aws-summarize-account-activity Logo

aws-summarize-account-activity

0
Free
Visit Website

Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used. The summary is written to a JSON output file and can optionally be visualized as PNG files. Usage: - Make sure you have AWS credentials configured for your target account. - This can either be done using environment variables or by specifying a named profile in the optional --profile argument. Example run: - pip install -r requirements.txt - python aws_summarize_account_activity.py Supported arguments: - All arguments are optional: --activity-type {ALL,SUCCESSFUL,FAILED}: type of CloudTrail data to analyze: all API calls (default), only successful API calls, or only API calls that AWS declined with an error message --dump-raw-cloudtrail-data: store a copy of all gathered CloudTrail data in JSONL format --past-hours HOURS: hours of CloudTrail data to look back and analyze default: 336 (=14 days), minimum: 1, maximum: 2160 (=90 days) --plot-results: generate PNG files that visualize the JSON output file --profile PROFILE: named AWS profile to use when running the command Notes: - The script requires AWS credentials to access the CloudTrail data.

FEATURES

ALTERNATIVES

S3Scanner scans for misconfigured S3 buckets across S3-compatible APIs, identifying potential security vulnerabilities and data exposure risks.

Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.

Cloud security platform that provides configuration monitoring, compliance management, and security analysis across multi-cloud environments.

Commercial

A tool to analyze and audit AWS environments for security issues and misconfigurations.

In-depth analysis and insights on various cloud security topics by Rhino Security Labs team

Cloud Security Dashboard with AWS CIS Security Benchmarks and JIRA integration.

A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.

A security tool to identify interesting files in AWS S3 buckets