Tensult Cloud Reports

Does adopting a public cloud automatically cover all your security needs? The answer is a BIG NO!! In a public cloud, security is a shared responsibility of both the customer and cloud vendor. Having said this, your cloud provider would still help you in leveraging the best out of their platform through best practices documentation or customer case studies. But humans tend to make mistakes, don’t we? Of course we do! Here at Tensult we were thinking to resolve this issue for some time and have come up with an idea to create cloud best practices as a code so that you could run it on your account and see if anything needs to be fixed. This way it would be time-saving, as the administrator does not have to go through every service they use to find out where they need a fix. This was the beginning of Cloud Reports.

At the time of writing this blog Cloud Reports supports only AWS, but will be extended to other cloud platforms in the future.

What does it do?

Cloud Reports is an open-source node.js based tool designed to capture and analyze information against a set of coded best practices for cloud and generates a report. The report generated can be of PDF, JSON or HTML. The generated report will show the different services you are running along with the best practices that need to be followed while using that service. The report contains the issues and severity level of issues that you’re currently having in your infra.

Architecture

Cloud Reports Components

Cloud Reports consist of modules namely Collectors, Analysers and Reporters. Each of them coded to perform a specific function.

Collectors:

Collector, as the name implies, collects information from various services given by the cloud provider and sends it to the analyzers for further action.

Analyzers:

Analyzers capture the information from collectors and analyze them with the set of coded best practices and sends the output to the reporters for report generation.

Reporters:

Reporters consume the input generated from analyzers and outputs it to the desired format for viewing.

Perquisites

For generating cloud reports we need to have the following setup,

1. Download, install and build the current version of Cloud Reports from our GitHub repo here.
2. Create a read-only IAM user with programmatic access to gather the information.
3. Create an AWS user profile on your system using as CLI, this credential will be used by Cloud Reports for gathering information.

Setting up Cloud Reports

1. Create a read-only IAM user and download the credentials.
2. Setup the AWS profile on your local system using as CLI. Follow the AWS documentation for setting up the CLI and for creating profile follow the steps here.
3. Install the Node.js framework on your system. If you already have this running on your system skip this step.
4. Download Cloud Reports from our Git repo using the below link, if you’re already running and need to test out our new checks which are released use to get the updates.

git clone https://github.com/tensult/cloud-reports.git

3. Now head to the Cloud Reports directory and install npm dependencies using the following commands.

cd cloud-reports
npm install

4. Build the tool using the following command,

npm run build

5. To run the checks for all the modules run the following command, your profile name would be the one created in step 2.

npm run scan -- --profile Your-AWS-profile

6. To run the checks for a specific modules run the following command, module names can be found in our cloud reports repo src.

npm run scan -- --profile Your-AWS-profile --module s3,acm

7. To run the checks for a single module using the following command,

npm run scan -- --profile Your-AWS-profile  --module s3

8. To generate the report in the desired format using the following command, replace html with pdf or json based on your requirement.

npm run scan -- --profile Your-AWS-profile  -f html

Reports

Reports generated in PDF and JSON are stored within the cloud reports folder. HTML version will directly open up in your browser. Reports generated are time-stamped for easy access in case you run multiple scans. A sample report generated using Cloud Reports will look like the one shown below,

Sample PDF Report

HTML View

Account details

Cloud Reports will help you generate and list all your issues in one common space, the advantage here is that you don’t have to put too much effort into identifying your issues. Try a test run on your AWS account and check out how it works for you. Additionally, if you are not familiar with or new to AWS world, we would be happy to help fix the errors in your account. Also, don’t forget check out other development stuff we have put in our GitHub repo. Your contributions and feedback are most welcome.

This Blog has moved from Medium to blogs.tensult.com. All the latest content will be available there. Subscribe to our newsletter to stay updated.