Scanning a single AWS account
Scanning the Authorization Details file
Now that we've downloaded the account authorization file, we can scan all of the AWS IAM policies with cloudsplaining
.
Run the following command:
cloudsplaining scan --exclusions-file exclusions.yml --input-file examples/files/example.json --output examples/files/
It will create an HTML report like this:
It will also create a raw JSON data file:
default-iam-results.json
: This contains the raw JSON output of the report. You can use this data file for operating on the scan results for various purposes. For example, you could write a Python script that parses this data and opens up automated JIRA issues or Salesforce Work Items. An example entry is shown below. The full example can be viewed at examples/output/example-authz-details-results.json
{
"example-authz-details": [
{
"AccountID": "012345678901",
"ManagedBy": "Customer",
"PolicyName": "InsecureUserPolicy",
"Arn": "arn:aws:iam::012345678901:user/userwithlotsofpermissions",
"ActionsCount": 2,
"ServicesCount": 1,
"Actions": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Services": [
"s3"
]
}
]
}