{ "info": { "author": "Asbjorn Kjaer", "author_email": "bunjiboys+probator@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Console", "Framework :: Flask", "Framework :: Sphinx", "Intended Audience :: Information Technology", "Intended Audience :: System Administrators", "License :: OSI Approved :: Apache Software License", "Natural Language :: English", "Operating System :: MacOS :: MacOS X", "Operating System :: POSIX :: Linux", "Operating System :: Unix", "Programming Language :: Python :: 3.7", "Topic :: Security", "Topic :: Utilities" ], "description": "# probator-auditor-iam\n\nPlease open issues in the [Probator](https://gitlab.com/probator/probator/issues/new?labels=auditor-iam) repository\n\n\n## Description\n\nThis auditor validates and applies IAM policies for AWS Accounts.\n\n## Configuration Options\n\n| Option name | Default Value | Type | Description |\n|---------------------------|---------------|-----------|---------------------------------------------------------------------------|\n| enabled | `False` | bool | Enable the IAM roles and auditor |\n| interval | `30` | int | How often the auditor executes, in minutes |\n| manage\\_roles | `True` | bool | Enable management of IAM roles |\n| roles | `True` | string | JSON document with roles to push to accounts. See below for example |\n| delete\\_inline\\_policies | `False` | bool | Delete inline policies from existing roles |\n| hostname | *None* | string | Git server hostname |\n| repository | *None* | string | Path of the Git repository |\n| authentication_type | `oauth-token` | string | Authentication type |\n| oauth_token | *None* | string | OAuth2 token. Required if `authentication_type` is `oauth-token` |\n| username | *None* | string | Git username. Required if `authentication_type` is `username-password` |\n| password | *None* | string | Git password./Required if `authentication_type` is `username-password` |\n| max_session_duration | `8` | string | IAM Assume Role MaxSessionDuration (in hours) |\n| disable\\_ssl\\_verify | `False` | bool | Disable SSL certificate validation |\n\n\n### `roles` configuration\n\nThe `roles` setting allows you to configure roles to create and manage on all accounts enabled in Probator. The JSON document is structured as\na dictionary, with the top-level key being the name of the role, and the dictionary value has two keys; `trust` and `policies`\n\n#### `trust`\n\nThe `trust` setting must be a valid IAM Assume Role Policy Document. If the `trust` key is an empty object (`{}`), null or not set, the default trust\ndocument is provided.\n\n#### `policies`\n\nThe `policies` key contains a list of IAM policy names to attach to the role. These policies must exist within the account before running the auditor,\nideally being created by the auditor as well.\n\n#### Example document\n\nThe example below shows how one can manage the role probator assumes for monitoring and auditing in your accounts\n\n```json\n{\n \"probator_role\": {\n \"trust\": {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::123456789012:role/probator-instance-role\",\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n },\n \"policies\": [\n \"ProbatorAccess\"\n ]\n }\n}\n```\n\nThis project is based on the work for [Cloud Inquisitor](https://github.com/RiotGames/cloud-inquisitor) by Riot Games", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/bunjiboys/probator-auditor-iam/", "keywords": "cloud security", "license": "License :: OSI Approved :: Apache Software License", "maintainer": "", "maintainer_email": "", "name": "probator-auditor-iam", "package_url": "https://pypi.org/project/probator-auditor-iam/", "platform": "", "project_url": "https://pypi.org/project/probator-auditor-iam/", "project_urls": { "Homepage": "https://github.com/bunjiboys/probator-auditor-iam/" }, "release_url": "https://pypi.org/project/probator-auditor-iam/1.0.2/", "requires_dist": null, "requires_python": "~=3.7", "summary": "IAM Policy and Role auditor", "version": "1.0.2" }, "last_serial": 4770640, "releases": { "1.0.2": [ { "comment_text": "", "digests": { "md5": "02152dea5fa6e7c54d29186540938218", "sha256": "628cc19a375df775783a9b59d177b65f7d7717d3b571820ae05476c03d0bbe97" }, "downloads": -1, "filename": "probator-auditor-iam-1.0.2.tar.gz", "has_sig": false, "md5_digest": "02152dea5fa6e7c54d29186540938218", "packagetype": "sdist", "python_version": "source", "requires_python": "~=3.7", "size": 9122, "upload_time": "2019-02-01T22:17:07", "url": "https://files.pythonhosted.org/packages/5e/b5/53bd6b9d880054d02bf05ee5010a96ca8562125bfc9b7c3571047cde1f6e/probator-auditor-iam-1.0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "02152dea5fa6e7c54d29186540938218", "sha256": "628cc19a375df775783a9b59d177b65f7d7717d3b571820ae05476c03d0bbe97" }, "downloads": -1, "filename": "probator-auditor-iam-1.0.2.tar.gz", "has_sig": false, "md5_digest": "02152dea5fa6e7c54d29186540938218", "packagetype": "sdist", "python_version": "source", "requires_python": "~=3.7", "size": 9122, "upload_time": "2019-02-01T22:17:07", "url": "https://files.pythonhosted.org/packages/5e/b5/53bd6b9d880054d02bf05ee5010a96ca8562125bfc9b7c3571047cde1f6e/probator-auditor-iam-1.0.2.tar.gz" } ] }