Access Undenied on AWS
Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable fixes. Overview Common use cases Simple Startup Installation - Installation from pip - Installation from source code (development) Usage - Getting events - Permissions - Same account assets only, no SCPs - Cross-account assets and SCPs CLI Commands - Analyze - Get SCPs Output Format Output Fields - AccessDeniedReason: ResultDetails - PoliciesToAdd - ExplicitDenyPolicies Acknowledgements Appendices - Running AccessUndenied from a Lambda function - Setting up a venv - Getting CloudTrail events via the LookupEvents API with the CLI - Getting Cloudtrail events from the AWS Console's event history Example Cloudtrail event Least privilege AccessUndenied policy Overview Access Undenied analyzes AWS CloudTrail AccessDenied events, scans the environment to identify and explain the reasons for them, and offers actionable least-privilege remediation suggestions. Common use cases Sometimes, the new and more detailed AccessDenied messages provided by AWS will be sufficient. However, that is not always the case. Some AccessDenied messages do not provide details. Among the serv
FEATURES
ALTERNATIVES
Conmachi is a Golang tool for scanning container environments for security issues.
An AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
A workload policy enforcement tool for Kubernetes with various supported policies and configuration options.
A Lambda Function that disables AWS IAM User Access Keys after a set amount of time to reduce the risk associated with old access keys.
A tool for pillaging Docker registries to extract image manifests and configurations.
In-depth analysis and insights on various cloud security topics by Rhino Security Labs team
S3Scanner scans for misconfigured S3 buckets across S3-compatible APIs, identifying potential security vulnerabilities and data exposure risks.
Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.