AWS Cross-Account Trust Graphing Interrogate Your AWS Environments

January 14, 2021 | IN AWS, Query, Video | BY Akash Ganapathi
circle
circle

This is one in a series of short, simple J1 queries that will help you interrogate your AWS environments. The JupiterOne platform used to run these queries is free.

In a complex AWS environment, there are often many cross-account trusts that are put in place. This is not unique to multiple AWS accounts internally, but sometimes externally as well. It can be valuable to understand how your AWS accounts are linked together via which roles. Akash runs a query that will dynamically generate a cross-account trust diagram that exposes these relationships.

Cut-and-Paste Query

Here’s the query you can use to cut-and-paste into your J1 instance. Watch JupiterOne technical expert, Akash Ganapathi, walk through the example query and then display the results in real time. If you find this useful, give us some contact info at the bottom of this page and we’ll send you twice a month updates as we continue to explore various environments with JupiterOne.

FIND aws_account
   THAT HAS aws_iam
   THAT HAS aws_iam_role AS a
   THAT (trusts|assigned) (Account|AccessRole|User|UserGroup) AS b
   WHERE a.tag.AccountName!=b.tag.AccountName 
RETURN tree

 

 

Contribute your J1 Query to the Community

We will frequently be adding cut-and-paste J1 queries to our gallery. Join the community and every two weeks we’ll send you a list of new queries. You can contribute your own queries for inclusion and examination in an upcoming article. Use the form below to join us.