Access analyzer (duo-labs#811)

* small typo caused this alert to be disabled. * no impact typo fixes * clarified command arguments and help text. * make it easier for the next person to update task size.
cevoaustralia · Nov 30, 2020 · 2eec87a · 2eec87a
1 parent f07b4fd
commit 2eec87a
Show file tree

Hide file tree

Showing 8 changed files with 15 additions and 11 deletions.
diff --git a/auditor/lib/cloudmapperauditor-stack.js b/auditor/lib/cloudmapperauditor-stack.js
@@ -54,7 +54,11 @@ class CloudmapperauditorStack extends cdk.Stack {
     // Define the ECS task
     const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
 
-    const taskDefinition = new ecs.FargateTaskDefinition(this, 'taskDefinition', {});
+    const taskDefinition = new ecs.FargateTaskDefinition(this, 'taskDefinition', {
+      // Uncomment if you need to change resource limits of Fargate task definition and container
+      // memoryLimitMiB: 512,
+      // cpu: 256
+    });
 
     taskDefinition.addContainer('cloudmapper-container', {
       image: ecs.ContainerImage.fromAsset('./resources'),

diff --git a/commands/audit.py b/commands/audit.py
@@ -66,7 +66,7 @@ def run(arguments):
     )
     parser.add_argument(
         "--minimum_severity",
-        help="Only report issues that are greater than this. Default: LOW",
+        help="Only report issues that are greater than this. Default: INFO",
         default="INFO",
         choices=['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO', 'MUTE']
     )

diff --git a/commands/iam_report.py b/commands/iam_report.py
@@ -639,19 +639,19 @@ def run(arguments):
     parser = argparse.ArgumentParser()
     parser.add_argument(
         "--max-age",
-        help="Number of days a user or role hasn't been used before it's marked dead",
+        help="Number of days a user or role hasn't been used before it's marked dead. Default: 90",
         default=90,
         type=int,
     )
     parser.add_argument(
         "--graph",
-        help="Do not create and display a graph",
+        help="Display a graph. Default: False",
         dest="show_graph",
         action="store_true",
     )
     parser.add_argument(
         "--output",
-        help="Set the output type for the report",
+        help="Set the output type for the report. [json | html]. Default: html",
         default=OutputFormat.html,
         type=OutputFormat,
         dest="requested_output"

diff --git a/commands/sg_ips.py b/commands/sg_ips.py
@@ -10,7 +10,7 @@
 # The creation of the map and table of locations is all this does now, which is both
 # not very valuable, and is difficult to setup (requires matplotlib, basemap data, and geoip data)
 
-__description__ = "Find all IPs are that are given trusted access via Security Groups"
+__description__ = "[Deprecated] Find all IPs are that are given trusted access via Security Groups"
 
 
 def get_cidrs_for_account(account, cidrs):

diff --git a/config/custom_auditor.py b/config/custom_auditor.py
@@ -2,7 +2,7 @@
 from shared.query import query_aws, get_parameter_file
 from shared.common import Finding
 
-# To use custom auditing, you must copy this file to ./private_commands/custom_auditory.py
+# To use custom auditing, you must copy this file to ./private_commands/custom_auditor.py
 # and uncomment and modify the functions below.
 
 __description__ = "Custom auditing functions"

diff --git a/shared/audit.py b/shared/audit.py
@@ -210,7 +210,7 @@ def audit_guardduty(findings, region):
 
 def audit_accessanalyzer(findings, region):
     analyzer_list_json = query_aws(
-        region.account, "accessanalzyer-list-analyzers", region
+        region.account, "accessanalyzer-list-analyzers", region
     )
     if not analyzer_list_json:
         # Access Analyzer must not exist in this region (or the collect data is old)
@@ -224,7 +224,7 @@ def audit_accessanalyzer(findings, region):
 
 
 def audit_iam(findings, region):
-    # By calling the code to find the admins, we'll excercise the code that finds problems.
+    # By calling the code to find the admins, we'll exercise the code that finds problems.
     find_admins_in_account(region, findings)
 
     # By default we get the findings for the admins, but we can also look for specific

diff --git a/templates/iam_report.html b/templates/iam_report.html
@@ -6,7 +6,7 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1">
 
-    <!-- Try to avoid this showing up in search results if accidently made public -->
+    <!-- Try to avoid this showing up in search results if accidentally made public -->
     <meta name="robots" content="noindex">
     <meta name="googlebot" content="noindex">
 

diff --git a/templates/report.html b/templates/report.html
@@ -6,7 +6,7 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1">
 
-    <!-- Try to avoid this showing up in search results if accidently made public -->
+    <!-- Try to avoid this showing up in search results if accidentally made public -->
     <meta name="robots" content="noindex">
     <meta name="googlebot" content="noindex">