Managing a large number of cloud accounts across the global footprint that cloud providers offer is a herculean task for small security and governance teams.
Turner has been leveraging AWS native services to conduct continuous inventory and compliance as part of its Cloud Security Program. Today I’m releasing Antiope (PRONO An-Tie-Oh-Pee). It is intended to be an open sourced framework for managing resources across hundreds of AWS Accounts. From a trusted Security Account, Antiope will leverage cross-account roles to gather up resource data and store them in an inventory bucket. This bucket can then be index by ElasticSearch or your SEIM of choice to provide easy searching of resources across hundreds of AWS accounts.
Shortly we will be adding the scorecard system we’ve built to allow for continuous reporting. This will allow you to see a holistic view of all the non-compliance in your environment, along with the ability to create and send individualized scorecards for your accountable executive and technical staff.
Contributions, questions and suggestions are always welcome. The installation docs may be missing some things and I’m happy to help out where it’s not clear. I can be reached via twitter @jcfarris or via email firstname.lastname@example.org.