It’s been a bit of a quiet month for updates to the AWS Security Info modules. There’s been a couple of changes that I’m publishing today.
- We now support Organizations! That’s right.. If you point the script to the master account, and you specify the
--organizationparameter with the name of your organizational role, the script will interrogate every account in your organization.
--regionsflag will allow you to specify the regions you operate it, thus reducing the total number of API calls being made.
- Managed AWS policies’
get_policy_versiondata is now added to the
initial.jsonfile, and fed into the data load on first load. This is speeding up the data collection process significantly by reducing the amount of API calls for managed AWS policies that do not change very often. Should AWS make changes to their policies, simply delete the initial.json file, and let the script run through it once.
--assumeroleworks fine, however when you have an empty
--externalid, the sts module fails.
checkVersionincorrectly flagged newer boto versions as not being upgraded.
- AWS SSO has been added. Note that some aspects are still missing (like identitystore, and the visibility of MFA settings in SSO, and that for users)
- NEW :
Ensure SSM is enabled on all EC2 instances
- UPDATE :
Lambda functions with depreciated runtimesnow checks for nodejs10.x, ruby2.5 and python2.7