search

google / cloud-forensics-utils

Python library to carry out DFIR analysis on the Cloud
Apache License 2.0
466 stars 88 forks source link

Support other sources of credentials for boto3 #202

Closed EmilienCourt closed 4 years ago

EmilienCourt commented 4 years ago

Hi,

Right now, libcloudforensics only supports credentials read from the ~/.aws/config file.

Would you consider adding support for other sources ?

This page lists the configuration possibilities for boto3, which includes passing credentials as parameters when creating a Session object :

import boto3

session = boto3.Session(
    aws_access_key_id=ACCESS_KEY,
    aws_secret_access_key=SECRET_KEY,
    aws_session_token=SESSION_TOKEN
)

Looking at the code from account.py (here), it seems it would only require minor changes (for example an optional switch to use credentials read from CLI/when using the library) to configure boto3 this way.

This would make libclouforensics usable without AWS CLI and without a configuration file, which stores credentials on disk.

This could be useful when integrating libcloudforensics in other projects, which might handle tokens and keys without using the CLI (using get_session_token from boto3 for example).

Regards,

giovannt0 commented 4 years ago

Hi @EmilienCourt, thank you for your suggestion. I've opened #203 which should help you use libcloudforensics with get_session_token. Feel free to chat with us in our slack channel if you have comments or other suggestions (https://github.com/open-source-dfir/slack)

hacktobeer commented 4 years ago

Functionality to use AWS credentials as function parameters should also be added to forensics.py.

giovannt0 commented 4 years ago

For us to have this for both source and dest account would mean an additional 6 parameters, which I'm not a big fan of (this is why I left out the forensics module from the PR in the first place). IMHO it will make things a little messy with so many parameters / options for the CLI

EmilienCourt commented 4 years ago

Agree with @giovannt0, did not realize it would bring that much parameters

hacktobeer commented 4 years ago

Makes sense, had not considered both source and destination.

On Wed, Jul 15, 2020, 19:20 EmilienCourt notifications@github.com wrote:

Agree with @giovannt0 https://github.com/giovannt0, did not realize it would bring that much parameters

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/google/cloud-forensics-utils/issues/202#issuecomment-658894928, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABP5D4HO7HBWS4MG3CBQP4DR3XQMHANCNFSM4OWMRNTQ .