The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won’t check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that is not covered.
YATAS is a simple and easy to use tool to audit your infrastructure for misconfiguration or potential security issues.
brew tap padok-team/tap brew install yatas
yatas --init
Modify .yatas.yml to your needs.
yatas --install
Installs the plugins you need.
yatas -h
Flags:
--details
: Show details of the issues found.--compare
: Compare the results of the previous run with the current run and show the differences.--ci
: Exit code 1 if there are issues found, 0 otherwise.--resume
: Only shows the number of tests passing and failing.--time
: Shows the time each test took to run in order to help you find bottlenecks.--init
: Creates a .yatas.yml file in the current directory.--install
: Installs the plugins you need.--only-failure
: Only show the tests that failed.Plugins | Description | Checks |
---|---|---|
AWS Audit | AWS checks | Good practices and security checks |
Markdown Reports | Reporting | Generates a markdown report |
You can ignore results of checks by adding the following to your .yatas.yml
file:
ignore: - id: "AWS_VPC_004" regex: true values: - "VPC Flow Logs are not enabled on vpc-.*" - id: "AWS_VPC_003" regex: false values: - "VPC has only one gateway on vpc-08ffec87e034a8953"
You can exclude a test by adding the following to your .yatas.yml
file:
plugins: - name: "aws" enabled: true description: "Check for AWS good practices" exclude: - AWS_S3_001
To only run a specific test, add the following to your .yatas.yml
file:
plugins: - name: "aws" enabled: true description: "Check for AWS good practices" include: - "AWS_VPC_003" - "AWS_VPC_004"
You can get the error logs by adding the following to your env variables:
export YATAS_LOG_LEVEL=debug
The available log levels are: debug
, info
, warn
, error
, fatal
, panic
and off
by default
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…