$ trivy plugin install github.com/aquasecurity/trivy-awsScan an AWS account for misconfigurations. Trivy uses the same authentication methods as the AWS CLI. See https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
The following services are supported:
- accessanalyzer
- api-gateway
- athena
- cloudfront
- cloudtrail
- cloudwatch
- codebuild
- documentdb
- dynamodb
- ec2
- ecr
- ecs
- efs
- eks
- elasticache
- elasticsearch
- elb
- emr
- iam
- kinesis
- kms
- lambda
- mq
- msk
- neptune
- rds
- redshift
- s3
- sns
- sqs
- ssm
- workspaces
Usage:
trivy aws-scan [flags]
Examples:
# basic scanning
$ trivy aws-scan --region us-east-1
# limit scan to a single service:
$ trivy aws-scan --region us-east-1 --service s3
# limit scan to multiple services:
$ trivy aws-scan --region us-east-1 --service s3 --service ec2
# force refresh of cache for fresh results
$ trivy aws-scan --region us-east-1 --update-cachetrivy-aws is the AWS misconfiguration scanning logic for Trivy
Please see ARCHITECTURE.md for more information.
trivy-aws is an Aqua Security open source project. Learn about our open source work and portfolio here. Join the community, and talk to us about any matter in GitHub Discussion.