Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DC] IAM Connector #337

Merged
merged 10 commits into from
Oct 1, 2019
Merged

[DC] IAM Connector #337

merged 10 commits into from
Oct 1, 2019

Conversation

alldoami
Copy link
Contributor

@alldoami alldoami commented Sep 23, 2019
edited
Loading

Tested with python:

import src.connectors.aws_inventory as aws_inventory
options = {"connection_type": "IAM", "aws_access_key": "xxxx", "aws_secret_key": "xxxx", "accounts_connection_name": "AWS_ACCOUNTS_DEFAULT_CONNECTION"}
print([x for x in aws_inventory.ingest("AWS_ASSET_INV_IAM_DEFAULT_CONNECTION", options)])

@alldoami alldoami changed the title [DRAFT] [DC] IAM Connector [DC] IAM Connector Sep 24, 2019
@alldoami alldoami marked this pull request as ready for review September 24, 2019 16:03
edulop91
edulop91 reviewed Sep 25, 2019
View reviewed changes
Copy link
Contributor

@edulop91 edulop91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Collect AWS EC2, SG, ELB assets using an Access Key or privileged Role

At the top of the file. You probably also want to update that to reflect you can capture IAM users as well

@sfc-gh-gbutzi
Copy link
Contributor

This looks good to me; can you add a note describing how you tested it?

@edulop91
Copy link
Contributor

python:

import src.connectors.aws_inventory as aws_inventory
options = {"connection_type": "IAM", "aws_access_key": "xxxx", "aws_secret_key": "xxxx", "accounts_connection_name": "AWS_ACCOUNTS_DEFAULT_CONNECTION"}
print([x for x in aws_inventory.ingest("AWS_ASSET_INV_IAM_DEFAULT_CONNECTION", options)])

@sfc-gh-afedorov
Copy link
Collaborator

lgtm, although I think this is doubling up with our AWS Config ingestion, which contains IAM changes, as well. there's also a config snapshot API call we could use, but with other APIs this has been the most thorough approach.

since there isn't anything super urgent on the release line right now, I think we can include this in v1.8.7 and push back the release a week (leaving next week for testing)?

@sfc-gh-osinger
Copy link
Contributor

@andrey-snowflake actually this is information that is not brought back by Config. As I was working on CIS AWS Benchmark last week I saw we were missing important details like MFA and last login for users. This was a story in our upcoming sprint so we'll definitely want this one in the next release (pushing it back a week sounds fine to allow for testing). Thank you @alldoami and @edulop91 for putting this one together! I'll share the CIS compliance rules when we have them working with this data.

@sfc-gh-afedorov sfc-gh-afedorov merged commit 68b3b68 into snowflakedb:v1.8.7 Oct 1, 2019
@sfc-gh-afedorov sfc-gh-afedorov mentioned this pull request Oct 2, 2019
Merged
sfc-gh-afedorov pushed a commit that referenced this pull request Oct 7, 2019
@alldoami @sfc-gh-afedorov
[DC] Adds IAM Connection Type to AWS Inventory (#337)
a14d783
sfc-gh-afedorov pushed a commit that referenced this pull request Oct 7, 2019
@alldoami @sfc-gh-afedorov
[DC] Adds IAM Connection Type to AWS Inventory (#337)
6da0735
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edulop91 edulop91 edulop91 left review comments

@sfc-gh-afedorov sfc-gh-afedorov sfc-gh-afedorov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@alldoami @sfc-gh-gbutzi @edulop91 @sfc-gh-afedorov @sfc-gh-osinger