Giters

orhankalyon / AzureAccessAnalyzer

Azure Access Analyzer analyzes your activity logs to identify actions that have been used by a security principal (user or role) within your specified date range.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Azure Access Analyzer

This is an IAM Access Analyzer for Azure. It will return all the actions / permissions used by a given user or service principal between two dates at either subscription or resource group scope.

Installation

This project requires pipenv

Running locally

App uses the Azure Python SDK DefaultCredentialClass.

If using a service principal the environment variables used are:

export AZURE_TENANT_ID="<TENANT_ID>"
export AZURE_CLIENT_ID="<CLIENT_ID>"
export AZURE_CLIENT_SECRET="<CLIENT_SECRET>"
pipenv run python main.py <subscription> <username> <num_hours> <resource_group_name>

Configuration

Setting log level

App is using Loguru so all settings are configurable via environment variables.

For example to configure the log level:

export LOGURU_LEVEL="INFO"
export LOGURU_LEVEL="DEBUG"

Running Tests

pipenv run pytest -v

Roadmap

  • handle paging
  • compare to existing roles
  • add management group support

See Also

Similar projects and services are:

Permissions.cloud, supports AWS, Azure and Google.

IAM Access Analyzer

Trailscraper

About

Azure Access Analyzer analyzes your activity logs to identify actions that have been used by a security principal (user or role) within your specified date range.

License:MIT License

Languages

Language:Python 99.6%Language:Shell 0.4%