{ "info": { "author": "Mikhail Advani", "author_email": "mikhail.advani@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "Intended Audience :: Information Technology", "Intended Audience :: System Administrators", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python :: 2.7", "Topic :: Internet", "Topic :: Security", "Topic :: Software Development :: Build Tools", "Topic :: Software Development :: Testing", "Topic :: System", "Topic :: System :: Logging", "Topic :: System :: Monitoring", "Topic :: System :: Networking :: Firewalls" ], "description": "# Runtime\n#### Requirements\n- **Python**: 2.7.12\n- **Boto3**: 1.4.1\n\n#### Configuring Tests\n\n##### Credentials\n\nCredentials need to be setup as described in [Boto3 Documentation](http://boto3.readthedocs.io/en/latest/guide/configuration.html).\nAccess needed by the users' API keys configured:\n\n- AmazonEC2ReadOnlyAccess\n- IAMReadOnlyAccess\n- AWSCloudTrailReadOnlyAccess\n- AmazonS3ReadOnlyAccess\n- CloudWatchLogsReadOnlyAccess\n- CloudWatchReadOnlyAccess\n- AmazonSNSReadOnlyAccess\n- *KMSReadOnlyPolicy* - There is no pre-defined AWS Policy with the necessary privileges. The custom policy can defined as mentioned in the [documentation](https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-read-only-console)\n\n##### Tests to run\n\nSetup a config file similar to [default.yml](https://github.com/mikhailadvani/aws-security-test/blob/master/config/default.yml) to execute desired tests. Value for each test should be `True` or `False`.\n\n#### Execution Steps\n\n##### Run as script\n`python aws_security_test.py -c config/default.yml` - Will use the credentials from the environment variables if found or will fall back to the default profile in `~/.aws/config`\n\n`python aws_security_test.py -c config/default.yml -p profile_name` - Will use the credentials from the corresponding profile defined in `~/.aws/config`\n\n#### Artifacts\n\nCertain artifacts will be created at the end of every execution for additional verification. The will be in the artifacts directory\n\n`root_login.txt` : Will be useful in monitoring root account access in case CloudWatch is not used.\n\n`sns_subscribers.csv` : Lists subscribers for each SNS topic. Can be used to ensure notifications are being sent to the right audience.\n\n`internet_open_security_groups.csv` : Lists security groups with access open to the Internet. This list might contain rules where access open from the Internet is desired, but can also be used to check for misconfigurations.\n\n# License\nApache License 2.0\n\n\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/mikhailadvani/aws-security-test", "keywords": "aws security test iam networking logging monitoring ec2 vpc", "license": "Apache", "maintainer": "", "maintainer_email": "", "name": "aws-security-test", "package_url": "https://pypi.org/project/aws-security-test/", "platform": "", "project_url": "https://pypi.org/project/aws-security-test/", "project_urls": { "Homepage": "https://github.com/mikhailadvani/aws-security-test" }, "release_url": "https://pypi.org/project/aws-security-test/0.1.0/", "requires_dist": null, "requires_python": "", "summary": "Test automation to determine adherence to pre-defined set of security recommendations", "version": "0.1.0" }, "last_serial": 3224355, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "982ab864d8336e47b749856081de302c", "sha256": "b9d5b57d3e33c38e85223a1e533c0a816232aa585bab5ceba7b1b3533d2bd1ed" }, "downloads": -1, "filename": "aws_security_test-0.1.0-py2-none-any.whl", "has_sig": false, "md5_digest": "982ab864d8336e47b749856081de302c", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 30589, "upload_time": "2017-10-04T08:11:27", "url": "https://files.pythonhosted.org/packages/4f/16/8f4af0b916374d785a1fe6821f8f66794bf111f1b49646f5aee6746b2c9c/aws_security_test-0.1.0-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c70026fae090138a8276dd2481238498", "sha256": "5335650f03206fdac7850837a488d46afb103edd95449f23153aed413fc682fe" }, "downloads": -1, "filename": "aws-security-test-0.1.0.tar.gz", "has_sig": false, "md5_digest": "c70026fae090138a8276dd2481238498", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20285, "upload_time": "2017-10-04T08:11:21", "url": "https://files.pythonhosted.org/packages/19/ed/e15d9c855bf429ee526005784f9ef9c2cb80f21524dd507f1c7c99ab319f/aws-security-test-0.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "982ab864d8336e47b749856081de302c", "sha256": "b9d5b57d3e33c38e85223a1e533c0a816232aa585bab5ceba7b1b3533d2bd1ed" }, "downloads": -1, "filename": "aws_security_test-0.1.0-py2-none-any.whl", "has_sig": false, "md5_digest": "982ab864d8336e47b749856081de302c", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 30589, "upload_time": "2017-10-04T08:11:27", "url": "https://files.pythonhosted.org/packages/4f/16/8f4af0b916374d785a1fe6821f8f66794bf111f1b49646f5aee6746b2c9c/aws_security_test-0.1.0-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c70026fae090138a8276dd2481238498", "sha256": "5335650f03206fdac7850837a488d46afb103edd95449f23153aed413fc682fe" }, "downloads": -1, "filename": "aws-security-test-0.1.0.tar.gz", "has_sig": false, "md5_digest": "c70026fae090138a8276dd2481238498", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20285, "upload_time": "2017-10-04T08:11:21", "url": "https://files.pythonhosted.org/packages/19/ed/e15d9c855bf429ee526005784f9ef9c2cb80f21524dd507f1c7c99ab319f/aws-security-test-0.1.0.tar.gz" } ] }