├── .gitignore ├── Gemfile ├── LICENSE.md ├── README.md ├── Rakefile ├── lib └── cfn-leaprog │ ├── aws_services.rb │ ├── cloudformation.rb │ ├── cloudtrail │ ├── admin_role.rb │ ├── cloud_formation_converger_with_role.rb │ ├── cloudwatch_logs.rb │ ├── cloudwatch_logs_event_filter.rb │ ├── events_dao.rb │ ├── handler.rb │ └── policy_generator.rb │ ├── iam_metadata.rb │ ├── logging.rb │ ├── policy.rb │ ├── policy_renderer.rb │ └── scraper │ ├── cfn_stack_events_scraper.rb │ ├── clients.rb │ ├── cloudformation_stack_events.rb │ ├── iam_role.rb │ └── scraper_least_privilege_role_generator.rb ├── spec ├── cloudtrail │ ├── admin_role_spec.rb │ ├── cloud_formation_converger_with_role_spec.rb │ ├── cloudwatch_logs_event_filter_spec.rb │ ├── cloudwatch_logs_spec.rb │ ├── events_dao_spec.rb │ ├── local_dynamo.yml │ └── localstack.yml ├── cloudtrail_events_examples │ └── create_table.json ├── policy_spec.rb ├── scraper │ └── scraper_least_privilege_role_generator_spec.rb └── test_templates │ ├── DynamoDB_Table.template │ ├── DynamoDB_Table2.template │ ├── ElastiCache_Redis.template │ ├── S3_Website_Bucket_With_Retain_On_Delete.template │ └── parameters │ ├── ddb.json │ ├── ddb2.json │ └── redis.json ├── stack_master.yml └── templates ├── cloudtrail.template.yml └── cloudtrail_events.template.yml /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | *.gem 3 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/Gemfile -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/LICENSE.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/README.md -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/Rakefile -------------------------------------------------------------------------------- /lib/cfn-leaprog/aws_services.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/aws_services.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/cloudformation.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/cloudformation.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/cloudtrail/admin_role.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/cloudtrail/admin_role.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/cloudtrail/cloud_formation_converger_with_role.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/cloudtrail/cloud_formation_converger_with_role.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/cloudtrail/cloudwatch_logs.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/cloudtrail/cloudwatch_logs.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/cloudtrail/cloudwatch_logs_event_filter.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/cloudtrail/cloudwatch_logs_event_filter.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/cloudtrail/events_dao.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/cloudtrail/events_dao.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/cloudtrail/handler.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/cloudtrail/handler.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/cloudtrail/policy_generator.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/cloudtrail/policy_generator.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/iam_metadata.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/iam_metadata.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/logging.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/logging.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/policy.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/policy.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/policy_renderer.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/policy_renderer.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/scraper/cfn_stack_events_scraper.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/scraper/cfn_stack_events_scraper.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/scraper/clients.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/scraper/clients.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/scraper/cloudformation_stack_events.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/scraper/cloudformation_stack_events.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/scraper/iam_role.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/scraper/iam_role.rb -------------------------------------------------------------------------------- /lib/cfn-leaprog/scraper/scraper_least_privilege_role_generator.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/lib/cfn-leaprog/scraper/scraper_least_privilege_role_generator.rb -------------------------------------------------------------------------------- /spec/cloudtrail/admin_role_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/cloudtrail/admin_role_spec.rb -------------------------------------------------------------------------------- /spec/cloudtrail/cloud_formation_converger_with_role_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/cloudtrail/cloud_formation_converger_with_role_spec.rb -------------------------------------------------------------------------------- /spec/cloudtrail/cloudwatch_logs_event_filter_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/cloudtrail/cloudwatch_logs_event_filter_spec.rb -------------------------------------------------------------------------------- /spec/cloudtrail/cloudwatch_logs_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/cloudtrail/cloudwatch_logs_spec.rb -------------------------------------------------------------------------------- /spec/cloudtrail/events_dao_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/cloudtrail/events_dao_spec.rb -------------------------------------------------------------------------------- /spec/cloudtrail/local_dynamo.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/cloudtrail/local_dynamo.yml -------------------------------------------------------------------------------- /spec/cloudtrail/localstack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/cloudtrail/localstack.yml -------------------------------------------------------------------------------- /spec/cloudtrail_events_examples/create_table.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/cloudtrail_events_examples/create_table.json -------------------------------------------------------------------------------- /spec/policy_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/policy_spec.rb -------------------------------------------------------------------------------- /spec/scraper/scraper_least_privilege_role_generator_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/scraper/scraper_least_privilege_role_generator_spec.rb -------------------------------------------------------------------------------- /spec/test_templates/DynamoDB_Table.template: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/test_templates/DynamoDB_Table.template -------------------------------------------------------------------------------- /spec/test_templates/DynamoDB_Table2.template: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/test_templates/DynamoDB_Table2.template -------------------------------------------------------------------------------- /spec/test_templates/ElastiCache_Redis.template: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/test_templates/ElastiCache_Redis.template -------------------------------------------------------------------------------- /spec/test_templates/S3_Website_Bucket_With_Retain_On_Delete.template: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/test_templates/S3_Website_Bucket_With_Retain_On_Delete.template -------------------------------------------------------------------------------- /spec/test_templates/parameters/ddb.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/test_templates/parameters/ddb.json -------------------------------------------------------------------------------- /spec/test_templates/parameters/ddb2.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/test_templates/parameters/ddb2.json -------------------------------------------------------------------------------- /spec/test_templates/parameters/redis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/spec/test_templates/parameters/redis.json -------------------------------------------------------------------------------- /stack_master.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/stack_master.yml -------------------------------------------------------------------------------- /templates/cloudtrail.template.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/templates/cloudtrail.template.yml -------------------------------------------------------------------------------- /templates/cloudtrail_events.template.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cfn-leaprog/HEAD/templates/cloudtrail_events.template.yml --------------------------------------------------------------------------------