Open ghost opened 3 years ago
Hi @x1337x-sec Thanks for reaching out. As per the current screenshot it looks like the security token is invalid. Maybe it was a temporary token which got invalidated during the scan.
For the IP Audit to run, you have to provide the ec2 instance IP, along with ssh key so it can login and run the scan. AWS Trust Advisor output can be seen when you also add the Support Read Only role to the keys.
Hope it helps. Let me know if I can be of further help.
Where do you place the ec2 instance IP and how would you scan all instances?
Is the Security Token separate to the secret key and secret ID
Currently you can scan only one IP You can watch this here https://www.youtube.com/watch?v=2eW-0bS0Hq8
I guess security token is when you have temporary access like session token?? Not exactly. Are you still facing the same error of token invalid
Yes it is a session toke I defined it in the creds file as
[default] aws_access_key_id = XXXXXXXXXXXXXXXXXXXX aws_secret_access_key = XXXXXXXXXXXXXXXXX aws_session_token= XXXXXXXXXXXXXXXXXXXXX
I now get the following two errors / warnings
/usr/local/lib/python2.7/site-packages/requests/init.py:80: RequestsDependencyWarning: urllib3 (1.25.10) or chardet (3.0.4) doesn't match a supported version! RequestsDependencyWarning) Warning: Unable to determine STS token expiration; later API calls may fail.
Note we use AWS SSO with Okta
I am still seeing errors for example:
(UnrecognizedClientException) when calling the DescribeTrails operation: The security token included in the request is invalid
Also do you have the ARN for read-only support role.
Ok I think it's just a warning, which should be fine
for the other exception arn:aws:iam::aws:policy/ReadOnlyAccess
this should suffice
and add Support Role if you need Trusted Advisor checks
Do you have the support role ARN?
No but I know it is AWS managed policy SupportReadOnly I guess
I setup this tool to run locally using docker. I setup ReadOnlyAccess Policy for AWS:
I now have the final report and I noticed the following sections don't open:
Scout2 IP Audit AWS Trust Advisor
Any idea why?
I also noticed this during the scan might have something to do with it:
For the other reports to work I have to right click and open in new tab.