| agent: | Auto Exec |
What is an "Expert"? How do we create our own expert?
Add credentials for various integrations
Managing workspaces and access control
DagKnows Architecture Overview
Setting up SSO via Azure AD for Dagknows
Enable "Auto Exec" and "Send Execution Result to LLM" in "Adjust Settings" if desired
(Optionally) Add ubuntu user to docker group and refresh group membership
Deployment of an EKS Cluster with Worker Nodes in AWS
Adding, Deleting, Listing DagKnows Proxy credentials or key-value pairs
Comprehensive AWS Security and Compliance Evaluation Workflow (SOC2 Super Runbook)
AWS EKS Version Update 1.29 to 1.30 via terraform
Instruction to allow WinRM connection
MSP Usecase: User Onboarding Azure + M365
Post a message to a Slack channel
How to debug a kafka cluster and kafka topics?
Open VPN Troubleshooting (Powershell)
Execute a simple task on the proxy
Assign the proxy role to a user
Create roles to access credentials in proxy
Install OpenVPN client on Windows laptop
Setup Kubernetes kubectl and Minikube on Ubuntu 22.04 LTS
Install Prometheus and Grafana on the minikube cluster on EC2 instance in the monitoring namespace
update the EKS versions in different clusters
AI agent session 2024-09-12T09:36:14-07:00 by Sarang Dharmapurikar
Parse EDN content and give a JSON out
Check whether a user is there on Azure AD and if the user account status is enabled
Get the input parameters of a Jenkins pipeline
IAM Policy Compliance Check for Overly Permissive Statements
The workflow involves identifying and flagging any customer-managed IAM policy statements that include 'Effect': 'Allow' with 'Action': '*' over 'Resource': '*'. Such statements are considered overly permissive and are marked as NON_COMPLIANT. If the policy statement does not meet these criteria, it is marked as COMPLIANT. This process ensures that IAM policies adhere to security best practices by avoiding unrestricted access permissions.
- 1hwHhOX8E2BrT43hskEdFIdentify and flag any customer managed IAM policy statement includes 'Effect': 'Allow' with 'Action': '*' over 'Resource': '*' then the rule is NON_COMPLIANT otherwise COMPLIANT.
1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.The script checks IAM policies for non-compliant statements and tabulates the results.inputsoutputs1- 1.1xbTLCPeJjT4yg1x5GIG2List all customer managed IAM policies in the AWS region us-east-2.
1.1
List all customer managed IAM policies in the AWS region us-east-2.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.The script lists all customer managed IAM policies in the specified AWS region.inputsoutputsimport boto3 import json # Initialize IAM client with credentials iam_client = boto3.client( 'iam', region_name='us-east-2', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY') ) # List all customer managed policies response = iam_client.list_policies(Scope='Local') # Extract policy names policies = [policy['PolicyName'] for policy in response['Policies']] # Print the list of policies print(json.dumps(policies, indent=4))copied1.1 - 1.2gK9VsxxFLxIQQKswKWwDFor each IAM policy, retrieve and analyze the policy statements to identify any statement with 'Effect': 'Allow', 'Action': '*', and 'Resource': '*'.
1.2
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.The script retrieves and analyzes IAM policy statements to identify non-compliant policies with 'Effect': 'Allow', 'Action': '*', and 'Resource': '*'.inputsoutputsimport boto3 import json # Initialize IAM client with credentials iam_client = boto3.client( 'iam', region_name='us-east-2', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY') ) # List all customer managed policies response = iam_client.list_policies(Scope='Local') # Initialize compliance results dictionary compliance_results = {} # Iterate over each policy for policy in response['Policies']: policy_arn = policy['Arn'] policy_name = policy['PolicyName'] # Get policy version policy_version = iam_client.get_policy(PolicyArn=policy_arn)['Policy']['DefaultVersionId'] # Get policy document policy_document = iam_client.get_policy_version(PolicyArn=policy_arn, VersionId=policy_version)['PolicyVersion']['Document'] # Check each statement in the policy is_compliant = True for statement in policy_document.get('Statement', []): if (statement.get('Effect') == 'Allow' and statement.get('Action') == '*' and statement.get('Resource') == '*'): is_compliant = False break # Record compliance status compliance_results[policy_name] = 'NON_COMPLIANT' if not is_compliant else 'COMPLIANT' # Print the compliance results print(json.dumps(compliance_results, indent=4))copied1.2 - 1.3MQ9SuY8K5Q6B890dwskkFlag policies with such statements as NON_COMPLIANT and others as COMPLIANT.
1.3
Flag policies with such statements as NON_COMPLIANT and others as COMPLIANT.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.The script flags IAM policies with overly permissive statements as NON_COMPLIANT and others as COMPLIANT.inputsoutputsimport boto3 import json # Initialize IAM client with credentials iam_client = boto3.client( 'iam', region_name='us-east-2', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY') ) # List all customer managed policies response = iam_client.list_policies(Scope='Local') # Initialize compliance results dictionary compliance_results = {} # Iterate over each policy for policy in response['Policies']: policy_arn = policy['Arn'] policy_name = policy['PolicyName'] # Get policy version policy_version = iam_client.get_policy(PolicyArn=policy_arn)['Policy']['DefaultVersionId'] # Get policy document policy_document = iam_client.get_policy_version(PolicyArn=policy_arn, VersionId=policy_version)['PolicyVersion']['Document'] # Check each statement in the policy is_compliant = True for statement in policy_document.get('Statement', []): if (statement.get('Effect') == 'Allow' and statement.get('Action') == '*' and statement.get('Resource') == '*'): is_compliant = False break # Record compliance status compliance_results[policy_name] = 'NON_COMPLIANT' if not is_compliant else 'COMPLIANT' # Print the compliance results print(json.dumps(compliance_results, indent=4))copied1.3 - 1.4J0QXhZO45jad9S3ZGcfJTabulate the compliance results of the IAM policies.
1.4
Tabulate the compliance results of the IAM policies.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.The script tabulates the compliance results of IAM policies.inputsoutputsimport json # Compliance results from previous task compliance_results = { "AmazonEKS_EBS_CSI_Driver_Policy": "COMPLIANT", "dev-ecs-execution-policy-4698": "COMPLIANT", "AmazonSageMakerExecutionRoleForBedrockMarketplace_A5PKCFPHJ3Spolicy": "COMPLIANT", "eks-dev-396-alb-ingress": "COMPLIANT", "ci-ecs-execution-policy": "COMPLIANT", "eks-policy-prod-1525": "COMPLIANT", "akitra-reqd-permissions-part1": "COMPLIANT", "AllowAssumeRole-AWSServiceRoleForECS": "COMPLIANT", "khai_test_ssm_exec": "COMPLIANT", "eks-dev-396-cluster-ClusterEncryption20230825100453184500000014": "COMPLIANT", "AWSLambdaBasicExecutionRole-6fb2b237-cebe-4b0c-907a-18689d2a8c21": "COMPLIANT", "cluster-autoscaler-irsa-cluster-autoscaler": "COMPLIANT", "ecr-full-access": "COMPLIANT", "dev-controller-task-policy-4698": "COMPLIANT", "AmazonSageMakerExecutionRoleForBedrockMarketplace_5QBGRVH1WPYpolicy": "COMPLIANT", "AWSLambdaBasicExecutionRole-897ccca8-f1f7-4d45-bcae-509e5e0df4bf": "COMPLIANT", "ES-Policy": "COMPLIANT", "EC2StopInstancePolicy": "COMPLIANT", "CodeBuildBasePolicy-ci-codebuild-jenkins-codebuild-us-east-2": "COMPLIANT", "ecr-readonly": "COMPLIANT", "eks-prod-341-alb-ingress": "COMPLIANT", "BedrockInvokeModel": "COMPLIANT", "eks-dev-396-efs-csi-driver": "COMPLIANT", "eks-policy-dev-4698": "COMPLIANT", "prod-ecs-execution-policy-1525": "COMPLIANT", "TestAWSFullPolicy": "COMPLIANT", "aws-dag-sandbox-policy": "COMPLIANT", "AWSLambdaBasicExecutionRole-eb8ab677-e621-4773-9897-5bcc7e016166": "COMPLIANT", "eks-prod-341-efs-csi-driver": "COMPLIANT", "AmazonEKSReadOnlyAccess": "COMPLIANT", "eks-prod-341-cluster-ClusterEncryption2023091822371825660000001e": "COMPLIANT", "prod-controller-task-policy-1525": "COMPLIANT", "ci-controller-task-policy": "COMPLIANT", "ci-codebuild-jenkins-codebuild": "COMPLIANT", "all_eks_policy": "COMPLIANT", "AWSLambdaBasicExecutionRole-386a38d6-24d9-4bb3-9005-c48f010caa8f": "COMPLIANT", "InvokeModelPolicy": "COMPLIANT" } # Create a table to tabulate the compliance results table = context.newtable() table.num_rows = len(compliance_results) + 1 # +1 for header table.num_cols = 2 # Set table title and header table.title = "IAM Policy Compliance Results" table.has_header_row = True table.setval(0, 0, "Policy Name") table.setval(0, 1, "Compliance Status") # Populate the table with compliance results row = 1 for policy_name, status in compliance_results.items(): table.setval(row, 0, policy_name) table.setval(row, 1, status) row += 1 print("Compliance results have been tabulated successfully.")copied1.4