secure-aws
This package will scan your AWS account to identify whether basic security services are enabled. If not, will help you enable/setup the same.
Covered Services:
- CloudTrail
- Config
- Root MFA
- VPC Flow Logs
- Strong Password Policy
- Macie
- Guardy Duty
- S3 SSE Encryption
- EBS Encryption
- More coming soon...
Installation (Any 1):
- Run
pip3 install secureaws
- Clone the repo and run
python3 setup.py install
Help:
secureaws --help
secureaws <command> --help
Examples:
- Scan AWS account using AWS keys:
secureaws check --access-key XXXXXX --secret-key XXXXXX --region us-west-2
- Scan AWS account using profile:
secureaws check --profile xxx --region eu-west-1
- Setup all services in interactive mode:
secureaws setup --profile XXXXXX --region ap-south-1
- Setup all services in non-interactive mode (except ebs-sse):
secureaws setup --access-key XXXXXX --secret-key XXXXXX -y
- Setup specific service(s):
secureaws setup --profile XXXXXX --region ap-south-1 -s config -s mfa
- Generate RSA Key Pair:
secureaws genrsa
- Generate RSA Key Pair with custom filename and key size:
secureaws genrsa --file-name xxx --key-size 2048