v0.0.4

Author: gsoltis

README.md

@@ -78,6 +78,10 @@ Run `./rpCheckup` and view the generated report found in `output/`.
 rpCheckup uses [goldfiglabs/introspector](https://github.com/goldfiglabs/introspector) to snapshot the configuration of your AWS account. rpCheckup runs SQL queries to generate findings based on this snapshot. Introspector does the heavy lifting of importing and normalizing the configurations while rpCheckup is responsible for querying and report generation.
 
 ## Notes
+If the account you are scanning is not the master account in an Organization, other
+accounts in the Organization may be detected as external accounts. This is because
+non-master accounts may not have access to see the organization structure.
+
 Since rpCheckup relies on Introspector's snapshots, rpCheckup is unable to detect policies that are no longer attached. When detecting flapping or transient access, please use tools which utilize audit and security logs (CloudTrail, etc). See [here][2] for further information in preventing resource exposure.
 
 TODO: Add example runs against Endgame Terraform'd account.

build.sh

@@ -10,7 +10,7 @@ mkdir -p $DIR/dist
 cd $DIR
 
 # Pre-req: go get github.com/markbates/pkger/cmd/pkger
-GOBIN="${GOPATH:-~/go}"
+GOBIN="${GOPATH:-${HOME}/go}"
 $GOBIN/bin/pkger
 
 GOOS=darwin GOARCH=amd64 go build -o dist/rpCheckup_darwin_amd64

templates/resource_policies.gohtml

@@ -14,15 +14,15 @@
       }
 
       .report table {
-        font-size: 12px;
+        font-size: 16px;
         border-spacing: 0;
         margin: auto;
       }
 
       .report td,
       .report th {
         border: 1px solid #888;
-        padding: 4px 16px;
+        padding: 4px 10px;
         text-align: center;
       }
 
@@ -74,6 +74,20 @@
       .metadata {
         font-weight: bold;
       }
+
+      .links {
+        display: flex;
+        flex-direction: column;
+        justify-content: center;
+      }
+
+      .notes li {
+        padding: 4px;
+      }
+
+      .notes h4 {
+        text-align: center;
+      }
     </style>
   </head>
   <body>
@@ -124,19 +138,36 @@
           {{end}}
         </tbody>
       </table>
-      
+
       &mdash;
 
       <div class="two_columns" style="width:100%">
-        <section>
-            <a href="https://github.com/goldfiglabs/rpCheckup">goldfiglabs/rpCheckup</a> v0.0.2
+        <section class="notes">
+          <h4>Notes</h4>
+          <ol>
+            <li>
+              This report ignores resources that can, but currently don't, have resource
+              policies. That means many resources that are created and managed only by
+              IAM policies will not show up here. This report is intended to cover only the
+              places where a resource policy has been put in place.
+            </li>
+            <li>
+              If the account you are scanning is not the master account in an
+              Organization, other accounts in the Organization may be detected as
+              external accounts. This is because non-master accounts may not have
+              access to see the organization structure.
+            </li>
+          </ol>
         </section>
-        <section>
-            <a href="https://www.goldfiglabs.com/?utm_source=opensource&utm_medium=rpcheckup&utm_campaign=report">Gold Fig Labs</a>
+        <section class="links">
+            <p>
+              <a target="_blank" href="https://github.com/goldfiglabs/rpCheckup">goldfiglabs/rpCheckup</a> v0.0.4
+            </p>
+            <p>
+              Made by <a target="_blank" href="https://www.goldfiglabs.com/">Gold Fig Labs</a>
+            </p>
         </section>
       </div>
-
-
     </main>
   </body>
 </html>