forked from aquasecurity/cloudsploit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
start.sh
22 lines (14 loc) · 1 KB
/
start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
cd /var/scan/cloudsploit
#If running ECS task or other AWS workload with appropriate execution/task role, then it will automatically assume the role
aws sts assume-role --role-arn $ASSUME_ROLE_ARN --external-id $EXTERNAL_ID --role-session-name $CLIENT_ID > assumed-role.txt
export AWS_ACCESS_KEY_ID=$(cat assumed-role.txt | jq -r '.Credentials.AccessKeyId')
export AWS_SECRET_ACCESS_KEY=$(cat assumed-role.txt | jq -r '.Credentials.SecretAccessKey')
export AWS_SESSION_TOKEN=$(cat assumed-role.txt | jq -r '.Credentials.SessionToken')
#aws configure set aws_access_key_id $ACCESS_KEY_ID_ASSUMED_ROLE --profile $CLIENT_ID
#aws configure set aws_secret_access_key $SECRET_ACCESS_KEY_ASSUMED_ROLE --profile $CLIENT_ID
#aws configure set aws_session_token $SESSION_TOKEN_ASSUMED_ROLE --profile $CLIENT_ID
#aws configure set default.region us-east-1 --profile $CLIENT_ID
#Run CloudSploit
./index.js --output=csv --console=table
#Output Results to s3
aws s3 cp . s3://automatedscanresults/$CLIENT_ID/$PROJECT_ID/cloudsploit