MCPcopy Index your code
hub / github.com/StevenSmiley/aws-mine

github.com/StevenSmiley/aws-mine @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
11 symbols 39 edges 13 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

aws-mine

A honey token system for AWS

Purpose

Create AWS access keys that can be placed in various places to tempt bad guys. If used, you will be notified within ~4 minutes. You can then investigate that asset to determine if it may have been compromised.

demo

Architecture

Architecture diagram

Deployment

Deploy via AWS Amplify

This application is built using AWS Amplify, a fully-managed web hosting service.

  1. Clone the repository.
  2. Create a dedicated AWS account for honey tokens. Even though this project doesn't interact with other services or grant any access to the account, it is still best practice to keep it isolated from anything else.
  3. In the dedicated account, create a new AWS Amplify app and direct it to your git repository.
  4. AWS Amplify will deploy the application and return the URL where you can access it.

Configure a notification subscription

aws-mine creates an Amazon SNS topic where messages are published if access keys are used. Create a subscription to this topic with an email address where you would like to receive notifications.

Configure user access

By default the application manages users in an Amazon Cognito user pool, and requires TOTP MFA. Add new users in the Cognito console, self sign-up is disabled.

You can configure single sign-on via SAML, for example with AWS IAM Identity Center, using the AWS Amplify instructions.

Usage

In the aws-mine console, create 'mines' (a pair of keys including the key id and secret access key). Make sure to provide a helpful description of where they will be placed. If you receive notification that they have been used, you will want to know where they were placed originally so you can determine if that asset has been compromised.

Copy and paste pairs of AWS access keys anywhere you want to tempt bad guys and detect if someone tries to use them. These are normally placed into an AWS credentials file at ~/.aws/credentials on macOS and Linux, or %USERPROFILE%.aws\credentials on Windows.

Similar projects

License

This project is licensed under the MIT-0 License. See the LICENSE file.

Core symbols most depended-on inside this repo

createMine
called by 1
src/App.tsx
deleteMine
called by 1
src/App.tsx
resetMine
called by 1
src/App.tsx
handleTrippedMine
called by 1
amplify/functions/tripped-mine/handler.ts
createIAMUserAndAccessKeys
called by 1
amplify/functions/generate-mine/handler.ts
App
called by 0
src/App.tsx
confirmDelete
called by 0
src/App.tsx
resetSelectedMines
called by 0
src/App.tsx

Shape

Function 11

Languages

TypeScript100%

Modules by API surface

src/App.tsx6 symbols
amplify/functions/tripped-mine/handler.ts2 symbols
amplify/functions/generate-mine/handler.ts2 symbols
amplify/functions/disarm-mine/handler.ts1 symbols

For agents

$ claude mcp add aws-mine \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact