Tool to assess the state of security infrastructure in Mozilla's AWS accounts
Project description
assess-mozilla-aws-security-infrastructure
This tool scans Mozilla AWS accounts checking for security infrastructure. It reports accounts which are missing elements of that infrastructure.
This includes any accounts either missing or with misconfigured
- GuardDuty IAM Roles that the GuardDuty Multi Account Master uses to accept invitations
- GuardDuty relationships between member and parent
- CloudTrail
- Security Audit IAM Roles and Incident Response IAM Roles
- Mozilla Single Sign On (SSO)
Usage
Run assess-mozilla-aws-security-infrastructure
Future Work
Currently, the tool just prints out information. This could be improved or turned into machine-readable structured data
The tool does not assess whether there are any IAM users with passwords defined in an account that has SSO enabled (these IAM users should be removed in favor of SSO)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for assess-mozilla-aws-security-infrastructure-1.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 81dffbea7f4a2b9df692a0aea379c0b872bc940a000fea42ce89ebdd5856d3bf |
|
| MD5 | 31c7a092d089e8dd878660a38e06d9b8 |
|
| BLAKE2b-256 | 00781e0d637fb77a904ce077660cbdb72ea49f2bda7f55c3e0991b98e3c1c9a2 |
Close
Hashes for assess_mozilla_aws_security_infrastructure-1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8e1a16c0a953412e129ae5937b1be40f423563c1009b7622574decf24d79cbaf |
|
| MD5 | a5a32a4bd79b3b0d53cc6dfd9561cf1c |
|
| BLAKE2b-256 | bce3887ce9742fc8a625bce7b3275f5aa5b37f7894a50fe69fce0a9fdbf44397 |
