Skip to content
/ sns-secure-cli Public

Public documentation for boltopspro/sns-secure-cli

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

boltops-pro-docs/sns-secure-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
exe
exe
 
 
lib
lib
 
 
spec
spec
 
 
.gitignore
.gitignore
 
 
.rspec
.rspec
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Gemfile
Gemfile
 
 
Guardfile
Guardfile
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
sns-secure.gemspec
sns-secure.gemspec
 
 

Repository files navigation

NOTE: This repo contains only the documentation for the private BoltsOps Pro repo code. Original file: https://github.com/boltopspro/sns-secure-cli/blob/master/README.md The docs are publish so they are available for interested customers. For access to the source code, you must be a paying BoltOps Pro subscriber. If are interested, you can contact us at contact@boltops.com or https://www.boltops.com

sns-secure CLI tool and library

BoltOps Badge

The sns-secure tool can be used to harden your sns topic security posture. The tool is useful if you have a lot of topics to update. It supports:

  • list topics and their encryption status
  • enabling encryption
  • disabling encryption

It is used as part of the Security Controls blueprint:

  • Security Controls: Continuously applies the security-group remedation as well as other remeidations. IE: S3 Buckets, SNS topics, etc.

Usage

sns-secure encrypt TOPIC_ARN # default AWS managed SNS KMS key
sns-secure encrypt TOPIC_ARN --kms-key xxx # CMK key
sns-secure unencrypt TOPIC_ARN
sns-secure show TOPIC_ARN
sns-secure list

Examples with Output

$ sns-secure list
+----------------------------------------------------------------------------+------------+
|                                   Topic                                    | Encrypted? |
+----------------------------------------------------------------------------+------------+
| arn:aws:sns:us-west-2:112233445566:hello-topic                             | false      |
| arn:aws:sns:us-west-2:112233445566:security-controls-SnsTopic-EN5U8KM3PGWV | true       |
+----------------------------------------------------------------------------+------------+
$ sns-secure encrypt arn:aws:sns:us-west-2:112233445566:security-controls-SnsTopic-EN5U8KM3PGWV
The SNS topic is now encrypted with key: alias/aws/sns
$

Batch Commands

There are some supported batch commands:

s3-secure batch encrypt FILE.txt
s3-secure batch encrypt FILE.txt --kms-key xxx # the --kms-key option MUST come at the end
s3-secure batch unencrypt FILE.txt

The format of FILE.txt is a list of SNS topic ARNs separated by newlines. Example:

topics.txt:

arn:aws:sns:us-west-2:112233445566:hello-topic
arn:aws:sns:us-west-2:112233445566:security-controls-SnsTopic-EN5U8KM3PGWV

Installation

Install with:

git clone git@github.com:boltopspro/sns-secure-cli
bundle
rake install

About

Public documentation for boltopspro/sns-secure-cli

Topics

security compliance boltopspro

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages