AWS

Security

Set of tools to audit AWS CloudTrail events and audit logs.

Configuration

Holmes CLIRobusta Helm Chart

First, add the following environment variables:

export AWS_ACCESS_KEY_ID="<your AWS access key ID>"
export AWS_SECRET_ACCESS_KEY="<your AWS secret access key>"
export AWS_DEFAULT_REGION="us-west-2"

Then, add the following to ~/.holmes/config.yaml, creating the file if it doesn't exist:

toolsets:
    aws/security:
        enabled: true

To test, run:

holmes ask "Are there any security misconfigurations my signup application, particularly in the database?"

This builtin toolset is currently only available in HolmesGPT CLI.

Capabilities

Tool Name	Description
aws_cloudtrail_event_lookup	Fetches events of a specified type from AWS CloudTrail along with the users that called them
aws_cloudtrail_event_details	Fetches and returns full event details for an AWS CloudTrail event in JSON format given an event ID
aws_user_audit_logs	Fetches audit logs for a specified user from AWS CloudTrail in past 24 hours. Provide username as was output by aws_event_lookup or aws_event_details

RDS

Read access to Amazon RDS instances, events and logs.

Configuration

Holmes CLIRobusta Helm Chart

Configure RDS access with your AWS credentials and region settings.

This builtin toolset is currently only available in HolmesGPT CLI.

Capabilities

Tool Name	Description
aws_rds_describe_instances	Describe RDS instances
aws_rds_events	Get RDS events
aws_rds_logs	Retrieve RDS logs