Scott Piper
Scott Piper
If someone wants to try to deny access to AWS, except from certain IPs, I think in all cases they will want to include a condition to ignore situations where...
According to https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-calledvia there are only four services that can currently be used with aws:CalledVia. I should check those are being used, especially to ensure no misspellings happen.
From the command-line, you should be able to more easily do: ``` parliament --exclude informational,community,whatevergroup ``` This idea was raised in #57
CloudMapper has a command `access_check` that figures out who in an account has access to a resource. It has a decent amount of logic that should be moved here so...
This policy from a blog post (https://aws.amazon.com/blogs/security/working-backward-from-iam-policies-and-principal-tags-to-standardized-names-and-tags-for-your-aws-resources/) has findings: ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowEC2ResourceCreationWithRequiredTags", "Action": [ "ec2:CreateVolume", "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Effect": "Allow",...
Parliament was made primarily for IAM policies, but it does allow Resource policies to be checked by for example allowing a `Principal` element. This means that IAM policies are not...
I ran trailblazer and ended up with this output: https://gist.github.com/0xdabbad00/e25cf5599881c13d3b644bc4109cf619 There are 1576 events there, and many events are missing that I know should be recorded, such as `iam` events...
This does a pretty good of automatically generating parameters for the functions. It still needs some work (the code is ugly in places, and does not work for all of...
There is something weird about the new `s3control` service that doesn't work with trailblazer. I get the following exception: ``` Creating s3control client... Calling s3control.delete_public_access_block with params {} in us-east-1...