This repository has been archived by the owner on Dec 5, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
README
66 lines (52 loc) · 2.72 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
AWS Audit README
----------------
AWS Audit is intended to be used to both track Amazon Webservices configuration changes across
multiple accounts, and also provide a data building block to be used as a foundation for other
applications.
Requirements
------------
Python 2.6 - we haven't tested on any earlier or later versions
Boto Library 2.0b4 (http://code.google.com/p/boto/) - again, not tested on any other
PyYAML 3.10 (http://pyyaml.org/wiki/PyYAML)
Apache 2+ (optional but used to access the result)
Installation Steps (See below for details)
------------------------------------------
Create IAM User Account with S3 read permissions
Create S3 Bucket to store account credentials *only* accessible by an account user, not everyone!!
Create config file (/etc/aws_audit.conf)
Install ec2_audit.py file in a directory (/u01/app/audit/)
Run the file manually and check for errors
Install crontab
*/12 * * * * /u01/app/audit/aws_audit.py >/tmp/aws_audit.out 2>&1
Access the aws_audit.xml using a browser
Try a visualisation
Amazon account credentials in S3 Bucket
---------------------------------------
AWS Audit has the ability to track multiple Amazon Webservices accounts, the account credentials need
to be stored somewhere, we have chosen to use an S3 bucket. You can secure the S3 bucket using an IAM
policy and bucket policy, but we just use the master AWS accounts access keys for where the S3 bucket
is configured.
The master account details required to read all the account credentials are configured by AWS Audit in
the /etc/aws_audit.conf file, in these 2 settings:
master_aws_key:
master_aws_secret:
The format of the S3 files is show below:
Folder: <accountNumber>-<accountEmail> e.g. [email protected]
File: cred-<accountNumber>-<accountEmail>.txt e.g. [email protected]
Contents: see below, N.B. the keys are randomly generated
AWSAccessKeyId=ABTHJK7TBVBV45PDYFAMA
AWSSecretKey=5jJoj3aaJi3mdAWW76jE89FNxVPeOabXqqQIS2be
Visualisation
-------------
The visualation is simply an XSLT javascript which provides a simple framework for producing dashboards
off the back of the master XML file (aws_audit.xml) produced; the files involved are:
xsltproc.html # Javascript file which loads the XML file and an XSL file to produce an Output,
# you may need to change the line to point to the result XML:
# xml=loadXMLDoc("aws_audit.xml");
index.html # Basic frameset
menu.html # Basic menu
DBs.xsl # Example XSL to show all RDS instances
EC2_instances.xsl # Example XSL to show all EC2 instances
VPC_instances.xsl # Example XSL to show all VPC/EC2 Instances
Summary_EC2.xsl # Example Summary to show the EC2 Instance summary by account