Securing & strengthening my cloud resources — how?

Refer to T&Cs: https://aws.amazon.com/service-terms/
  • Some basic understanding of AWS
  • Setup and install docker on your own machine
  • Configure an AWS access key that has the ReadOnlyAccess and SecurityAudit policies tagged to it

Creation of the docker image

  1. The choice of base image
  2. Naming conversion to be used in the image
  3. Patching and updating of the image
  4. Installation of additional networking tools
  5. Creation of directories in the image
  6. Installation of Cloud Configuration Review tool (choose the tool you preferred)
  7. Installation CLI Choose the version that suits your current platform)
# using debian base image
FROM debian
# setting standard arguments
ARG SS_FOLDER=ScoutSuite
ARG AWS_CLI=AwsCLI
# install and update the image
RUN apt-get update && \
apt-get upgrade -y
# install nano, git, python, pip, venv, nmap, sslscan, ffuf, curl, wget, net-tools
RUN apt-get install nano git python3 python3-pip python3-venv nmap sslscan ffuf curl wget net-tools zip jq inetutils-ping -y
# create the list of directories
RUN mkdir -p /home/app/tools/$SS_FOLDER && \
mkdir -p /home/app/tools/$AWS_CLI
# clone the PACU ,ScoutSuite, Sec Wordlist repo
RUN git clone https://github.com/nccgroup/ScoutSuite.git /home/app/tools/$SS_FOLDER
# install the requirements for Pacu, ScoutSuite, Prowler
# (Do not change the sequence)
RUN pip install -r /home/app/tools/$SS_FOLDER/requirements.txt && \
pip install detect-secrets==1.0.3
# install AWS CLI for aarch64 (Macbook M1, ARM64)
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "/home/app/tools/$AWS_CLI/awscliv2.zip" && \
unzip /home/app/tools/$AWS_CLI/awscliv2.zip && \
./aws/install && \
rm -rf /aws && \rm -rf /home/app/tools/$AWS_CLI
# install AWS CLI for x64 (Intel , AMD)
#RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/home/app/tools/$AWS_CLI/awscliv2.zip" && \
# unzip /home/app/tools/$AWS_CLI/awscliv2.zip && \
# ./aws/install && \
# rm -rf /aws && \
# rm -rf /home/app/tools/$AWS_CLI

Build and run the docker image

docker build -t cloud-config-rev-tool:1.0 .
docker run — tty — interactive — name c1 cloud-config-rev-tool:1.0

Configure user profile

Run the scan

Review the scan results

zip <filename> -r scoutsuite-report/
docker cp <source_path> <destination_path>

Clean up the resources

  1. Terminate and prune the container
  2. Revoke and delete the AWS key that is being used in this tutorial
  3. Remove and delete the resources that you have created in this tutorial to prevent your AWS bill from exploding

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Team Merlin

Software | Security | Quality enthusiasts doing the right things