Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⭐ Draft: Enhancing Users Key Metadata retrieval (aws) #3453

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

⭐ Draft: Enhancing Users Key Metadata retrieval (aws) #3453

wants to merge 2 commits into from

Conversation

HRouhani
Copy link
Contributor

@HRouhani HRouhani commented Feb 29, 2024
edited

Problems:

  1. it seems it fetch access keys for one specific IAM user, not for all users

  2. need to check if a.Name.Data returns all usernames, or there is another mechanism in place that calls accessKeys() multiple times

The modified function, by explicitly handling each relevant field of the access key metadata, might offer better clarity and maintainability, especially in contexts where specific data handling or additional processing is required for each field.

Screenshot from 2024-03-01 13-46-32

Goals:

Initially, the task was to develop a function to fetch the access dates for each key. However, it became apparent that such a function already existed. Consequently, the focus shifted to enhancing the quality of data returned by this function. The aim was to refine the output, ensuring it provides detailed and well-organized information, thereby augmenting the function's effectiveness and its applicability in scenarios requiring comprehensive and structured data insights.

The second objective was to integrate key metadata information within the context of aws.iam.usercredentialreportentry. Despite various attempts, successfully embedding this data proved challenging. The idea was to include an access key retrieval method within the aws.iam.usercredentialreportentry structure, as shown below:

// Entry in AWS IAM credential report
private aws.iam.usercredentialreportentry @defaults("arn") {
  ...
  ...
  // List of access keys metadata associated with the user
  accessKeys() []aws.iam.accessKey
}

The motivation behind this approach was to enable a direct comparison between data obtained from aws.iam.usercredentialreportentry and aws.iam.accessKey through an MQL query, thereby facilitating a more comprehensive data analysis and correlation within the AWS IAM framework.

@HRouhani
still there has some issues
ef039f8 
Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>
@HRouhani HRouhani mentioned this pull request Feb 29, 2024
Closed
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 29, 2024
edited

Test Results

2 829 tests  ±0   2 828 ✅ ±0   1m 14s ⏱️ ±0s
  186 suites ±0       1 💤 ±0 
    5 files   ±0       0 ❌ ±0 

Results for commit 028b735. ± Comparison against base commit 3adc50a.

♻️ This comment has been updated with latest results.

@HRouhani
changed to the data type can easily work with
028b735 
Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>
@HRouhani HRouhani changed the title ⭐️ Draft: Adding Key Metadata (aws) 🧹 Enhancing Users Key Metadata retrieval (aws) Mar 1, 2024
@HRouhani HRouhani marked this pull request as ready for review March 1, 2024 13:01
@tas50 tas50 changed the title 🧹 Enhancing Users Key Metadata retrieval (aws) ⭐ Enhancing Users Key Metadata retrieval (aws) Mar 5, 2024
tas50
tas50 reviewed Mar 5, 2024
View reviewed changes
providers/aws/resources/aws.lr.manifest.yaml
@@ -1662,6 +1662,10 @@ resources:
desc: |
Use the `aws.iam` resource to assess the configuration of the AWS IAM service. The resource provides a list of `aws.iam.user` resources representing GuardDuty Detectors deployed across all enabled regions.
fields:
accessKeyMetadata:
min_mondoo_version: latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
min_mondoo_version: latest
min_mondoo_version: 9.0.0

tas50
tas50 reviewed Mar 5, 2024
View reviewed changes
providers/aws/resources/aws.lr.manifest.yaml
accessKeyMetadata:
min_mondoo_version: latest
accessKeys:
min_mondoo_version: latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
min_mondoo_version: latest
min_mondoo_version: 9.0.0

tas50
tas50 reviewed Mar 5, 2024
View reviewed changes
providers/aws/resources/aws.lr.manifest.yaml
accessKeyId: {}
createDate: {}
status: {}
min_mondoo_version: latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
min_mondoo_version: latest
min_mondoo_version: 9.0.0

tas50
tas50 reviewed Mar 5, 2024
View reviewed changes
providers/aws/resources/aws.lr.manifest.yaml
@@ -1817,6 +1843,9 @@ resources:
accessKey2LastUsedDate: {}
accessKey2LastUsedRegion: {}
accessKey2LastUsedService: {}
accessKeyMetadata:
min_mondoo_version: latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
min_mondoo_version: latest
min_mondoo_version: 9.0.0

@HRouhani HRouhani marked this pull request as draft March 5, 2024 07:51
@HRouhani HRouhani changed the title ⭐ Enhancing Users Key Metadata retrieval (aws) ⭐ Draft: Enhancing Users Key Metadata retrieval (aws) Mar 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tas50 tas50 tas50 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@HRouhani @tas50