Access Undenied on AWS
Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable fixes. Overview Common use cases Simple Startup Installation - Installation from pip - Installation from source code (development) Usage - Getting events - Permissions - Same account assets only, no SCPs - Cross-account assets and SCPs CLI Commands - Analyze - Get SCPs Output Format Output Fields - AccessDeniedReason: ResultDetails - PoliciesToAdd - ExplicitDenyPolicies Acknowledgements Appendices - Running AccessUndenied from a Lambda function - Setting up a venv - Getting CloudTrail events via the LookupEvents API with the CLI - Getting Cloudtrail events from the AWS Console's event history Example Cloudtrail event Least privilege AccessUndenied policy Overview Access Undenied analyzes AWS CloudTrail AccessDenied events, scans the environment to identify and explain the reasons for them, and offers actionable least-privilege remediation suggestions. Common use cases Sometimes, the new and more detailed AccessDenied messages provided by AWS will be sufficient. However, that is not always the case. Some AccessDenied messages do not provide details. Among the serv
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An open source cloud security platform for discovering, prioritizing, and remediating risks in the cloud.
A security tool that monitors AWS objects for ownership attribution, detects domain hijacking, and verifies security services.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used.
A cloud-native application protection platform that provides comprehensive security monitoring, vulnerability management, and threat detection for cloud environments and container workloads.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
A setuid implementation of a subset of user namespaces, providing a way to run unprivileged containers without requiring root privileges.
A command line tool that counts Amazon resources across regions and displays the results in a friendly format.
A tool for pillaging Docker registries to extract image manifests and configurations.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.