Summit Route updates

I want to summarize the public AWS work I've been up to in the past month.

I've expanded the AWS network visualization tool CloudMapper to help with all sorts of AWS auditing needs. It can now collect much of the metadata in an account, storing these as json files to allow you to get point-in-time snapshots of your IAM policies, S3 bucket policies, and much more. This is then used to support new features:

• stats to count the resources used by each AWS service
• sg_ips to perform geoip lookups on all Security Group IPs and map these.
• find_admins to identify IAM users that have admin privileges or can obtain them through privilege escalations.
• public to list all of the network resources that are publicly accessible and what ports they have exposed.
• wot to visualize the "web of trust" of trusted AWS accounts.

The new commands work with multiple accounts (they've been run in environments with over 100 accounts).

I've also posted new AWS related articles:

• How to find all the AWS accounts in use at your company
• How to manage your root MFA
• How to deploy honey tokens
• The naming differences between IAM privileges and CloudTrail logs
• The shortcomings of AWS Managed IAM policies

I'll be in NYC July 17 at the AWS Summit if you'd like to meet up and if you'd like help with your AWS security reach out to me at [email protected]