assetnote / ghostbuster Goto Github PK

View Code? Open in Web Editor NEW

259.0 259.0 33.0 480 KB

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.

License: GNU Affero General Public License v3.0

Makefile 2.98% Python 97.02%

ghostbuster's People

Contributors

Stargazers

Watchers

ghostbuster's Issues

Feature: Explicitly name profiles

It would be great to be able to explicitly give a --profile or --profiles argument to only target a selected account; some of us have an awful lot of accounts in our config.

allregions flag doesn't seem to be working as expected

Good afternoon! When attempting to scan my aws environment across all regions by passing the --allregions flag, I noticed the following error telling me that I needed to specify a region.

shotop@SHOTOP-M-M5DY ansible % ghostbuster scan aws --profile kenna_us_prod --allregions

Obtaining Route53 hosted zones for AWS profile: kenna_us_prod.
Obtained 324 DNS A records so far.
Traceback (most recent call last):
  File "/usr/local/bin/ghostbuster", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/decorators.py", line 73, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/ghostbuster/scan.py", line 265, in aws
    ec2 = boto3.client("ec2")
  File "/usr/local/lib/python3.9/site-packages/boto3/__init__.py", line 93, in client
    return _get_default_session().client(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 270, in client
    return self._session.create_client(
  File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 870, in create_client
    client = client_creator.create_client(
  File "/usr/local/lib/python3.9/site-packages/botocore/client.py", line 91, in create_client
    client_args = self._get_client_args(
  File "/usr/local/lib/python3.9/site-packages/botocore/client.py", line 360, in _get_client_args
    return args_creator.get_client_args(
  File "/usr/local/lib/python3.9/site-packages/botocore/args.py", line 71, in get_client_args
    final_args = self.compute_client_args(
  File "/usr/local/lib/python3.9/site-packages/botocore/args.py", line 148, in compute_client_args
    endpoint_config = self._compute_endpoint_config(
  File "/usr/local/lib/python3.9/site-packages/botocore/args.py", line 234, in _compute_endpoint_config
    return self._resolve_endpoint(**resolve_endpoint_kwargs)
  File "/usr/local/lib/python3.9/site-packages/botocore/args.py", line 320, in _resolve_endpoint
    return endpoint_bridge.resolve(
  File "/usr/local/lib/python3.9/site-packages/botocore/client.py", line 441, in resolve
    resolved = self.endpoint_resolver.construct_endpoint(
  File "/usr/local/lib/python3.9/site-packages/botocore/regions.py", line 181, in construct_endpoint
    result = self._endpoint_for_partition(
  File "/usr/local/lib/python3.9/site-packages/botocore/regions.py", line 215, in _endpoint_for_partition
    raise NoRegionError()
botocore.exceptions.NoRegionError: You must specify a region.

Version 1.0.2 route53 not all A records found

Recent version 1.0.2 founds less records for Route53 that 0.0.7.
It may be connected with pagination errors.
Version 1.0.2:
Obtained 215 DNS A records so far
Version 0.0.7:
Obtained 1377 DNS A records so far.

Support additional types of public IPs

There may be other ways that public IPs get assigned to resources in an AWS account that would be worth adding to the enumeration logic:

Nat Gateways
Eks Clusters
Elastic Load Balancers
Redshift Clusters

These are ones that I'm aware of, there may be others.

Hardcoded `GhostbusterTargetAccountRole` makes it difficult for Control Tower users

Hey, thanks for this great project! I want to use this tool with AWS Control Tower with all the accounts in the organization. One of the features of Control Tower is that every account gets an aws-controltower-ReadOnlyExecutionRole which can be assumed by Lambda functions in the Audit account.

There is an option for setting the name of the role to assume in a CSV file, but I won't have that in a Lambda function, and we want to use the autorole. Currently, when using the autorole, the name of the role assumed in each account is hardcoded to GhostbusterTargetAccountRole.

Ideally, we would make this an input option so that we could use aws-controltower-ReadOnlyExecutionRole or any other role that sits in each of the accounts. Thanks!

# https://tea.xyz/what-is-this-file --- version: 1.0.0 codeOwners: - '0x05bC61Dfb2e55Ce00f605143aEEdCF379AF1d96F' quorum: 1

Support AWS SSO and Organizations

This tool would be amazing for my organization!

However, we leverage AWS SSO to manage access to our hundreds of accounts. It's therefore unfeasible to create specific IAM users and roles for each account.

Instead, it would be great if I could pass an SSO role and either a list of accounts or have the tool automatically query orgs to parse all accounts within our OUs to run in each.

Thanks for working on this (❤️ the name as well!)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.