Home

Awesome

<p align="center"> <img src="docs/auditory.png" alt="yatas-logo" width="30%"> <p align="center">

YATAS

codecov goreport

Yet Another Testing & Auditing Solution

The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won't check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that is not covered.

Features

YATAS is a simple and easy to use tool to audit your infrastructure for misconfiguration or potential security issues.

<p align="center"> <img src="docs/demo.gif" alt="demo" width="60%"> <p align="center">
No detailsDetails

Plugins

NameDescriptionChecks
AWSAWS checksGood practices and security checks

To install this plugin simply add to your .yatas.yml file:

plugins:
  - name: "aws"
    enabled: true
    source: "github.com/padok-team/yatas-aws"
    version: "latest"
    description: "Check for AWS good practices"

Installation

brew tap padok-team/tap
brew install yatas
yatas --init

Modify .yatas.yml to your needs.

yatas --install

Installs the plugins you need.

Usage

yatas -h

Flags:

Checks

Ignore results for known issues

You can ignore results of checks by add the following to your .yatas.yml file:

ignore:
  - id: "AWS_VPC_004"
    regex: true
    values: 
      - "VPC Flow Logs are not enabled on vpc-.*"
  - id: "AWS_VPC_003"
    regex: false
    values: 
      - "VPC has only one gateway on vpc-08ffec87e034a8953"

Exclude a test

You can exclude a test by adding the following to your .yatas.yml file:

plugins:
  - name: "aws"
    enabled: true
    description: "Check for AWS good practices"
    exclude:
      - AWS_S3_001

Specify which tests to run

To only run a specific test, add the following to your .yatas.yml file:

plugins:
  - name: "aws"
    enabled: true
    description: "Check for AWS good practices"
    include:
      - "AWS_VPC_003"
      - "AWS_VPC_004"

Get error logs

You can get the error logs by adding the following to your env variables:

export YATAS_LOG=debug

The available log levels are: debug, info, warn, error, fatal, panic and off by default

<!-- BEGIN_YATAS -->

AWS - 68 Checks

AWS Certificate Manager

APIGateway

AutoScaling

Backup

Cloudfront

CloudTrail

Cognito

DynamoDB

EC2

ECR

EKS

LoadBalancer

GuardDuty

IAM

Lambda

RDS

S3 Bucket

Volume

VPC

<!-- END_YATAS -->

How to add a new test ?

You'd like to add a new test ? Then simply fork the repository and create a pull request.

Add a test to an existing category

If the package already exists and has a getter.go

Add a new category

FYI

All tests are wrapped with a generic functions that allows us to run the test in parallel and disable some without running them.