Create a Neo4J graph of users and roles trust policies within an AWS Organization
AWS_ORG_MAPPER
This tool uses sso-oidc to authenticate to the AWS organization. Once authenticated the tool will attempt to enumerate all users and roles in the organization and map their trust relations.
The graph can be explored using Neo4j desktop or web client. Below you can find some sample queries that can help extract useful information from the graph.
Using this tool users can discover how role trusts are delegated in the organization and can help identify improve account isolation within the organization. For example, if there exists a role assumption path between two accounts the graph will be able to identify which roles and users are used to connect two accounts.
Requirements
- Neo4j
- boto3
- AWS SSO Account
- py2neo
How to