Aaia: AWS Identity and Access Management Visualizer and Anomaly Finder
(A)n(a)lysis of (I)dentity and (A)ccess
What does Aaia do?
Aaia (pronounced as shown here ) helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j. This helps in identifying the outliers easily. Since it is based on neo4j, one can query the graph using cipher queries to find the anomalies.
Aaia also supports modules to programmatically fetch data from neo4j database and process it in a custom fashion. This is mostly useful if any complex comparison or logic has to be applied which otherwise would not be easy through cipher queries.
Aaia was initially intended to be a tool to enumerate privilege escalation possibilities and find loopholes in AWS IAM. It was inspired by the quote by @JohnLaTwC
“Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.”
A sample visual of a dummy AWS Account’s IAM
A sample visual of a result of a cipher query to find all relations of a user in AWS IAM