Scout2 (https://nccgroup.github.io/Scout2/) is an open source tool that lets you audit the security of your AWS account. It produces reports similar to Trusted Advisor but only focuses on the area of security. With around 100 different checks, Scout2 produces a very complete solution to assess the level of security of your account.

We will use it to comprehend better some of the changes needed.

To do so, we will first clone the repository:

$ git clone https://github.com/nccgroup/Scout2  

We will then cd into the directory and install the packages needed to use the tool:

$ cd Scout2
$ pip install -r requirements.txt  

We can now use the tool to generate our security report as follows:

$ python Scout2.py 

The tool will collect several pieces of information on your account and finally generate an HTML report that you can open with your browser, as shown in the following screenshot:

The report is organized around different categories. Because our application is very simple, most of the interesting insights this report will produce will be around IAM, which you can find in the Security section of the report.

Aside from the IAM issues which we will address later in the chapter, Scout2 alerts us that CloudTrail isn't enabled in any of our regions. We will first look into this.