git clone https://github.com/te-papa/aws-key-disabler.gitcd grunt/npm install1、设置AWS账号的aws_account_number值; 2、设置first_warning和last_warning,即触发警报邮件(发送至report_to)的天数时间; 3、设置expiry,即密钥超时天数,如果超时,则会通过电子邮件向用户发送提醒; 4、设置serviceaccount,即需要脚本忽略的账户用户名; 5、设置exclusiongroup,即需要脚本忽略的分配给用户的组名; 6、设置send_completion_report值为True以通过SES发送通知邮件; 7、设置report_to,即用于接收警报和报告的邮件地址; 8、设置report_from,即用于发送警告邮件和报告的邮件地址; 9、设置deployment_region,即支持Lambda支持的区域;
aws iam get-usergrunt bumpup && grunt deployLambdaaws lambda invoke --function-name AccessKeyRotation scan.report.log --region us-east-1{"StatusCode": 200}jq '.' scan.report.log{"reportdate": "2016-06-26 10:37:24.071091","users": [ {"username": "TestS3User","userid": "1","keys": [ {"age": 72,"changed": false,"state": "key is already in an INACTIVE state","accesskeyid": "**************Q3GA1" }, {"age": 12,"changed": false,"state": "key is still young","accesskeyid": "**************F3AA2" } ] }, {"username": "BlahUser22","userid": "2","keys": [] }, {"username": "LambdaFake1","userid": "3","keys": [ {"age": 23,"changed": false,"state": "key is due to expire in 1 week (7 days)","accesskeyid": "**************DFG12" }, {"age": 296,"changed": false,"state": "key is already in an INACTIVE state","accesskeyid": "**************4ZASD" } ] }, {"username": "apiuser49","userid": "4","keys": [ {"age": 30,"changed": true,"state": "key is now EXPIRED! Changing key to INACTIVE state","accesskeyid": "**************ER2E2" }, {"age": 107,"changed": false,"state": "key is already in an INACTIVE state","accesskeyid": "**************AWQ4K" } ] }, {"username": "UserEMRKinesis","userid": "5","keys": [ {"age": 30,"changed": false,"state": "key is now EXPIRED! Changing key to INACTIVE state","accesskeyid": "**************MGB41A" } ] }, {"username": "CDN-Drupal","userid": "6","keys": [ {"age": 10,"changed": false,"state": "key is still young","accesskeyid": "**************ZDSQ5A" }, {"age": 5,"changed": false,"state": "key is still young","accesskeyid": "**************E3ODA" } ] }, {"username": "ChocDonutUser1","userid": "7","keys": [ {"age": 59,"changed": false,"state": "key is already in an INACTIVE state","accesskeyid": "**************CSA123" } ] }, {"username": "ChocDonut2","userid": "8","keys": [ {"age": 60,"changed": false,"state": "key is already in an INACTIVE state","accesskeyid": "**************FDGD2" } ] }, {"username": "[email protected]","userid": "9","keys": [ {"age": 45,"changed": false,"state": "key is already in an INACTIVE state","accesskeyid": "**************BLQ5GJ" }, {"age": 71,"changed": false,"state": "key is already in an INACTIVE state","accesskeyid": "**************GJFF53" } ] } ]}使用样例一
aws lambda list-functionsopenssl dgst -binary -sha256 ..ReleasesAccessKeyRotationPackage.1.0.18.zip | openssl base64aws lambda invoke --function-name AccessKeyRotation report.log --region us-east-1jq '.' report.logjq '.users[] | select(.username=="johndoe")' report.logjq '.' report.log | grep age | cut -d':' -f2 | sort -n使用样例二
jq 'def maximal_by(f): (map(f) | max) as $mx | .[] | select(f == $mx); .users | maximal_by(.keys[].age)' report.logjq 'def minimal_by(f): (map(f) | min) as $mn | .[] | select(f == $mn); .users | minimal_by(.keys[].age)' report.log
原文始发于微信公众号(FreeBuf):AWS Key disabler:AWS IAM用户访问密钥安全保护工具
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论