aws

viesti 2022-11-04T07:55:08.055899Z

I heard a story from a customer that they do this kind of data extraction from client AWS accounts, by extracting bunch of data from the AWS account, tucking it into Datahike (I think?) and then making all sorts of queries to analyse security aspects

viesti 2022-11-04T07:55:30.759049Z

So yeah, I think tucking the data into a queryable database for analysis is a thing

sun-one 2022-11-04T21:52:02.750009Z

Does anyone have a work around for invoking lambdas using ARNs with cognitect/aws lib see (https://github.com/cognitect-labs/aws-api/issues/193) ?

Drew Verlee 2022-11-05T00:53:44.913289Z

Never ran into it :(

sun-one 2022-11-05T02:36:37.530269Z

I ended up just biting the bullet and using the aws java sdk package (not nearly as good UX wise as the cognitect package unfortunately). It looks like the issue with ARN is not restricted to just invocation but really all uses (for example I tried just retrieving the function using the ARN in Getfunction op and failed for same reason). Which makes sense given the underlying problem.

👀 1
Drew Verlee 2022-11-04T05:05:04.810239Z

Here is some example code of querying ssm using datalog.

;; get all the ssm parameters
(get-all-ssm-params!)
;; => [{:LastModifiedDate #inst "2022-11-04T03:57:44.000-00:00",
;;      :Value "mi-woot",
;;      :ARN
;;      "arn:aws:ssm:us-east-1:595680822218:parameter/state/michigan/zip/123/password",
;;      :Name "/state/michigan/zip/123/password",
;;      :Type "String",
;;      :Version 1,
;;      :DataType "text"}
;;     {:LastModifiedDate #inst "2022-11-04T03:58:12.000-00:00",
;;      :Value "mi-nope",
;;      :ARN
;;      "arn:aws:ssm:us-east-1:595680822218:parameter/state/michigan/zip/981/password",
;;      :Name "/state/michigan/zip/981/password",
;;      :Type "String",
;;      :Version 1,
;;      :DataType "text"}]

;; are all our params with a zip code in the 981 area secure?
(let [ssm-params (get-all-ssm-params!)
      schema (ssm-params->schema ssm-params)
      conn   (d/create-conn schema)]
  (d/transact! conn (mapcat param->txts ssm-params))
  (d/q '[:find ?type
         :where
         [?e :zip "981"]
         [?e :password ?v]
         [?v :Type ?type]]
       @conn))
;; => #{["String"]}

;; oh no, there all strings! Not SecureStings!

👀 1
Drew Verlee 2022-11-04T05:08:51.662679Z

I have found that a lot of places i have worked at use ssm and end up copying a set param keys per something (sometimes customer or env). And it quickly becomes really hard to get views over various parts of the trees. E.g all the passwords for a common thing all the customers have. Idk let me know if you think this sounds useful or if you see some issue with it. I'll try to get the rest of the code in a git hub repo if ppl are interested.