Comments (5)
Can you also share the error's being thrown out as well.. when you run the cs.py
Let me also update on what kind of IAM policy is exactly required.
from cs-suite.
There are quite a few error warnings - so many that I will list the first bunch (with the username redacted) but that shouldn't be considered an exhaustive list. As for IAM policy requirement, I'm completely new to AWS and figured that locking down my first/new instance would be a good learning exercise so I'm not really sure about IAM policy requirements. I'm just running a Kali Linux AMI that I ssh into for now. Eventually, I'll setup a fresh instance with lessons learned to enable MetaSploit listeners and probably a SimpleHttpServer process. My current IAM setup has AmazonInspectorReadOnlyAccess, AmazonS3ReadOnlyAccess, and AWSQuickSightListIAM and the only reason I've set that up is to use CS_Suite.
- An error occurred (AccessDeniedException) when calling the ListDomainNames operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: es:ListDomainNames on resource: arn:aws:es:ap-south-1:028895166295:domain/*
- An error occurred (UnauthorizedOperation) when calling the DescribeRegions operation: You are not authorized to perform this operation.
- An error occurred (AccessDeniedException) when calling the DescribeConfigurationRecorders operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: config:DescribeConfigurationRecorders
- An error occurred (AccessDenied) when calling the DescribeLoadBalancers operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: elasticloadbalancing:DescribeLoadBalancers
- An error occurred (AccessDenied) when calling the ListStacks operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: cloudformation:ListStacks
- An error occurred (AccessDenied) when calling the DescribeReplicationGroups operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: elasticache:DescribeReplicationGroups
- groups policies roles users credential_report password_policy
- An error occurred (AccessDenied) when calling the DescribeClusters operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: redshift:DescribeClusters on resource: arn:aws:redshift:ap-south-1:028895166295:cluster:*
- An error occurred (AccessDenied) when calling the GetPolicyVersion operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: iam:GetPolicyVersion on resource: policy arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM version v1
Then I receive this over and over from prowler that seems to be running in it's own process:
- An error occurred (AccessDenied) when calling the GenerateCredentialReport operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: iam:GenerateCredentialReport on resource: *
from cs-suite.
Yes.Got the error part of out of range index ([0]) ....will fix this
Also can you provide read access to all the services for the AWS access keys
That should resolve the above issue
from cs-suite.
Here is the policy name
arn:aws:iam::aws:policy/ReadOnlyAccess
from cs-suite.
Much better now - not sure why I was unable to find it searching for "ReadOnly" but the fully qualified policy name located the right one and everything is happy now. Thanks.
from cs-suite.
Related Issues (20)
- Azure audit fails when Checking if expiry is enabled for vault secret HOT 2
- Check numbers null in AWS assessment result
- 2.x checking issue HOT 2
- UnboundLocalError: local variable 'j_res' referenced before assignment
- [Azure] Err in module "6.1: Checking if any network group allows public access to RDP"
- I want to contribute HOT 1
- Add support to AWS profiles
- Output results as XML
- modules not outputting to json HOT 2
- Python 2 -> 3 upgrade HOT 2
- How to run this in AWS Lambda?
- How can I run this without subscriptions? HOT 1
- Invalid format timestamp HOT 9
- AWS S3 bucket: region eu-west-3 outside of scope
- Azure's vm_agent() function has poorly written if-else blocks resulting in KeyError
- Curl: option -: is unknown HOT 2
- Possible Broken Dashboard HOT 7
- Update Scout2 HOT 1
- Can't find expired certificates listed in the report
- Unable to install CS-Suite with Pyton3 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cs-suite.