Intro to Scoutsuite

I recently watched an interesting talk about AWS security best practices. The speaker mentioned Scout2 a multi-cloud security auditing tool, which has since been deprecated in favor of its successo...

I recently watched an interesting talk about AWS security best practices. The speaker mentioned Scout2 a multi-cloud security auditing tool, which has since been deprecated in favor of its successor ScoutSuite.

Requirements

Tested with:

To run Scout against an AWS account, you will need valid AWS credentials (i.e. Access Key ID and Secret Access Key). In the process we’ll create a dedicated IAM user with only the permissions required for the audit.

Setup

Install pip if you haven’t done that already, then create a project folder and install scoutsuite and its dependencies:

mkdir -p $HOME/projects/aws-security-scan && cd $_
pipenv install scoutsuite

IAM User

The following AWS Managed Policies can be attached to the principal used to run Scout in order to grant the necessary permissions:

  • ReadOnlyAccess - Provides read-only access to AWS services and resources.
  • SecurityAudit - The security audit template grants access to read security configuration metadata. It is useful for software that audits the configuration of an AWS account.

In our case we prefix IAM users with usr to better distinguish them in Terraform configurations and aws cli commands.

User: usr-security-audit
Managed Policies: ReadOnlyAccess, SecurityAudit

AWS-CLI

export AUDIT_IAM_USER="usr-security-audit"

aws iam create-user --user-name ${AUDIT_IAM_USER} 
aws iam attach-user-policy --user-name ${AUDIT_IAM_USER} --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
aws iam attach-user-policy --user-name ${AUDIT_IAM_USER} --policy-arn arn:aws:iam::aws:policy/SecurityAudit

# aws cli key export to csv...

Finally, run scout to audit your AWS environment:

pipenv run Scout --provider aws --csv-credentials $HOME/Downloads/usr-fsr-security-audit.csv