A tool for scanning your cloud resources security.
It displays the current security state of your AWS S3 buckets, by showing buckets that may be completely public, or have public files.
- Download the latest binary for your OS on the releases page.
- Move the binary to a folder on your
PATH. E.g.:mv cloud-scan_darwin_amd64 /usr/local/bin/cloud-scan. - Add execute permissions to the binary. E.g.:
chmod u+x /usr/local/bin/cloud-scan. - Test to check if it installed correctly:
cloud-scan --help.
- Clone the repo
git clone git@github.com:andreybleme/cloud-scan.git - Install the Go package by running
go installat the root of the cloned repo.
Simply running cloud-scan s3 will start the process of scanning your S3 buckets. A list of buckets will be shown with it's respective condition: secure or unsecure.
go test -v ./...This CLI relies on the default AWS credentials file. This file should be stored at ~/.aws/credentials in Unix-based systems and in $HOME/.aws/credentials.
Check here how to get your AWS credentials here, and see the details on where is you credentials file here.