DataCop is an custom AWS framework that mitigates the potential of vulnerable S3 buckets. Reliant on AWS Macie results, DataCop enables professionals that leverage AWS Macie to automatically block S3 buckets that contain PII or any classified information.
- Automatically provisioned infrastructure to bridge the cap between Macie and S3 with AWS CDK
- Configurable settings for bucket blocking
- Event-driven S3 bucket blocking
If you would like to view the architecture of the project, please refer to the Architecture Documentation.
In order to install and deploy DataCop, you need to ensure that you have the following installed:
- Python 3.8+
The installation process for DataCop is fairly straightforward. Please follow the steps outlined below:
-
Create and activate your virtual environment:
$ python -m venv .datacop-venv (datacop-venv) $ # You've activated your VENV
-
Install the dependencies:
(datacop-venv) $ pip install -r requirements.txt
Once you've installed those requirements, you're good to deploy the application.
This project uses invoke
to execute commands for both development and deployment.
If you would like to learn more about invoke, please refer to this document: Invoke Docs.
(datacop-venv) $ inv --list
Available tasks:
deploy Bootstraps and deploys the CDK templates to AWS
destroy Destroys the CDK templates within AWS
destroy-and-disable Destroys the CDK templates and disables Macie
disable-macie Disables macie for the account.
format Formats all of the python files within the project
format-check Checks the formatting of the code within the project
lint Executes pylint to check for any linting issues/errors
post-setup Executes post setup configuration steps for Macie
pre-setup Configures environment deploying infrastructure
test Executes unit test cases
Assuming you have activated your virtual environment, run the following command to deploy the CDK stack:
(.env) $ invoke deploy your_email_address
During the deployment phase, the email address will be subscribed to the SNS Topic. This parameter is required, so make sure the email address is valid!
NOTE: This command will bootstrap the default AWS account & profile. Afterward, it will deploy everything with
cdk deploy
.
To review the results, please log into your AWS account and verify
that the following CloudFormation Template exists: DataCopCoreStack
.
If you want to contribute, please take a look at the Contributing Documentation.