Coder Social home page Coder Social logo

antiope's Introduction

Antiope

AWS Inventory & Compliance Framework

Purpose

Antiope (PRONO An-Tie-Oh-Pee) is intended to be an open sourced framework for managing resources across hundreds of AWS Accounts. From a trusted Security Account, Antiope will leverage Cross Account Assume Roles to gather up resource data and store them in an inventory bucket. This bucket can then be index by ELK or your SEIM of choice to provide easy searching of resources across hundreds of AWS accounts.

What it current collects

Antiope is given a list of AWS Organizational parent accounts, and will inventory all of the AWS accounts under those parents. For each of the parent & child accounts it will then gather:

  1. S3 Buckets, and associated attributes of the bucket
  2. VPCs, and the number of EC2 Instances in each VPC
  3. Route53 Hosted Zones
  4. Route53 Registered Domains
  5. EC2 Instances
  6. EC2 Security Groups
  7. IAM Users
  8. IAM Roles (and the AWS accounts that are trusted by the roles)
  9. All Elastic Network Interfaces (ENIs) in each VPC, and any PublicIP addresses associated to the ENIs
  10. Personal Health Data events for each account.

All resources are dropped as individual json files into the S3 Bucket of your choosing under /Resources/<type>-<resource_id>.json

Future things to collect:

  • RDS Databases
  • DirectConnect & VPN Connections
  • CloudFormation Stacks & Templates

Structure of the Bucket

    /Resources/ - All the json files generated by the Inventory Phase
    /Health/ - All the Personal Health Events
    /lambda-packages/ - location of the zip files hosting the lambda

Resource Prefix:

Most resources use the normal resource prefix (vpc- for VPC, i- for Instances, etc). Where the unique identifier for the resource didn't have a prefix, or where the resource name can be duplicated across accounts, Antiope prepends a resource prefix. The following prefixes are inventoried:

  • bucket
  • domain - Domains Registered via Route53 Domains. Each domain is globally unique, so AWS accounts aren't part of the object key
  • hostedzone - Domains hosted in Route53. There can be multiple hosted zones with the same domain name, so the HostedZone ID is used
  • role - IAM Roles. These are not globally unique, so the account_id is part of the object name
  • user - IAM Users. These are not globally unique, so the account_id is part of the object name

antiope's People

Contributors

jchrisfarris avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.