Skip to content
/ isotope Public
forked from isotope-rs/isotope

AWS superpowers with the power of bedrock and speed of rust

License

MIT license
0 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lhoupert/isotope

BranchesTags
 
 

Repository files navigation

Text changing depending on mode. Light: 'So light!' Dark: 'So dark!'

Static Badge Crates.io Crates.io

From the minds behind k8sgpt

Text changing depending on mode. Light: 'So light!' Dark: 'So dark!'

Isotope scans AWS services and makes suggestions on how to improve them using AWS Bedrock (Artificial Intelligence).

We leverage the high fidelity corpus of data inputted and trained by AWS to give you the best recommendations possible on how to secure your VPC. Our mission is to provide high quality analysis without needing to subscribe to specialist services. All the information and clear actions you could need, right on your CLI.

Key benefits

  • No exfiltration of data beyond your AWS account
  • Discrete examination of your services within AWS
  • Simplistic remediation steps designed for humans.

Example

❯ isotope analyze --explain
Current AWS region: eu-west-2
Running STS analyzer
Running S3 analyzer
MFA is not enabled for user alex
 Here are a few ways to enable MFA for a user called 'alex' using the AWS CLI:

1. Enable virtual MFA device:

aws iam create-virtual-mfa-device --virtual-mfa-device-name "alex"

This will create a virtual MFA device for the user. You can then retrieve the seed and QR code to configure the MFA app:

aws iam enable-mfa-device --user-name alex --serial-number arn:aws:iam::123456789012:mfa/alex --authentication-code1 123456

Installation

brew install isotope-rs/homebrew-isotope/isotope

Or with Cargo

cargo install isotope

Setup

Set environment variables for AWS access

export AWS_ACCESS_KEY=""
export AWS_SECRET_ACCESS_KEY=""
export AWS_REGION="" ( e.g. eu-west-2 //wherever your VPC is )
export BEDROCK_REGION="eu-central-1"  ( e.g. us-east-1,us-west-2, ap-southeast-1, ap-northeast-1 )
export BEDROCK_MODEL="anthropic.claude-v2" ( e.g. anthropic.claude-v2, anthropic.claude-v1, anthropic.claude-instant-v1 )

Usage

Run all isotope analyzers

isotope analyze

Optionally for a single analyzer

isotope analyze -a S3

Use Bedrock AI

isotope analyze --explain

Debug in interactive mode

isotope analyze --explain --interactive

Analyzers

  • S3
    • Public bucket detection
  • STS
    • MFA detection
  • RDS
    • Public instance detection
  • EBS
    • Unattached disk
  • SG
    • Permissive security group detection
  • EC2
    • Orphaned Elastic IP address
    • Public snapshot detection
  • IAM
    • Orphaned/unused key detection

Community

Find us on K8sGPT Slack Isotope channel

About

AWS superpowers with the power of bedrock and speed of rust

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages

  • Rust 92.8%
  • Dockerfile 7.2%