├── .gitignore ├── .gitmodules ├── .travis.yml ├── CloudFormationTemplates ├── BaseConfig-Master-001-IAM-Global-Wait.json ├── Readme.md ├── Scout2-Master-001-IAMPolicies-Global-Wait.json ├── Scout2-Master-002-IAMRoles-Global-Wait.json ├── Scout2-Master-003-IAMGroups-Global-Wait.json ├── Scout2-Master-004-IAMUsers-Global-Wait.json ├── SecurityAlerts-Master-001-SNSTopic-Global.yml ├── SecurityAlerts-Target-001-CloudwatchEventsForwarding-Region.yml ├── Stackset-Master-001-AdministrationRole-Global.yml └── Stackset-Target-001-ExecutionRole-Global.yml ├── IAM-Policies ├── CredentialsSelfManagement-Minimal.json ├── CredentialsSelfManagement-WithGetPasswordPolicy.json ├── EnforceIPAddressWhitelist.json ├── EnforceMFA-12HourSession-AllowEnableMFARecipes.json ├── EnforceMFA-12HourSession-Strict.json ├── EnforceMFA-8HourSession-AllowEnableMFAChangePassword.json ├── EnforceMFA-8HourSession-AllowEnableMFARecipes.json ├── EnforceMFA-8HourSession-Strict.json ├── EnforceTLS.json ├── Scout2-Default.json └── descriptions │ ├── CredentialsSelfManagement-Minimal.txt │ ├── CredentialsSelfManagement-WithGetPasswordPolicy.txt │ ├── EnforceIPAddressWhitelist.txt │ ├── EnforceMFA-12HourSession-AllowEnableMFARecipes.txt │ ├── EnforceMFA-12HourSession-Strict.txt │ ├── EnforceMFA-8HourSession-AllowEnableMFAChangePassword.txt │ ├── EnforceMFA-8HourSession-AllowEnableMFARecipes.txt │ ├── EnforceMFA-8HourSession-Strict.txt │ ├── EnforceTLS.txt │ └── Scout2-Default.txt ├── LICENSE ├── Python ├── README.md ├── awsrecipes_assume_role.py ├── awsrecipes_configure_iam.py ├── awsrecipes_configure_organization_profiles.py ├── awsrecipes_create_cloudformation_stack.py ├── awsrecipes_create_default_iam_groups.py ├── awsrecipes_create_iam_policy.py ├── awsrecipes_create_iam_user.py ├── awsrecipes_create_ip_ranges.py ├── awsrecipes_delete_iam_user.py ├── awsrecipes_deploy_stacks.py ├── awsrecipes_empty_default_security_groups.py ├── awsrecipes_enable_mfa.py ├── awsrecipes_enable_organization_forward_events.py ├── awsrecipes_get_all_ips.py ├── awsrecipes_get_cloudtrail_logs.py ├── awsrecipes_get_iam_permissions.py ├── awsrecipes_init_sts_session.py ├── awsrecipes_rotate_my_key.py ├── awsrecipes_sort_iam_users.py └── requirements.txt ├── README.md ├── requirements.txt └── tests ├── IAM-policies.py ├── data ├── ip-ranges-1.csv ├── ip-ranges-2.csv ├── ip-ranges-3.csv └── ip-ranges-4.csv ├── local.py ├── results ├── ip-ranges-1a.json ├── ip-ranges-1b.json ├── ip-ranges-1c.json ├── ip-ranges-1d.json ├── ip-ranges-2a.json ├── ip-ranges-2b.json ├── ip-ranges-3a.json └── ip-ranges-4a.json └── test-python.py /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/.gitignore -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/.travis.yml -------------------------------------------------------------------------------- /CloudFormationTemplates/BaseConfig-Master-001-IAM-Global-Wait.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/CloudFormationTemplates/BaseConfig-Master-001-IAM-Global-Wait.json -------------------------------------------------------------------------------- /CloudFormationTemplates/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/CloudFormationTemplates/Readme.md -------------------------------------------------------------------------------- /CloudFormationTemplates/Scout2-Master-001-IAMPolicies-Global-Wait.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/CloudFormationTemplates/Scout2-Master-001-IAMPolicies-Global-Wait.json -------------------------------------------------------------------------------- /CloudFormationTemplates/Scout2-Master-002-IAMRoles-Global-Wait.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/CloudFormationTemplates/Scout2-Master-002-IAMRoles-Global-Wait.json -------------------------------------------------------------------------------- /CloudFormationTemplates/Scout2-Master-003-IAMGroups-Global-Wait.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/CloudFormationTemplates/Scout2-Master-003-IAMGroups-Global-Wait.json -------------------------------------------------------------------------------- /CloudFormationTemplates/Scout2-Master-004-IAMUsers-Global-Wait.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/CloudFormationTemplates/Scout2-Master-004-IAMUsers-Global-Wait.json -------------------------------------------------------------------------------- /CloudFormationTemplates/SecurityAlerts-Master-001-SNSTopic-Global.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/CloudFormationTemplates/SecurityAlerts-Master-001-SNSTopic-Global.yml -------------------------------------------------------------------------------- /CloudFormationTemplates/SecurityAlerts-Target-001-CloudwatchEventsForwarding-Region.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/CloudFormationTemplates/SecurityAlerts-Target-001-CloudwatchEventsForwarding-Region.yml -------------------------------------------------------------------------------- /CloudFormationTemplates/Stackset-Master-001-AdministrationRole-Global.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/CloudFormationTemplates/Stackset-Master-001-AdministrationRole-Global.yml -------------------------------------------------------------------------------- /CloudFormationTemplates/Stackset-Target-001-ExecutionRole-Global.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/CloudFormationTemplates/Stackset-Target-001-ExecutionRole-Global.yml -------------------------------------------------------------------------------- /IAM-Policies/CredentialsSelfManagement-Minimal.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/CredentialsSelfManagement-Minimal.json -------------------------------------------------------------------------------- /IAM-Policies/CredentialsSelfManagement-WithGetPasswordPolicy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/CredentialsSelfManagement-WithGetPasswordPolicy.json -------------------------------------------------------------------------------- /IAM-Policies/EnforceIPAddressWhitelist.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/EnforceIPAddressWhitelist.json -------------------------------------------------------------------------------- /IAM-Policies/EnforceMFA-12HourSession-AllowEnableMFARecipes.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/EnforceMFA-12HourSession-AllowEnableMFARecipes.json -------------------------------------------------------------------------------- /IAM-Policies/EnforceMFA-12HourSession-Strict.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/EnforceMFA-12HourSession-Strict.json -------------------------------------------------------------------------------- /IAM-Policies/EnforceMFA-8HourSession-AllowEnableMFAChangePassword.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/EnforceMFA-8HourSession-AllowEnableMFAChangePassword.json -------------------------------------------------------------------------------- /IAM-Policies/EnforceMFA-8HourSession-AllowEnableMFARecipes.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/EnforceMFA-8HourSession-AllowEnableMFARecipes.json -------------------------------------------------------------------------------- /IAM-Policies/EnforceMFA-8HourSession-Strict.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/EnforceMFA-8HourSession-Strict.json -------------------------------------------------------------------------------- /IAM-Policies/EnforceTLS.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/EnforceTLS.json -------------------------------------------------------------------------------- /IAM-Policies/Scout2-Default.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/Scout2-Default.json -------------------------------------------------------------------------------- /IAM-Policies/descriptions/CredentialsSelfManagement-Minimal.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/descriptions/CredentialsSelfManagement-Minimal.txt -------------------------------------------------------------------------------- /IAM-Policies/descriptions/CredentialsSelfManagement-WithGetPasswordPolicy.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/descriptions/CredentialsSelfManagement-WithGetPasswordPolicy.txt -------------------------------------------------------------------------------- /IAM-Policies/descriptions/EnforceIPAddressWhitelist.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/descriptions/EnforceIPAddressWhitelist.txt -------------------------------------------------------------------------------- /IAM-Policies/descriptions/EnforceMFA-12HourSession-AllowEnableMFARecipes.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/descriptions/EnforceMFA-12HourSession-AllowEnableMFARecipes.txt -------------------------------------------------------------------------------- /IAM-Policies/descriptions/EnforceMFA-12HourSession-Strict.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/descriptions/EnforceMFA-12HourSession-Strict.txt -------------------------------------------------------------------------------- /IAM-Policies/descriptions/EnforceMFA-8HourSession-AllowEnableMFAChangePassword.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/descriptions/EnforceMFA-8HourSession-AllowEnableMFAChangePassword.txt -------------------------------------------------------------------------------- /IAM-Policies/descriptions/EnforceMFA-8HourSession-AllowEnableMFARecipes.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/descriptions/EnforceMFA-8HourSession-AllowEnableMFARecipes.txt -------------------------------------------------------------------------------- /IAM-Policies/descriptions/EnforceMFA-8HourSession-Strict.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/IAM-Policies/descriptions/EnforceMFA-8HourSession-Strict.txt -------------------------------------------------------------------------------- /IAM-Policies/descriptions/EnforceTLS.txt: -------------------------------------------------------------------------------- 1 | Deny all actions if plaintext HTTP is used to access the AWS API. 2 | -------------------------------------------------------------------------------- /IAM-Policies/descriptions/Scout2-Default.txt: -------------------------------------------------------------------------------- 1 | Minimal IAM policy to run Scout2 with the default arguments. 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/LICENSE -------------------------------------------------------------------------------- /Python/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/README.md -------------------------------------------------------------------------------- /Python/awsrecipes_assume_role.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_assume_role.py -------------------------------------------------------------------------------- /Python/awsrecipes_configure_iam.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_configure_iam.py -------------------------------------------------------------------------------- /Python/awsrecipes_configure_organization_profiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_configure_organization_profiles.py -------------------------------------------------------------------------------- /Python/awsrecipes_create_cloudformation_stack.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_create_cloudformation_stack.py -------------------------------------------------------------------------------- /Python/awsrecipes_create_default_iam_groups.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_create_default_iam_groups.py -------------------------------------------------------------------------------- /Python/awsrecipes_create_iam_policy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_create_iam_policy.py -------------------------------------------------------------------------------- /Python/awsrecipes_create_iam_user.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_create_iam_user.py -------------------------------------------------------------------------------- /Python/awsrecipes_create_ip_ranges.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_create_ip_ranges.py -------------------------------------------------------------------------------- /Python/awsrecipes_delete_iam_user.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_delete_iam_user.py -------------------------------------------------------------------------------- /Python/awsrecipes_deploy_stacks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_deploy_stacks.py -------------------------------------------------------------------------------- /Python/awsrecipes_empty_default_security_groups.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_empty_default_security_groups.py -------------------------------------------------------------------------------- /Python/awsrecipes_enable_mfa.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_enable_mfa.py -------------------------------------------------------------------------------- /Python/awsrecipes_enable_organization_forward_events.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_enable_organization_forward_events.py -------------------------------------------------------------------------------- /Python/awsrecipes_get_all_ips.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_get_all_ips.py -------------------------------------------------------------------------------- /Python/awsrecipes_get_cloudtrail_logs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_get_cloudtrail_logs.py -------------------------------------------------------------------------------- /Python/awsrecipes_get_iam_permissions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_get_iam_permissions.py -------------------------------------------------------------------------------- /Python/awsrecipes_init_sts_session.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_init_sts_session.py -------------------------------------------------------------------------------- /Python/awsrecipes_rotate_my_key.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_rotate_my_key.py -------------------------------------------------------------------------------- /Python/awsrecipes_sort_iam_users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/awsrecipes_sort_iam_users.py -------------------------------------------------------------------------------- /Python/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/Python/requirements.txt -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/README.md -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | Python/requirements.txt -------------------------------------------------------------------------------- /tests/IAM-policies.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/IAM-policies.py -------------------------------------------------------------------------------- /tests/data/ip-ranges-1.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/data/ip-ranges-1.csv -------------------------------------------------------------------------------- /tests/data/ip-ranges-2.csv: -------------------------------------------------------------------------------- 1 | 1.2.3.4,a1,b1 2 | 5.6.7.8,a2,b2 3 | -------------------------------------------------------------------------------- /tests/data/ip-ranges-3.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/data/ip-ranges-3.csv -------------------------------------------------------------------------------- /tests/data/ip-ranges-4.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/data/ip-ranges-4.csv -------------------------------------------------------------------------------- /tests/local.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/local.py -------------------------------------------------------------------------------- /tests/results/ip-ranges-1a.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/results/ip-ranges-1a.json -------------------------------------------------------------------------------- /tests/results/ip-ranges-1b.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/results/ip-ranges-1b.json -------------------------------------------------------------------------------- /tests/results/ip-ranges-1c.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/results/ip-ranges-1c.json -------------------------------------------------------------------------------- /tests/results/ip-ranges-1d.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/results/ip-ranges-1d.json -------------------------------------------------------------------------------- /tests/results/ip-ranges-2a.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/results/ip-ranges-2a.json -------------------------------------------------------------------------------- /tests/results/ip-ranges-2b.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/results/ip-ranges-2b.json -------------------------------------------------------------------------------- /tests/results/ip-ranges-3a.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/results/ip-ranges-3a.json -------------------------------------------------------------------------------- /tests/results/ip-ranges-4a.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/results/ip-ranges-4a.json -------------------------------------------------------------------------------- /tests/test-python.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/AWS-recipes/HEAD/tests/test-python.py --------------------------------------------------------------------------------