Cloudsplaining

Detect Misconfigurations

Introduction

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report.

Installation

pip3 install --user cloudsplaining

# Enable bash completion
eval "$(_CLOUDSPLAINING_COMPLETE=source cloudsplaining)"

# Enable zsh completion
eval "$(_CLOUDSPLAINING_COMPLETE=source_zsh cloudsplaining)"

Scanning a Single IAM Policy

cloudsplaining scan-policy-file --input-file examples/policies/explicit-actions.json

REFERENCES

PreviousProwlerNextAttacks & Methodology

Last updated