duo-labs / cloudtracker

CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
BSD 3-Clause "New" or "Revised" License
887 stars 111 forks source link

Feature requests #69

Open maheshkukreja1 opened 4 years ago

maheshkukreja1 commented 4 years ago

Have a few feature requests that will make my life easier and not have me refactor/rewrite the code.

If some or all of these are already covered by some existing functionality, I apologize for missing it.

1. Ability to modify the CloudTrail log path mentioned in athena.py

cloudtrail_log_path = 's3://{bucket}/{path}/AWSLogs/{account_id}/CloudTrail'

Reasoning: My CloudTrail log path may not always be AWSLogs/{account_id}/CloudTrail

2. Ability to handle scenario wherein an organization may have multiple accounts and CloudTrail logs are stored in a centralized manner in a particular account

For example, we have three accounts account_1, account_2, and account_3. account_1 and account_2 are my prod & dev accounts respectively. account_3 is my monitoring account where I have a custom Lambda for pulling in CloudTrail logs from account_1 and account_2 and storing in an S3 bucket in account_3.

When running queries, cloudtracker would need to interact with both the target account (prod or dev) and account_3.

3. Ability to generate reports in json/csv format

This will help feed results into tools like Splunk.

4. Ability to provide a --profile argument while executing cloudtracker

Reasoning: My AWS credentials may be stored in a profile other than default