Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

altimeter

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

altimeter

Graph AWS resources in Neptune

  • 6.4.25
  • PyPI
  • Socket score

Maintainers
1

Altimeter

Community Supported GitHub

Python 3.8

Altimeter is a system to graph and scan AWS resources across multiple AWS Organizations and Accounts.

Altimeter generates RDF files which can be loaded into a triplestore such as AWS Neptune for querying.

Quickstart

Installation

pip install altimeter

Configuration

Altimeter's behavior is driven by a toml configuration file. A few sample configuration files are included in the conf/ directory:

  • current_single_account.toml - scans the current account - this is the account for which the environment's currently configured AWS CLI credentials are.
  • current_master_multi_account.toml - scans the current account and attempts to scan all organizational subaccounts - this configuration should be used if you are scanning all accounts in an organization. To do this the currently configured AWS CLI credentials should be pointing to an AWS Organizations master account.

To scan a subset of regions, set the region list parameter regions in the scan section to a list of region names.

Required IAM permissions

The following permissions are required for a scan of all supported resource types:

acm:DescribeCertificate
acm:ListCertificates
cloudtrail:DescribeTrails
dynamodb:DescribeContinuousBackups
dynamodb:DescribeTable
dynamodb:ListTables
ec2:DescribeFlowLogs
ec2:DescribeImages
ec2:DescribeInstances
ec2:DescribeInternetGateways
ec2:DescribeNetworkInterfaces
ec2:DescribeRegions
ec2:DescribeRouteTables
ec2:DescribeSecurityGroups
ec2:DescribeSnapshots
ec2:DescribeSubnets
ec2:DescribeTransitGatways
ec2:DescribeTransitGatwayAttachments
ec2:DescribeVolumes
ec2:DescribeVpcEndpoints
ec2:DescribeVpcEndpointServiceConfigurations
ec2:DescribeVpcPeeringConnections
ec2:DescribeTransitGatewayVpcAttachments
ec2:DescribeVpcs
elasticloadbalancing:DescribeLoadBalancers
elasticloadbalancing:DescribeLoadBalancerAttributes
elasticloadbalancing:DescribeTargetGroups
elasticloadbalancing:DescribeTargetGroupAttributes
elasticloadbalancing:DescribeTargetHealth
eks:ListClusters
events:ListRules
events:ListTargetsByRule
events:DescribeEventBus
guardduty:GetDetector
guardduty:GetMasterAccount
guardduty:ListDetectors
guardduty:ListMembers
iam:GetAccessKeyLastUsed
iam:GetAccountPasswordPolicy
iam:GetGroup
iam:GetGroupPolicy
iam:GetLoginProfile
iam:GetOpenIDConnectProvider
iam:GetPolicyVersion
iam:GetRolePolicy
iam:GetSAMLProvider
iam:GetUserPolicy
iam:ListAccessKeys
iam:ListAttachedGroupPolicies
iam:ListAttachedRolePolicies
iam:ListAttachedUserPolicies
iam:ListGroupPolicies
iam:ListGroups
iam:ListinstanceProfiles
iam:ListMFADevices
iam:ListOpenIDConnectProviders
iam:ListPolicies
iam:ListPolicies
iam:ListRolePolicies
iam:ListRoles
iam:ListSAMLProviders
iam:ListUserPolicies
iam:ListUsers
kms:ListKeys
lambda:ListFunctions
rds:DescribeDBInstances
rds:DescribeDBInstanceAutomatedBackups
rds:ListTagsForResource
rds:DescribeDBSnapshots
route53:ListHostedZones
route53:ListResourceRecordSets
s3:ListBuckets
s3:GetBucketLocation
s3:GetBucketEncryption
s3:GetBucketTagging
sts:GetCallerIdentity
support:DescribeSeverityLevels

Additionally if you are doing multi-account scanning via an MPA master account you will also need:

organizations:DescribeOrganization
organizations:ListAccounts
organizations:ListAccountsForParent
organizations:ListOrganizationalUnitsForParent
organizations:ListRoots

Generating the Graph

Assuming you have configured AWS CLI credentials (see https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html), run:

altimeter <path-to-config>

This will scan all resources in regions specified in the config file.

The full path to the generated RDF file will printed, for example:

Created /tmp/altimeter/20191018/1571425383/graph.rdf

This RDF file can then be loaded into a triplestore such as Neptune or Blazegraph for querying.

For more user documentation see https://tableau.github.io/altimeter/

FAQs


Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc