A honey token manager and alert system for AWS.

Related tags

DevOps Toolsawssecuritylambdaterraformhoneypot
Overview

SpaceSiren

SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey tokens at scale -- up to 10,000 per SpaceSiren instance -- at close to no cost.1

SpaceSiren mascot

How It Works

  • SpaceSiren provides an API to create no-permission AWS IAM users and access keys for those users.
  • You sprinkle the access keys wherever you like, for example in proprietary code or private data stores.
  • If one of those sources gets breached, an attacker is likely to use the stolen key to see what they can do with it.
  • You will receive an alert that someone attempted to use the key.

Token API screenshot

Alert Outputs

  • Email
  • PagerDuty
  • Slack
  • Pushover

Email alert

Documentation Pages

Requirements

As with any open source project, this one assumes you have the required foundational tools and knowledge, mainly in AWS and Terraform.

Resources

  • Terraform >= 0.13
  • AWS CLI
  • A dedicated AWS account with admin access
  • A registered domain

Knowledge

  • Basic Terraform
  • Basic REST API
  • Basic AWS CLI, S3, and Route 53
  • Basic AWS Organizations and IAM Roles for cross-account access
  • Intermediate DNS (delegating a (sub)domain with NS records)

Contact

If you notice a critical security bug (e.g., one that would grant real access to an AWS account), please responsibly disclose it via email at [email protected].

For standard bugs or feature requests, please open a GitHub issue.

Attributions

Special thanks to:

  • Atlassian for Project SpaceCrab, the inspiration for this project. If you want to read about why I started SpaceSiren, please see my SpaceCrab critique page.
  • The wonderful and talented Alia Mancisidor for the artwork.
  • Anyone who volunteered to test this application for me.

Footnotes

  1. While SpaceSiren was designed to run as cheaply as possible, even for individuals, it will not be entirely free of operating costs. You will incur nominal costs for DynamoDB, Lambda, API Gateway, Route 53, and perhaps CloudTrail, depending on your configuration. You should expect to spend between $1 and $5 per month to run SpaceSiren. Of course, the project's maintainers are not responsible for any actual costs you incur. Please closely monitor your AWS bill while it is in use.
You might also like...
Supervisor process control system for UNIX

Supervisor Supervisor is a client/server system that allows its users to control a number of processes on UNIX-like operating systems. Supported Platf

Supervisor 7.6k Dec 31, 2022
DC/OS - The Datacenter Operating System

DC/OS - The Datacenter Operating System The easiest way to run microservices, big data, and containers in production. What is DC/OS? Like traditional

DC/OS 2.3k Jan 6, 2023
A system for managing CI data for Mozilla projects

Treeherder Description Treeherder is a reporting dashboard for Mozilla checkins. It allows users to see the results of automatic builds and their resp

Mozilla 235 Dec 22, 2022
Bitnami Docker Image for Python using snapshots for the system packages repositories

Python Snapshot packaged by Bitnami What is Python Snapshot? Python is a programming language that lets you work quickly and integrate systems more ef

Bitnami 1 Jan 13, 2022
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.

Ansible Ansible is a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc ta

Ansible 55.9k Jan 4, 2023
Iris is a highly configurable and flexible service for paging and messaging.
Iris is a highly configurable and flexible service for paging and messaging.

Iris Iris core, API, UI and sender service. For third-party integration support, see iris-relay, a stateless proxy designed to sit at the edge of a pr

LinkedIn 715 Dec 28, 2022
StackStorm (aka
StackStorm (aka "IFTTT for Ops") is event-driven automation for auto-remediation, security responses, troubleshooting, deployments, and more. Includes rules engine, workflow, 160 integration packs with 6000+ actions (see https://exchange.stackstorm.org) and ChatOps. Installer at https://docs.stackstorm.com/install/index.html. Questions? https://forum.stackstorm.com/.

StackStorm is a platform for integration and automation across services and tools, taking actions in response to events. Learn more at www.stackstorm.

StackStorm 5.3k Jan 2, 2023
KivyPassword - A password generator using both Kivy framework and SQL in order to create a local database for users to generate strong passwords and store them
KivyPassword - A password generator using both Kivy framework and SQL in order to create a local database for users to generate strong passwords and store them

KivyPassword A password generator using both Kivy framework and SQL in order t

null 1 Jan 14, 2022
pyinfra automates infrastructure super fast at massive scale. It can be used for ad-hoc command execution, service deployment, configuration management and more.
pyinfra automates infrastructure super fast at massive scale. It can be used for ad-hoc command execution, service deployment, configuration management and more.

pyinfra automates/provisions/manages/deploys infrastructure super fast at massive scale. It can be used for ad-hoc command execution, service deployme

Nick Barrett 2.1k Dec 29, 2022
Comments
  • Multiple alert email addresses

    Multiple alert email addresses

    Allow for more than one destination email address for alerts. Terraform should take a list of email addresses. They will all need to be verified in SES.

    opened by khicks 0
  • Enhancement/Canary Resources scaffolding

    Enhancement/Canary Resources scaffolding

    Add support for canary resources:

    • This is the initial scaffolding, that adds an endpoint to monitor activity for given resource ARNs.
    • Under the current format, it only supports resources in the account where spacesiren is deployed
      • Will have to look into the best way to monitor arbitrary trails

    TODOs:

    • [ ] Update documentation for the new endpoint
    opened by x4v13r64 0
Releases(1.4.0)

  • 1.4.0(Dec 19, 2021)

  • 1.3.0(Apr 15, 2021)

  • 1.2.1(Aug 23, 2020)

  • 1.2.0(Aug 15, 2020)

    FEATURES:

    • Pushover support. New tfvars are alert_pushover_user_key and alert_pushover_api_key.
    • Test alert API endpoint: /test-alert.

    IMPROVEMENTS:

    • Remove trimsuffix from Route 53 zone name.
    Source code(tar.gz)
    Source code(zip)

  • 1.1.0(Aug 14, 2020)

    IMPROVEMENTS:

    • Artwork!
    • Change directory structure. Terraform code now has its own directory.
      • If you previously had SpaceSiren set up, delete your functions-pkg/ directory and move the following files/dirs to the terraform/ directory:
        • .terraform/
        • terraform-local.tf
        • terraform.tfvars
    Source code(tar.gz)
    Source code(zip)

  • 1.0.0(Aug 14, 2020)

Owner
GitHub Repository
DataOps framework for Machine Learning projects.

Noronha DataOps Noronha is a Python framework designed to help you orchestrate and manage ML projects life-cycle. It hosts Machine Learning models ins

52 Oct 30, 2022
Cobbler is a versatile Linux deployment server

Cobbler Cobbler is a Linux installation server that allows for rapid setup of network installation environments. It glues together and automates many

Cobbler 2.4k Dec 24, 2022
Python utility function to communicate with a subprocess using iterables: for when data is too big to fit in memory and has to be streamed

iterable-subprocess Python utility function to communicate with a subprocess using iterables: for when data is too big to fit in memory and has to be

Department for International Trade 5 Jul 10, 2022
Hackergame nc 类题目的 Docker 容器资源限制、动态 flag、网页终端

Hackergame nc 类题目的 Docker 容器资源限制、动态 flag、网页终端 快速入门 配置证书 证书用于验证用户 Token。请确保这里的证书文件(cert.pem)与 Hackergame 平台 配置的证书相同,这样 Hackergame 平台为每个用户生成的 Token 才可以通

USTC Hackergame 68 Nov 09, 2022
Ganeti is a virtual machine cluster management tool built on top of existing virtualization technologies such as Xen or KVM and other open source software.

Ganeti 3.0 =========== For installation instructions, read the INSTALL and the doc/install.rst files. For a brief introduction, read the ganeti(7) m

395 Jan 04, 2023
Ansible for DevOps examples.

Ansible for DevOps Examples This repository contains Ansible examples developed to support different sections of Ansible for DevOps, a book on Ansible

Jeff Geerling 6.6k Jan 08, 2023
Tencent Yun tools with python

Tencent_Yun_tools 使用 python3.9 + 腾讯云 AccessKey 利用工具 使用之前请先填写config.ini配置文件 Usage python3 Tencent_rce.py -h Scanner python3 Tencent_rce.py -s 生成CSV

<img src="> 13 Dec 20, 2022
Micro Data Lake based on Docker Compose

Micro Data Lake based on Docker Compose This is the implementation of a Minimum Data Lake

Abel Coronado 15 Jan 07, 2023
Jenkins-AWS-CICD - Implement Jenkins CI/CD with AWS CodeBuild and AWS CodeDeploy, build a python flask web application.

Jenkins-AWS-CICD - Implement Jenkins CI/CD with AWS CodeBuild and AWS CodeDeploy, build a python flask web application.

Ning 1 Jan 01, 2022
A collection of beginner-friendly DevOps content

mansion Mansion is just a testing repo for learners to commit into open source project. These are the steps you need to learn: Please do not edit thes

Bryan Lim 62 Nov 30, 2022
Utilitaire de contrôle de Kubernetes

Utilitaire de contrôle de Kubernetes ** What is this ??? ** Every time we use a word in English our manager tells us to use the French translation of

Théophane Vié 9 Dec 03, 2022
Deploying a production-ready Django project using Nginx and Gunicorn

django-nginx-gunicorn This project is for deploying a production-ready Django project using Nginx and Gunicorn. Running a local server of Django is no

Arash Sayareh 8 Jul 03, 2022
Python IMDB Docker - A docker tutorial to containerize a python script.

Python_IMDB_Docker A docker tutorial to containerize a python script. Build the docker in the current directory: docker build -t python-imdb . Run the

Sarthak Babbar 1 Dec 30, 2021
Knock your images before these make you painful.

image-knocker Knock your images before these make you painful. Background One day, I had run my deep learning model training program and got off work

Yonghye Kwon 9 Jul 25, 2022
DAMPP (gui) is a Python based program to run simple webservers using MySQL, Php, Apache and PhpMyAdmin inside of Docker containers.

DAMPP (gui) is a Python based program to run simple webservers using MySQL, Php, Apache and PhpMyAdmin inside of Docker containers.

Sehan Weerasekara 1 Feb 19, 2022
Bitnami Docker Image for Python using snapshots for the system packages repositories

Python Snapshot packaged by Bitnami What is Python Snapshot? Python is a programming language that lets you work quickly and integrate systems more ef

Bitnami 1 Jan 13, 2022
Tools for writing awesome Fabric files

About fabtools includes useful functions to help you write your Fabric files. fabtools makes it easier to manage system users, packages, databases, et

1.3k Dec 30, 2022
pyinfra automates infrastructure super fast at massive scale. It can be used for ad-hoc command execution, service deployment, configuration management and more.

pyinfra automates/provisions/manages/deploys infrastructure super fast at massive scale. It can be used for ad-hoc command execution, service deployme

Nick Barrett 2.1k Dec 29, 2022
Dynamic DNS service

About nsupdate.info https://nsupdate.info is a free dynamic DNS service. nsupdate.info is also the name of the software used to implement it. If you l

nsupdate.info development 880 Jan 04, 2023
Python job scheduling for humans.

schedule Python job scheduling for humans. Run Python functions (or any other callable) periodically using a friendly syntax. A simple to use API for

Dan Bader 10.4k Jan 02, 2023