Cloud Inquisitor improves the security posture of an AWS footprint through:
- monitoring AWS objects for ownership attribution, notifying account owners of unowned objects, and subsequently removing unowned AWS objects if ownership is not resolved.
- detecting domain hijacking.
- verifying security services such as Cloudtrail and VPC Flowlogs.
- managing IAM policies across multiple accounts.
Typically Cloud Inquisitor runs in a "Security" or "Audit" account with cross-account access through the use of AssumeRole.
Cloud Inquisitor works on Python 3.5 or higher and Ubuntu 16.04.
- Production deployment is done through Packer.
- Development supports deployment via Docker or Packer.
Please see the Resources section below for further information.
Any questions or comments regarding this project can be made via the project's Slack Chat Room. If you're not a member of the room, you can auto-join here.
This project has a docs directory that contains many resources that will help you implement Cloud Inquisitor and contribute to the project.