cloudtracker
cloudtracker copied to clipboard
duo-labs
CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
Currently, the keyword argument **python_requires** of **setup()** is not set, and thus it is assumed that this distribution is compatible with all Python versions. However, I found it is not...
Do we have any details beyond the simple action that's needed or not needed? Is there a way to see, for example, that putobject was needed, but not for ALL...
Having an issue with the CloudTracker output. According to the documentation CloudTracker shows a diff of the privileges granted vs used. The symbols mean the following: "No symbol" means this...
It appears that cloudtracker doesn't enumerate the full list of granted permissions for both users and roles that utilize [the "NotAction" clause](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html). **Example** IAM Policy: ``` { "Sid": "AllowAllOperationsExceptIamAndCloudTrail", "Effect":...
Have a few feature requests that will make my life easier and not have me refactor/rewrite the code. _If some or all of these are already covered by some existing...
Although the use of ElasticSearch is very flexible, faster, and cheaper than Athena for people that already have it, it is not popular and it would be better to focus...
Let's say this tool has told you that a user has some unused privilege. The next thing you'll want to know is why the user has that privilege in the...
At least, sqs:ReceiveMessage (and various other sqs APIs) do not actually appear in cloudtrail. The only sqs related ones I actually see in cloudtrail across several accounts over the past...
I was informed that CloudTracker was showing a `-` next to `cloudwatch:putmetricdata`. I'm guessing this is a result of #58. I need to check what happened there. I believe also...