Kali Linux AWS tested? about cs-suite HOT 5 CLOSED

Can you also share the error's being thrown out as well.. when you run the cs.py
Let me also update on what kind of IAM policy is exactly required.

from cs-suite.

There are quite a few error warnings - so many that I will list the first bunch (with the username redacted) but that shouldn't be considered an exhaustive list. As for IAM policy requirement, I'm completely new to AWS and figured that locking down my first/new instance would be a good learning exercise so I'm not really sure about IAM policy requirements. I'm just running a Kali Linux AMI that I ssh into for now. Eventually, I'll setup a fresh instance with lessons learned to enable MetaSploit listeners and probably a SimpleHttpServer process. My current IAM setup has AmazonInspectorReadOnlyAccess, AmazonS3ReadOnlyAccess, and AWSQuickSightListIAM and the only reason I've set that up is to use CS_Suite.

• An error occurred (AccessDeniedException) when calling the ListDomainNames operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: es:ListDomainNames on resource: arn:aws:es:ap-south-1:028895166295:domain/*
• An error occurred (UnauthorizedOperation) when calling the DescribeRegions operation: You are not authorized to perform this operation.
• An error occurred (AccessDeniedException) when calling the DescribeConfigurationRecorders operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: config:DescribeConfigurationRecorders
• An error occurred (AccessDenied) when calling the DescribeLoadBalancers operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: elasticloadbalancing:DescribeLoadBalancers
• An error occurred (AccessDenied) when calling the ListStacks operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: cloudformation:ListStacks
• An error occurred (AccessDenied) when calling the DescribeReplicationGroups operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: elasticache:DescribeReplicationGroups
  - groups policies roles users credential_report password_policy
• An error occurred (AccessDenied) when calling the DescribeClusters operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: redshift:DescribeClusters on resource: arn:aws:redshift:ap-south-1:028895166295:cluster:*
• An error occurred (AccessDenied) when calling the GetPolicyVersion operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: iam:GetPolicyVersion on resource: policy arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM version v1

Then I receive this over and over from prowler that seems to be running in it's own process:

• An error occurred (AccessDenied) when calling the GenerateCredentialReport operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: iam:GenerateCredentialReport on resource: *

from cs-suite.

Yes.Got the error part of out of range index ([0]) ....will fix this
Also can you provide read access to all the services for the AWS access keys
That should resolve the above issue

from cs-suite.

Here is the policy name
arn:aws:iam::aws:policy/ReadOnlyAccess

from cs-suite.

Much better now - not sure why I was unable to find it searching for "ReadOnly" but the fully qualified policy name located the right one and everything is happy now. Thanks.

from cs-suite.