunner struct {
	Client ec2.Client
}

func (ActiveRegionsRunner) HowItWorks 

func (s ActiveRegionsRunner) HowItWorks() ([]string, []string)

func (ActiveRegionsRunner) RequiredPermissions 

func (s ActiveRegionsRunner) RequiredPermissions() []string

func (ActiveRegionsRunner) Run 

func (s ActiveRegionsRunner) Run() ([]ec2_types.Region, error)

type AuditDefaultVpcsRunner 

type AuditDefaultVpcsRunner struct {
	Client ec2.DescribeVpcsAPIClient
}

func (AuditDefaultVpcsRunner) HowItWorks 

func (s AuditDefaultVpcsRunner) HowItWorks() ([]string, []string)

func (AuditDefaultVpcsRunner) RequiredPermissions 

func (s AuditDefaultVpcsRunner) RequiredPermissions() []string

func (AuditDefaultVpcsRunner) Run 

func (s AuditDefaultVpcsRunner) Run() ([]ec2_types.Vpc, error)

type InstanceByIdRunner 

type InstanceByIdRunner struct {
	Client ec2.DescribeInstancesAPIClient
}

func (InstanceByIdRunner) HowItWorks 

func (s InstanceByIdRunner) HowItWorks() ([]string, []string)

func (InstanceByIdRunner) RequiredPermissions 

func (s InstanceByIdRunner) RequiredPermissions() []string

func (InstanceByIdRunner) Run 

func (s InstanceByIdRunner) Run(instanceId string) (ec2_types.Instance, error)

type MissingImagesRunner 

type MissingImagesRunner struct {
	DescribeInstancesClient ec2.DescribeInstancesAPIClient
	DescribeImagesClient    ec2.DescribeImagesAPIClient
}

func (MissingImagesRunner) HowItWorks 

func (s MissingImagesRunner) HowItWorks() ([]string, []string)

func (MissingImagesRunner) RequiredPermissions 

func (s MissingImagesRunner) RequiredPermissions() []string

func (MissingImagesRunner) Run 

func (s MissingImagesRunner) Run() (map[string][]string, error)

Source Files

View all Source files

Directories

Path Synopsis
cmd
ascot
A common set of CLI styles
 A common set of CLI styles

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.