full screen background image
Sunday 18 February 2018
  • :
  • :

cloud inquisitor: tool to enforce ownership and data security within AWS

Cloud Inquisitor improves the security posture of an AWS footprint through:

  • monitoring AWS objects for ownership attribution, notifying account owners of unowned objects, and subsequently removing unowned AWS objects if ownership is not resolved.
  • detecting domain hijacking.
  • verifying security services such as Cloudtrail and VPC Flowlogs.
  • managing IAM policies across multiple accounts.


Typically Cloud Inquisitor runs in a “Security” or “Audit” account with cross-account access through the use of AssumeRole.


Cloud Inquisitor works on Python 3.5 or higher and Ubuntu 16.04.

  • Production deployment is done through Packer.
  • Development supports deployment via Docker or Packer.

Please see the Resources section below for further information.




By default, the front-end dashboard shows:

  • EC2 Instances that are running or stopped and which instances have a public IP.
  • Percentage of required tags compliance per account.

Below is a sample screenshot showing what the dashboard looks like:


On the left-hand side of the UI, you are able to directly examine raw data:

  • EC2 Instances – shows all the EC2 Instance data that Cloud Inquisitor possess,

which should represent all EBS volumes in use in your AWS infrastructure * EBS Volumes – shows all the EBS Volume data that Cloud Inquisitor possess, which should represent all EBS volumes in use in your AWS infrastructure * DNS – shows all the dns data that Cloud Inquisitor possess (shown below, the first screenshot) * Search – this gives you the ability to search for instances across the Cloud Inquisitor database. The search page has help functionality within the page as shown below



On the left-hand side, there are a bunch of admin options such as :

  • Accounts
  • Config
  • Users
  • Roles
  • Emails
  • Audit Log
  • Logs

In the Accounts section, you can review the current accounts that Cloud Inquisitor is auditing and modify accordingly. For example, to add a new account, select the dialog button on the very bottom right-hand side of the screen and select the “+” as shown below:


and then you can create your new account on the following screen:


The Config section is quite detailed and this is where you can perform extensive configuration on:

  • API
  • Authentication (Local/SAML)
  • Auditors
  • Collectors
  • Logging
  • Notifications (Email/Slack)
  • Schedulers

Below is a sample screenshot showing what the config capabilities look like:


Copyright 2017 Riot Games

Source: https://github.com/RiotGames/


Read more…


Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Part-Time Hacker || Child Pornography & Sexual Abuse Combat

Leave a Reply

Your email address will not be published. Required fields are marked *