CLI for discovering overprivileged AWS IAM roles
Project description
overprivileged
Overprivileged is a utility for discovering over privileged IAM roles in AWS.
Caution: This software is in version 0.0.1 and not currently tested
Installation
From PyPi:
$ pip install overprivileged
Usage
Overprivileged utilizes Cloudtrail logs stored in Cloudwatch to parse out exactly which IAM actions have been performed by an IAM role over a given number of days and returns a diff of which IAM actions have been used and which ones have not.
Prerequisites
- Cloudtrail logging enabled
- Cloudtrail logs saved to Cloudwatch log group
CLI
Check Role Privileges
Example Usage:
op check-privileges \
--role-name role-name \
--log-group-name cloudtrail-log-group-name \
--days 5
Example Output:
{
"usedActions": [
"route53:ListHostedZones",
"route53:ListResourceRecordSets"
],
"unusedActions": [
"route53:ChangeResourceRecordSets"
]
}
Help:
op check-privileges --help
Usage: op check-privileges [OPTIONS]
Checks what actions are used and unused by a role
Options:
--role-name TEXT The name of the role to check privileges for.
--log-group-name TEXT The name of the log group where the Cloudtrail logs
are stored.
--days INTEGER RANGE The number of days in the past that the current
privileges should be checked against.
--region TEXT The aws region where the log group is stored.
--help Show this message and exit.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file overprivileged-0.0.1.tar.gz.
File metadata
- Download URL: overprivileged-0.0.1.tar.gz
- Upload date:
- Size: 44.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/40.6.2 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.6.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6dfe55c7590cfbcfb9e816b886bc4a51b02f17ea4914074571a450be1bf51b19
|
|
| MD5 |
406a35ab6e3b67e11d57da26ba6db88a
|
|
| BLAKE2b-256 |
5b5b0001ff7e0b7c3f50928d993390e6149c431eb01513baf4e93d96eb78959b
|
File details
Details for the file overprivileged-0.0.1-py3-none-any.whl.
File metadata
- Download URL: overprivileged-0.0.1-py3-none-any.whl
- Upload date:
- Size: 46.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/40.6.2 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.6.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1acd3e824d8b14af4d31a7e42b8237d9845517520f4cd6c59b8246ea11ebd762
|
|
| MD5 |
3e7196752a2b33c5e233a4081f467168
|
|
| BLAKE2b-256 |
23202f46111490c012f10c24bcda07a9fee3e250a39642283afe7ee8710282ea
|
