AWS security scans with Scout2

Dig Deep

A Thunder of Hippos

Now for the moment of truth: You can run your sophisticated AWS auditing tool over the AWS collective with the command:

$ Scout2 --profile <name-in-AWS-cred-file> --service iam --regions eu-west-1

First, however, replace the profile name from your ~/.aws/credentials file with the profile variable (e.g., [default] becomes default, in place of <name-in-AWS-cred-file>, and you might need to change your --regions argument if you're not using Dublin, Ireland, as I was.

The resulting report, assuming your browser doesn't open automatically, is found in the file ~/scout2-report/report.html or, if you're root, /root/scout2-report/report.html.

Because I usually run this as root, I tend to copy and chown the whole scout2-report/ directory into my non-privileged user's home directory before clicking on the HTML report, which should pop up in a browser.

Figure 5 shows my report, with the account number redacted for security reasons; the massive number of AWS services is also truncated.

Figure 5: The security scan results show a few warnings in red.

I'm going to leave you to explore the detail offered by the prodigious security tool that is Scout2. Ideally, you should spend some time familiarizing yourself with how AWS grades its security advisories and, more importantly, how you can remediate them. Because of the multitude of AWS services now on offer, there's simply too much to cover here.

To whet your appetite, check out Figure 6, my IAM report dashboard, and Figure 7, a redacted report from another section with a higher level of detail.

Figure 6: The IAM Dashboard is a submenu off the main report screen.
Figure 7: Scout2 offers a bit more detail to explain its helpful findings.

The End

Once you've reviewed your results, I hope you will agree that the Scout2 reports are genuinely comprehensive and allow you to drill down into each section to gain some very useful details on the issues that require fixing. Because the NCC Scout2 tool is actively maintained and used by NCC, it's a good bet that additional AWS features and services will be added in the future to keep it current.

When such excellent security tools exist, you have little excuse not to know about the issues that affect your AWS cloud infrastructure, even if you're reluctant to fix some of them.

I trust you will find Scout2 as valuable in keeping your services running round the clock as I do.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus