Cloud Inquisitor – Enforce data security in AWS

Cloud Inquisitor is a tool that you can use to improve the security posture of your AWS footprint. The challenge in AWS usually that there are several shared resources and instances so it will be hard to track and find ownership and this makes it hard to investigate security related issue. This tool will help to monitor ownership in AWS and make sure to terminate any instance violating the policy defined by the account owner. some of the current functionality:

  • monitoring AWS objects for ownership attribution, notifying account owners of unowned objects, and subsequently removing unowned AWS objects if ownership is not resolved.
  • detecting domain hijacking.
  • verifying security services such as Cloudtrail and VPC Flowlogs.
  • managing IAM policies across multiple accounts.
Cloud-Inquisitor - Enforce ownership and data security within AWS

Cloud-Inquisitor – Enforce ownership and data security within AWS

At the moment the tool have the following auditor plugins:

  1. CloudTrail auditor will ensure that CloudTrail has been enabled for all accounts configured in the system. The system will automatically create an S3 bucket and SNS topics for log delivery notifications.
  2. Domain hijacking auditor will attempt to identify misconfigured DNS entries that would potentially result in third parties being able to take over legitimate DNS names and serve malicious content from a real location.
  3. IAM roles and policy auditor will audit, and if enabled, manage the default Riot IAM policies and roles.
  4. Cloud Inquisitor audits EC2 instances and S3 Buckets for tagging compliance and shutdowns or terminates resources if they are not brought into compliance after a pre-defined amount of time.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments