Skip to content

Commit

Permalink
Merge pull request #494 from 0xdabbad00/dockerize
Browse files Browse the repository at this point in the history
Docker support
  • Loading branch information
0xdabbad00 authored Jul 25, 2019
2 parents 3ef2ba0 + 2cafc9c commit addc8aa
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 1 deletion.
19 changes: 19 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
FROM python:3.7-slim as cloudmapper

LABEL maintainer="https://github.com/0xdabbad00/"
LABEL Project="https://github.com/duo-labs/cloudmapper"

EXPOSE 8000
WORKDIR /opt/cloudmapper
ENV AWS_DEFAULT_REGION=us-east-1

RUN apt-get update -y
RUN apt-get install -y build-essential autoconf automake libtool python3.7-dev python3-tk jq awscli
RUN apt-get install -y bash

COPY . /opt/cloudmapper
RUN pip install pipenv
RUN pipenv install --skip-lock
#RUN pipenv shell

RUN bash
21 changes: 20 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -151,8 +151,27 @@ This will allow you to define the different AWS accounts you use in your environ
You may find that you don't care about some of audit items. You may want to ignore the check entirely, or just specific resources. Copy `config/audit_config_override.yaml.example` to `config/audit_config_override.yaml` and edit the file based on the comments in there.


# Using a Docker container
The docker container that is created is meant to be used interactively.

### Alternatives
```
docker build -t cloudmapper .
aws-vault exec YOUR_PROFILE --server --
docker run -p 8000:8000 -it cloudmapper /bin/bash
```

You shoudl replace `YOUR_PROFILE` with the profile you've configured for aws-vult. Inside the container run `aws sts get-caller-identity` to confirm this was setup correctly.

```
pipenv shell
python cloudmapper.py report --accout demo
python cloudmapper.py webserver --public
```

You should then be able to view the report by visiting http://127.0.0.1:8000/account-data/report.html


# Alternatives
For network diagrams, you may want to try https://github.com/lyft/cartography or https://github.com/anaynayak/aws-security-viz

For auditng and other AWS security tools see https://github.com/toniblyx/my-arsenal-of-aws-security-tools
Expand Down

0 comments on commit addc8aa

Please sign in to comment.