Quiet Desk

Projects

Here is a list of my current open source projects which you can find on my GitHub profile.

 
workload.png

Workload Identity Federation

This repository contains a python module that allows users to access GCP from AWS without the use of static credentials (aka GCP service account keys). This module can be imported into any python script and leveraged to generate an ephemeral GCP service account access token.

Project Lockdown

Project Lockdown is a collection of automated remediation Cloud Functions designed to react to unsecure resource creations or configurations. Project Lockdown is meant to be deployed in a GCP environment and has the capabilities to monitor and remediate across your entire Organization hierarchy in a matter of seconds.

project_lockdown.png
org_policy_bot.png

GCP Organization Policy Bot

The GCP Organization Policy bot is a 100% serverless tool that analyzes GCP Organization Policies for updates and then posts to a slack channel as well as Twitter!

Terraform AWS Service Control Policy Suite

This repo is a collection of AWS Service Control Policies (SCPs) written in Hashicorp Terraform. Areas of coverage include AWS best practices and compliance frameworks such a ISO, SOC, PCI, HIPAA, FedRAMP, and more

terraform_aws_scp.png
github_banner.png

GCP Service Account Lister

This script crawls your GCP Organization and returns service accounts that have not been used in the past 90 days based on GCP Recommender Service Account Insight findings.

GCP API Key Lister

This script will inventory your entire GCP Organization's API keys and create two files: key_dump.json and keys.csv that contain all of your API keys.

github_logo.png
etd.jpeg

GCP Event Threat Detection Remediator

This repo contains all you need to begin automating remediations for GCP Event Threat Detection findings.

AWS Compliance SCP Lister

I was a co-contributor on this repository providing guidance and quality assurance testing. This repo automatically compiles an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.

aws_scp_edited.jpg
Image by Everyday basics

GCP IAM Monitor Bot

This project is aimed at tweeting each time there is an update to GCP IAM roles. Having insight into when your predefined roles are changed is important to monitor your permissions creep for users in GCP.

GCP IAM Analyzer

This project compares and analyzes GCP IAM roles to make your job easier. You can perform comparisons to determine:

  • What different permissions do 2 roles have?

  • What permissions do 2 roles share?

  • What permissions does a role have?

Much more to come!

Graphs
service_observer.png

GCP Service Observer

This is an application I created that displays GCP Service/API endpoint information for a given GCP project ID. Written in python/Flask and runs on Cloud Run in GCP.