LeanIX AWS Scan Healthchecker

//
Report Bug · Request Feature

Table of Contents

1. Built With
2. • Prerequisites
   • Installation
3. Examples
4. License
5. Contact
6. Acknowledgements

About The Project

This is a Python CLI to prepare the scan for LeanIX Cloud Intelligence. The CLI allows to check a given IAM role against all requirements and if successfull already populates the minimum-viable scan config in the scan config in the admin setting of the LeanIX CI Workspace. It also reads all activated cost-allocation tags.

Built With

• Python

Prerequisites

• Python >3.0

Installation

1. create a virtual environment e.g. venv

python3 -m venv aws_scanner

2. activate the virtual environment

source aws_scanner/bin/activate

3. install the package

pip install haws

Usage

setup

haws setup will guide you through setting up the needed data (i.e. credentials and other config) to run haws run later on.

run

haws run is the core of the CLI. It runs the credential-,policy-, organizational layout- and cost allocation-tag check

Options:

1. --save-runtime: [boolean] if set, will store the config set under haws setup after the checks are done.
   Default: False
2. --write-config: [boolean] if set, will overwrite the LeanIX Cloud Scan config in the specified workspace.
   Default: False
3. --get-org: [boolean] if set, will traverse the AWS Organization and create a org chart.
   Default: False

Examples

Setting up the scanner

haws setup

Running the healthchecks

haws run

Running the healthchecks and saving the runtime config

haws run --save-runtime

License

Distributed under the Apache 2.0 License. See LICENSE for more information.

Contact

Vincent Groves - vincent.groves@leanix.net