{
    "info": {
        "author": "Kapil Thangavelu",
        "author_email": "kapil.foss@gmail.com",
        "bugtrack_url": null,
        "classifiers": [
            "Topic :: System :: Distributed Computing",
            "Topic :: System :: Systems Administration"
        ],
        "description": "# c7n-guardian: Automated multi-account Guard Duty setup\n\nAmazon Guard Duty provides for machine learning based threat\nintelligence and detection on resources in your aws accounts. This\nproject provides a cli tool for automating multi-account of aws guard\nduty. Given a config file holding a set of account information, this\ncli will setup one as a master account, and the remainder as member\naccounts.\n\nThe following cli will enable guard duty on all accounts tagged\ndev. The master guard duty account can be specified by name or account\nid. Running enable multiple times will idempotently converge.\n\n```shell\n$ c7n-guardian enable --config accounts.yml --master 120312301231 --tags dev\n```\n\nThe accounts config file is similiar to c7n-org, with the addition of the\naccount email.\n\n```shell\n$ cat accounts.yml\n\naccounts:\n  - name: guard-duty-master\n    email: guard-duty-master@example.com\n    account_id: \"2020202020202\"\n    role: \"arn:aws:iam::2020202020202:role/CustodianGuardDuty\"\n    tags:\n      - prod\n\n  - name: cicd\n    email: cicd@example.com\n    account_id: \"1010101010101\"\n    role: \"arn:aws:iam::1010101010101:role/CustodianGuardDuty\"\n    tags:\n      - dev\n      - cicd\n\n```\n\nThe cli also has support for disabling and reporting on accounts\n\n```shell\n$ c7n-guardian --help\nUsage: c7n-guardian [OPTIONS] COMMAND [ARGS]...\n\n  Automate Guard Duty Setup.\n\nOptions:\n  --help  Show this message and exit.\n\nCommands:\n  disable  suspend guard duty in the given accounts.\n  enable   enable guard duty on a set of accounts\n  report   report on guard duty enablement by account\n\n```\n\n## Accounts Credentials\n\nThe cli needs credentials access to assume the roles in the config\nfile for all accounts (master and members), the execution credentials\nused can be sourced from a profile, or from role assumption in\naddition to credential sourcing supported by the aws sdk.\n\n\n## Using custodian policies for remediation\n\nHere's some example policies that will provision a custodian lambda\nthat receives the guard duty notifications and performs some basic\nremediation on the alerted resources, respectively stopping an ec2\ninstance, and removing an access key. You have the full access to\ncustodian's actions and filters for doing additional activities in\nresponse to events.\n\n\n```yaml\npolicies:\n\n - name: ec2-guard-remediate\n   resource: ec2\n   mode:\n     role: arn:aws:iam::{account_id}:role/CustodianPolicyExecution\n     type: guard-duty\n   filters:\n     # Filter for medium and high severity events\n     - type: event\n       key: detail.severity\n       op: gte\n       value: 4.5\n   actions:\n     - stop\n\n - name: iam-guard-remediate\n   resource: iam-user\n   mode:\n     role: arn:aws:iam::{account_id}:role/CustodianPolicyExecution\n     type: guard-duty\n   filters:\n     # Only a particular type of event, go ahead and remove keys\n     - type: event\n       key: detail.type\n       value: \"UnauthorizedAccess:IAMUser/TorIPCaller\"\n   actions:\n     - remove-keys\n```",
        "description_content_type": "text/markdown",
        "docs_url": null,
        "download_url": "",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/cloud-custodian/cloud-custodian",
        "keywords": "",
        "license": "Apache-2.0",
        "maintainer": "",
        "maintainer_email": "",
        "name": "c7n-guardian",
        "package_url": "https://pypi.org/project/c7n-guardian/",
        "platform": "",
        "project_url": "https://pypi.org/project/c7n-guardian/",
        "project_urls": {
            "Homepage": "https://github.com/cloud-custodian/cloud-custodian"
        },
        "release_url": "https://pypi.org/project/c7n-guardian/0.3.3/",
        "requires_dist": null,
        "requires_python": "",
        "summary": "Cloud Custodian - Multi Account Guard Duty Setup",
        "version": "0.3.3"
    },
    "last_serial": 5876451,
    "releases": {
        "0.2": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "55d7f692263dd8e1f192065eea786ee6",
                    "sha256": "c405e4d9372616702b5e87ba02e666a0f7be27e1d6c2c29170185bb20fc61e5c"
                },
                "downloads": -1,
                "filename": "c7n_guardian-0.2.tar.gz",
                "has_sig": false,
                "md5_digest": "55d7f692263dd8e1f192065eea786ee6",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 5599,
                "upload_time": "2018-02-14T13:03:08",
                "url": "https://files.pythonhosted.org/packages/8a/01/a0921e08d4cb7cd49ff3cd69cb1febd543d0eca100f76bde255088bd4308/c7n_guardian-0.2.tar.gz"
            }
        ],
        "0.3": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "d8942f83677dfe44c96fbbce94c62605",
                    "sha256": "490e389f035e4612174bebf77a29bd071ae42494afb15332e3823e4cac4bed6f"
                },
                "downloads": -1,
                "filename": "c7n_guardian-0.3.tar.gz",
                "has_sig": false,
                "md5_digest": "d8942f83677dfe44c96fbbce94c62605",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 5835,
                "upload_time": "2018-03-15T13:03:32",
                "url": "https://files.pythonhosted.org/packages/81/fb/8cda1ebe9cfdd4eddb73ecd9cf4f96996328fc96116bde5e303c7097a5d5/c7n_guardian-0.3.tar.gz"
            }
        ],
        "0.3.3": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "bf6a7fe9db609c853682554c5c4ff2c6",
                    "sha256": "1e8f8990a66c66b771abfe5e357e85ce5f6c04b6c0f1a72acce90c9999c6465e"
                },
                "downloads": -1,
                "filename": "c7n_guardian-0.3.3.tar.gz",
                "has_sig": false,
                "md5_digest": "bf6a7fe9db609c853682554c5c4ff2c6",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 5960,
                "upload_time": "2019-09-23T22:36:57",
                "url": "https://files.pythonhosted.org/packages/13/23/4310cf3969611ff44d514ab770f5e90af512401afd4db3214c215e0932a1/c7n_guardian-0.3.3.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "bf6a7fe9db609c853682554c5c4ff2c6",
                "sha256": "1e8f8990a66c66b771abfe5e357e85ce5f6c04b6c0f1a72acce90c9999c6465e"
            },
            "downloads": -1,
            "filename": "c7n_guardian-0.3.3.tar.gz",
            "has_sig": false,
            "md5_digest": "bf6a7fe9db609c853682554c5c4ff2c6",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 5960,
            "upload_time": "2019-09-23T22:36:57",
            "url": "https://files.pythonhosted.org/packages/13/23/4310cf3969611ff44d514ab770f5e90af512401afd4db3214c215e0932a1/c7n_guardian-0.3.3.tar.gz"
        }
    ]
}