Skip to content

airman604/aws-scan-automation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

.devcontainer

.devcontainer

 
 

cdk

cdk

 
 

lambda-notifications

lambda-notifications

 
 

lambda-scout

lambda-scout

 
 

terraform

terraform

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

aws_scan_automation.png

aws_scan_automation.png

 
 

aws_scan_automation.puml

aws_scan_automation.puml

 
 

Repository files navigation

Automating Scout Suite Security Scans for AWS

CODE IN THIS REPOSITORY IS PROVIDED FOR DEMONSTRATION PURPOSES ONLY, USE AT YOUR OWN RISK.

Background

See my series of blog posts for more details:

Architecture

AWS scan automation architecture

Deploying using CDK

Pre-requisites:

As an alternative you can open this repository in VS Code with Dev Containers module installed, and click Reopen in Container. The included development container configuration installs all the needed tools (you still need Docker though).

# clone the repository
git clone https://github.com/airman604/aws-scan-automation.git
cd aws-scan-automation

# before continuing, configure AWS CLI with your credentials
aws configure

# bootstrap CDK
# note: you can add --profile AWS_PROFILE to cdk all subsequent cdk
#       commands to use specific AWS CLI profile
cd cdk
npm install
cdk bootstrap

# deploy:
#  - replace the parameter value with your email address
#  - once the stack is deployed, you will get a verification email
#     from AWS SNS, click on the link to confirm your ownership of
#     the email address
cdk deploy --parameters scanResultNotificationEmail=YOUR_EMAIL_HERE

# if at a later point of time you want to delete all the
# deployed resources:
cdk destroy

Deploying Using Terraform

Pre-requisites:

As an alternative you can open this repository in VS Code with Dev Containers module installed, and click Reopen in Container. The included development container configuration installs all the needed tools (you still need Docker though).

# clone the rpository
git clone https://github.com/airman604/aws-scan-automation.git
cd aws-scan-automation

# before continuing, configure AWS CLI with your credentials
aws configure

# download Terraform providers and modules
# note: you can set AWS_PROFILE environment variable to use specific AWS CLI profile
cd terraform
terraform init

# deploy:
#  - Terraform will ask for the email address for the notifier Lambda.
#  - You can add `notification_recipient` parameter to terraform.tfvars file
#     so you don't need to be entering the email address every time you run Terraform.
#  - once the resources are deployed, you will get a verification email
#     from AWS SNS, click on the link to confirm your ownership of
#     the email address
terraform apply

# if at a later point of time you want to delete all the
# deployed resources (note that Terraform will refuse to delete
# the S3 bucket if it's not empty):
terraform destroy

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages