Skip to content

jamessheridan/AWS-Audit

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 

Repository files navigation

AWS Audit README
----------------
AWS Audit is intended to be used to both track Amazon Webservices configuration changes across 
multiple accounts, and also provide a data building block to be used as a foundation for other 
applications.

This will query any number of AWS accounts and produce a monolithic XML file containing all of the
data which it finds.

This is something which I (github.com/jamessheridan) wrote when I was back at News International.
It is horrifically crufty python and I make no apologies for that!

It was open sourced by NI, but was subsequently abandoned by them. Andy Brody (github.com/ab) kindly
cleaned up some things and here it is now.

At the time, NI had many different AWS accounts, spread over different availability zones and regions
and this made it very tricky to work out what was in play at any given moment. So, I wrote this.

Requirements
------------
Python 2.6 - we haven't tested on any earlier or later versions
Boto Library 2.0b4 (http://code.google.com/p/boto/) - again, not tested on any other
PyYAML 3.10 (http://pyyaml.org/wiki/PyYAML)
python-ElementTree library

Installation Steps (See below for details)
------------------------------------------
1. Create an S3 bucket to retain account credentials. Ensure this bucket is not publicly visible.
2. Create an IAM account within your master AWS account.
3. Ensure the S3 bucket you created in 1. is only accessible by the new IAM user.
4. Edit the config file /etc/aws_audit.conf
   This should be fairly self-explanatory, the config is short and commented.

5. Place aws_audit.py somewhere sensible (eg. /usr/local/bin/aws_audit.py)
6. Install a crontab entry to periodically poll AWS and get updated information.
   eg:
   */12 * * * * /usr/local/bin/aws_audit.py >/tmp/aws_audit.out 2>&1


Amazon account credentials in S3 Bucket
---------------------------------------
AWS Audit has the ability to track multiple Amazon Webservices accounts, the account credentials need 
to be stored somewhere, we have chosen to use an S3 bucket. You can secure the S3 bucket using an IAM 
policy and bucket policy, but we just use the master AWS accounts access keys for where the S3 bucket 
is configured.

Inside the credential bucket you need to create some files - one each per account you wish to monitor.


The master account details required to read all the account credentials are configured by AWS Audit in 
the /etc/aws_audit.conf file, in these 2 settings:
master_aws_key:
master_aws_secret:


The format of the S3 files is show below:

Folder: <accountNumber>-<accountEmail> e.g. 123456789123-joe@example.com
  File: cred-<accountNumber>-<accountEmail>.txt e.g. cred-123456789123-joe@example.com.txt
    Contents: see below, N.B. the keys are randomly generated
AccountName=joe@example.com
AWSAccessKeyId=ABTHJK7TBVBV45PDYFAMA
AWSSecretKey=5jJoj3aaJi3mdAWW76jE89FNxVPeOabXqqQIS2be

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%