altimeter


Namealtimeter JSON
Version 6.4.25 PyPI version JSON
download
home_pagehttps://github.com/tableau/altimeter
SummaryGraph AWS resources in Neptune
upload_time2023-12-20 21:54:16
maintainer
docs_urlNone
authorTableau
requires_python>=3.8,<3.10
license
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage
            # Altimeter

[![Community Supported](https://img.shields.io/badge/Support%20Level-Community%20Supported-457387.svg)](https://www.tableau.com/support-levels-it-and-developer-tools)
[![GitHub](https://img.shields.io/badge/license-MIT-brightgreen.svg)](https://raw.githubusercontent.com/Tableau/altimeter/master/LICENSE)

[![Python 3.8](https://img.shields.io/badge/python-3.8-blue.svg)](https://www.python.org/downloads/release/python-380/)

Altimeter is a system to graph and scan AWS resources across multiple
AWS Organizations and Accounts.

Altimeter generates RDF files which can be loaded into a triplestore
such as AWS Neptune for querying.

# Quickstart

## Installation

    pip install altimeter

## Configuration

Altimeter's behavior is driven by a toml configuration file.  A few sample
configuration files are included in the `conf/` directory:

* `current_single_account.toml` - scans the current account - this is the account
  for which the environment's currently configured AWS CLI credentials are.
* `current_master_multi_account.toml` - scans the current account and attempts to
  scan all organizational subaccounts - this configuration should be used if you
  are scanning  all accounts in an organization.  To do this the currently
  configured AWS CLI credentials should be pointing to an AWS Organizations
  master account.

To scan a subset of regions, set the region list parameter `regions` in the `scan`
section to a list of region names.

## Required IAM permissions

The following permissions are required for a scan of all supported resource types:

    acm:DescribeCertificate
    acm:ListCertificates
    cloudtrail:DescribeTrails
    dynamodb:DescribeContinuousBackups
    dynamodb:DescribeTable
    dynamodb:ListTables
    ec2:DescribeFlowLogs
    ec2:DescribeImages
    ec2:DescribeInstances
    ec2:DescribeInternetGateways
    ec2:DescribeNetworkInterfaces
    ec2:DescribeRegions
    ec2:DescribeRouteTables
    ec2:DescribeSecurityGroups
    ec2:DescribeSnapshots
    ec2:DescribeSubnets
    ec2:DescribeTransitGatways
    ec2:DescribeTransitGatwayAttachments
    ec2:DescribeVolumes
    ec2:DescribeVpcEndpoints
    ec2:DescribeVpcEndpointServiceConfigurations
    ec2:DescribeVpcPeeringConnections
    ec2:DescribeTransitGatewayVpcAttachments
    ec2:DescribeVpcs
    elasticloadbalancing:DescribeLoadBalancers
    elasticloadbalancing:DescribeLoadBalancerAttributes
    elasticloadbalancing:DescribeTargetGroups
    elasticloadbalancing:DescribeTargetGroupAttributes
    elasticloadbalancing:DescribeTargetHealth
    eks:ListClusters
    events:ListRules
    events:ListTargetsByRule
    events:DescribeEventBus
    guardduty:GetDetector
    guardduty:GetMasterAccount
    guardduty:ListDetectors
    guardduty:ListMembers
    iam:GetAccessKeyLastUsed
    iam:GetAccountPasswordPolicy
    iam:GetGroup
    iam:GetGroupPolicy
    iam:GetLoginProfile
    iam:GetOpenIDConnectProvider
    iam:GetPolicyVersion
    iam:GetRolePolicy
    iam:GetSAMLProvider
    iam:GetUserPolicy
    iam:ListAccessKeys
    iam:ListAttachedGroupPolicies
    iam:ListAttachedRolePolicies
    iam:ListAttachedUserPolicies
    iam:ListGroupPolicies
    iam:ListGroups
    iam:ListinstanceProfiles
    iam:ListMFADevices
    iam:ListOpenIDConnectProviders
    iam:ListPolicies
    iam:ListPolicies
    iam:ListRolePolicies
    iam:ListRoles
    iam:ListSAMLProviders
    iam:ListUserPolicies
    iam:ListUsers
    kms:ListKeys
    lambda:ListFunctions
    rds:DescribeDBInstances
    rds:DescribeDBInstanceAutomatedBackups
    rds:ListTagsForResource
    rds:DescribeDBSnapshots
    route53:ListHostedZones
    route53:ListResourceRecordSets
    s3:ListBuckets
    s3:GetBucketLocation
    s3:GetBucketEncryption
    s3:GetBucketTagging
    sts:GetCallerIdentity
    support:DescribeSeverityLevels

Additionally if you are doing multi-account scanning via an MPA master account you
will also need:

    organizations:DescribeOrganization
    organizations:ListAccounts
    organizations:ListAccountsForParent
    organizations:ListOrganizationalUnitsForParent
    organizations:ListRoots

## Generating the Graph

Assuming you have configured AWS CLI credentials
(see <https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html>),
run:

    altimeter <path-to-config>

This will scan all resources in regions specified in the config file.

The full path to the generated RDF file will printed, for example:

    Created /tmp/altimeter/20191018/1571425383/graph.rdf

This RDF file can then be loaded into a triplestore such as Neptune or
Blazegraph for querying.

For more user documentation see <https://tableau.github.io/altimeter/>



            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/tableau/altimeter",
    "name": "altimeter",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.8,<3.10",
    "maintainer_email": "",
    "keywords": "",
    "author": "Tableau",
    "author_email": "",
    "download_url": "",
    "platform": null,
    "description": "# Altimeter\n\n[![Community Supported](https://img.shields.io/badge/Support%20Level-Community%20Supported-457387.svg)](https://www.tableau.com/support-levels-it-and-developer-tools)\n[![GitHub](https://img.shields.io/badge/license-MIT-brightgreen.svg)](https://raw.githubusercontent.com/Tableau/altimeter/master/LICENSE)\n\n[![Python 3.8](https://img.shields.io/badge/python-3.8-blue.svg)](https://www.python.org/downloads/release/python-380/)\n\nAltimeter is a system to graph and scan AWS resources across multiple\nAWS Organizations and Accounts.\n\nAltimeter generates RDF files which can be loaded into a triplestore\nsuch as AWS Neptune for querying.\n\n# Quickstart\n\n## Installation\n\n    pip install altimeter\n\n## Configuration\n\nAltimeter's behavior is driven by a toml configuration file.  A few sample\nconfiguration files are included in the `conf/` directory:\n\n* `current_single_account.toml` - scans the current account - this is the account\n  for which the environment's currently configured AWS CLI credentials are.\n* `current_master_multi_account.toml` - scans the current account and attempts to\n  scan all organizational subaccounts - this configuration should be used if you\n  are scanning  all accounts in an organization.  To do this the currently\n  configured AWS CLI credentials should be pointing to an AWS Organizations\n  master account.\n\nTo scan a subset of regions, set the region list parameter `regions` in the `scan`\nsection to a list of region names.\n\n## Required IAM permissions\n\nThe following permissions are required for a scan of all supported resource types:\n\n    acm:DescribeCertificate\n    acm:ListCertificates\n    cloudtrail:DescribeTrails\n    dynamodb:DescribeContinuousBackups\n    dynamodb:DescribeTable\n    dynamodb:ListTables\n    ec2:DescribeFlowLogs\n    ec2:DescribeImages\n    ec2:DescribeInstances\n    ec2:DescribeInternetGateways\n    ec2:DescribeNetworkInterfaces\n    ec2:DescribeRegions\n    ec2:DescribeRouteTables\n    ec2:DescribeSecurityGroups\n    ec2:DescribeSnapshots\n    ec2:DescribeSubnets\n    ec2:DescribeTransitGatways\n    ec2:DescribeTransitGatwayAttachments\n    ec2:DescribeVolumes\n    ec2:DescribeVpcEndpoints\n    ec2:DescribeVpcEndpointServiceConfigurations\n    ec2:DescribeVpcPeeringConnections\n    ec2:DescribeTransitGatewayVpcAttachments\n    ec2:DescribeVpcs\n    elasticloadbalancing:DescribeLoadBalancers\n    elasticloadbalancing:DescribeLoadBalancerAttributes\n    elasticloadbalancing:DescribeTargetGroups\n    elasticloadbalancing:DescribeTargetGroupAttributes\n    elasticloadbalancing:DescribeTargetHealth\n    eks:ListClusters\n    events:ListRules\n    events:ListTargetsByRule\n    events:DescribeEventBus\n    guardduty:GetDetector\n    guardduty:GetMasterAccount\n    guardduty:ListDetectors\n    guardduty:ListMembers\n    iam:GetAccessKeyLastUsed\n    iam:GetAccountPasswordPolicy\n    iam:GetGroup\n    iam:GetGroupPolicy\n    iam:GetLoginProfile\n    iam:GetOpenIDConnectProvider\n    iam:GetPolicyVersion\n    iam:GetRolePolicy\n    iam:GetSAMLProvider\n    iam:GetUserPolicy\n    iam:ListAccessKeys\n    iam:ListAttachedGroupPolicies\n    iam:ListAttachedRolePolicies\n    iam:ListAttachedUserPolicies\n    iam:ListGroupPolicies\n    iam:ListGroups\n    iam:ListinstanceProfiles\n    iam:ListMFADevices\n    iam:ListOpenIDConnectProviders\n    iam:ListPolicies\n    iam:ListPolicies\n    iam:ListRolePolicies\n    iam:ListRoles\n    iam:ListSAMLProviders\n    iam:ListUserPolicies\n    iam:ListUsers\n    kms:ListKeys\n    lambda:ListFunctions\n    rds:DescribeDBInstances\n    rds:DescribeDBInstanceAutomatedBackups\n    rds:ListTagsForResource\n    rds:DescribeDBSnapshots\n    route53:ListHostedZones\n    route53:ListResourceRecordSets\n    s3:ListBuckets\n    s3:GetBucketLocation\n    s3:GetBucketEncryption\n    s3:GetBucketTagging\n    sts:GetCallerIdentity\n    support:DescribeSeverityLevels\n\nAdditionally if you are doing multi-account scanning via an MPA master account you\nwill also need:\n\n    organizations:DescribeOrganization\n    organizations:ListAccounts\n    organizations:ListAccountsForParent\n    organizations:ListOrganizationalUnitsForParent\n    organizations:ListRoots\n\n## Generating the Graph\n\nAssuming you have configured AWS CLI credentials\n(see <https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html>),\nrun:\n\n    altimeter <path-to-config>\n\nThis will scan all resources in regions specified in the config file.\n\nThe full path to the generated RDF file will printed, for example:\n\n    Created /tmp/altimeter/20191018/1571425383/graph.rdf\n\nThis RDF file can then be loaded into a triplestore such as Neptune or\nBlazegraph for querying.\n\nFor more user documentation see <https://tableau.github.io/altimeter/>\n\n\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "Graph AWS resources in Neptune",
    "version": "6.4.25",
    "project_urls": {
        "Homepage": "https://github.com/tableau/altimeter"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "5887193a3d3fc931855b71a504c186ee55a6544cff6ee5dc2064d383f95b3615",
                "md5": "5538670e270f95bd8ca6b8ecdcb2c953",
                "sha256": "3ee3462ce4bcc8d32463c90427f08418a2d205affeb4bee42225d622ee6140e8"
            },
            "downloads": -1,
            "filename": "altimeter-6.4.25-py2.py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "5538670e270f95bd8ca6b8ecdcb2c953",
            "packagetype": "bdist_wheel",
            "python_version": "py2.py3",
            "requires_python": ">=3.8,<3.10",
            "size": 230156,
            "upload_time": "2023-12-20T21:54:16",
            "upload_time_iso_8601": "2023-12-20T21:54:16.530339Z",
            "url": "https://files.pythonhosted.org/packages/58/87/193a3d3fc931855b71a504c186ee55a6544cff6ee5dc2064d383f95b3615/altimeter-6.4.25-py2.py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-12-20 21:54:16",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "tableau",
    "github_project": "altimeter",
    "travis_ci": false,
    "coveralls": true,
    "github_actions": true,
    "requirements": [],
    "tox": true,
    "lcname": "altimeter"
}
        
Elapsed time: 4.19660s