# assess-mozilla-aws-security-infrastructure
This tool scans Mozilla AWS accounts checking for security infrastructure. It
reports accounts which are missing elements of that infrastructure.
This includes any accounts either missing or with misconfigured
* GuardDuty IAM Roles that the GuardDuty Multi Account Master uses to accept invitations
* GuardDuty relationships between member and parent
* CloudTrail
* Security Audit IAM Roles and Incident Response IAM Roles
* Mozilla Single Sign On (SSO)
## Usage
Run `assess-mozilla-aws-security-infrastructure`
## Future Work
Currently, the tool just prints out information. This could be improved or turned
into machine-readable structured data
The tool does not assess whether there are any IAM users with passwords defined
in an account that has SSO enabled (these IAM users should be removed in favor
of SSO)
Raw data
{
"_id": null,
"home_page": "https://github.com/mozilla/assess-mozilla-aws-security-infrastructure",
"name": "assess-mozilla-aws-security-infrastructure",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "",
"author": "Gene Wood",
"author_email": "gene@mozilla.com",
"download_url": "https://files.pythonhosted.org/packages/00/78/1e0d637fb77a904ce077660cbdb72ea49f2bda7f55c3e0991b98e3c1c9a2/assess-mozilla-aws-security-infrastructure-1.0.tar.gz",
"platform": null,
"description": "# assess-mozilla-aws-security-infrastructure\n\nThis tool scans Mozilla AWS accounts checking for security infrastructure. It\nreports accounts which are missing elements of that infrastructure.\n\nThis includes any accounts either missing or with misconfigured\n\n* GuardDuty IAM Roles that the GuardDuty Multi Account Master uses to accept invitations\n* GuardDuty relationships between member and parent\n* CloudTrail\n* Security Audit IAM Roles and Incident Response IAM Roles\n* Mozilla Single Sign On (SSO)\n\n## Usage\n\nRun `assess-mozilla-aws-security-infrastructure`\n\n## Future Work\n\nCurrently, the tool just prints out information. This could be improved or turned\ninto machine-readable structured data\n\nThe tool does not assess whether there are any IAM users with passwords defined\nin an account that has SSO enabled (these IAM users should be removed in favor\nof SSO)\n\n",
"bugtrack_url": null,
"license": "MPL-2.0",
"summary": "Tool to assess the state of security infrastructure in Mozilla's AWS accounts",
"version": "1.0",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"md5": "a5a32a4bd79b3b0d53cc6dfd9561cf1c",
"sha256": "8e1a16c0a953412e129ae5937b1be40f423563c1009b7622574decf24d79cbaf"
},
"downloads": -1,
"filename": "assess_mozilla_aws_security_infrastructure-1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "a5a32a4bd79b3b0d53cc6dfd9561cf1c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 15261,
"upload_time": "2022-12-09T23:07:51",
"upload_time_iso_8601": "2022-12-09T23:07:51.849656Z",
"url": "https://files.pythonhosted.org/packages/bc/e3/887ce9742fc8a625bce7b3275f5aa5b37f7894a50fe69fce0a9fdbf44397/assess_mozilla_aws_security_infrastructure-1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"md5": "31c7a092d089e8dd878660a38e06d9b8",
"sha256": "81dffbea7f4a2b9df692a0aea379c0b872bc940a000fea42ce89ebdd5856d3bf"
},
"downloads": -1,
"filename": "assess-mozilla-aws-security-infrastructure-1.0.tar.gz",
"has_sig": false,
"md5_digest": "31c7a092d089e8dd878660a38e06d9b8",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 14431,
"upload_time": "2022-12-09T23:07:53",
"upload_time_iso_8601": "2022-12-09T23:07:53.467479Z",
"url": "https://files.pythonhosted.org/packages/00/78/1e0d637fb77a904ce077660cbdb72ea49f2bda7f55c3e0991b98e3c1c9a2/assess-mozilla-aws-security-infrastructure-1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-12-09 23:07:53",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "mozilla",
"github_project": "assess-mozilla-aws-security-infrastructure",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "xdg",
"specs": []
},
{
"name": "boto3",
"specs": []
}
],
"lcname": "assess-mozilla-aws-security-infrastructure"
}