cloud inquisitor v2.2.0 release: enforce ownership and data security within AWS

by do son · Published September 25, 2018 · Updated October 10, 2021

Cloud Inquisitor improves the security posture of an AWS footprint through:

monitoring AWS objects for ownership attribution, notifying account owners of unowned objects, and subsequently removing unowned AWS objects if ownership is not resolved.
detecting domain hijacking.
verifying security services such as Cloudtrail and VPC Flowlogs.
managing IAM policies across multiple accounts.

Architecture

Typically Cloud Inquisitor runs in a “Security” or “Audit” account with cross-account access through the use of AssumeRole.

Platforms

Cloud Inquisitor works on Python 3.5 or higher and Ubuntu 16.04.

Changelog v2.2.0

Usage

Dashboard

By default, the front-end dashboard shows:

Below is a sample screenshot showing what the dashboard looks like:

On the left-hand side of the UI, you are able to directly examine raw data:

EC2 Instances – shows all the EC2 Instance data that Cloud Inquisitor possess, which should represent all EBS volumes in use in your AWS infrastructure
EBS Volumes – shows all the EBS Volume data that Cloud Inquisitor possess, which should represent all EBS volumes in use in your AWS infrastructure
DNS – shows all the dns data that Cloud Inquisitor possess (shown below, the first screenshot)
Search – this gives you the ability to search for instances across the Cloud Inquisitor database. The search page has help functionality within the page as shown below (second screenshot)