Cisco Meraki Administrator Security Management Tool

A comprehensive Infrastructure as Code solution for managing Cisco Meraki dashboard administrators with automated security monitoring and compliance reporting.

🚀 Features

📋 Architecture Overview

Simple workflow: CSV Data → Terraform → Meraki API → Security Analysis → Web Dashboard

🛠️ Prerequisites

Before you begin, ensure you have:

• Terraform >= 1.0 installed (Download)
• Python 3.6+ with pip (Download)
• Meraki Dashboard API Key with organization admin privileges
• Basic knowledge of CSV files and command line

⚡ Quick Start

1️⃣ Download and Setup

# Clone or download this repository
git clone https://github.com/yourusername/meraki-admin-security-tool.git
cd meraki-admin-security-tool

# Install Python dependencies
pip install requests

# Initialize Terraform
terraform init

2️⃣ Configure Your Environment

# Set your Meraki API key (recommended)
export MERAKI_API_KEY="your_api_key_here"

# OR create terraform.tfvars file
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your API key

3️⃣ Define Your Administrators

Edit admins.csv with your administrator details:

email,permission_level,organization_id
admin@company.com,full,123456
readonly@company.com,read-only,123456
security@company.com,full,654321
analyst@company.com,read-only,654321

4️⃣ Apply Configuration

# Preview changes
terraform plan

# Apply configuration
terraform apply

5️⃣ Generate Security Report

# Export data for dashboard
./export_outputs.sh

# Start web server (optional)
cd web_ui
python3 -m http.server 8080
# Open http://localhost:8080/dashboard.html

📊 Dashboard Features

Security Overview Cards

• Total Administrators - Complete count across all organizations
• High-Risk Administrators - Immediate attention required
• 2FA Compliance - Two-factor authentication adoption rate
• API Usage Status - Active vs. inactive API users

Risk Management Section

• Critical Security Risks - Administrators requiring immediate attention
• Detailed Risk Reasons - Specific security concerns explained
• Compliance Status - Visual indicators for quick assessment
• Actionable Recommendations - Clear next steps for remediation

Administrator Overview

• Complete Administrator List - All administrators with security details
• Permission Tracking - Current access levels and organization assignments
• Activity Monitoring - Last API usage and activity timestamps
• Security Status - Visual indicators for 2FA, API keys, and risk level

🔧 Configuration Options

Environment Variables

# Required: Meraki API Key
export MERAKI_API_KEY="your_meraki_api_key"

# Optional: Debug mode
export TF_LOG=DEBUG

# Optional: Custom CSV file location
export TF_VAR_admins_csv_file="custom_admins.csv"

Terraform Variables

CSV File Format

The administrators CSV file requires these columns:

• email (required): Administrator email address
• permission_level (required): full or read-only
• organization_id (required): Target Meraki organization ID

Example CSV Format:

email,permission_level,organization_id
john.admin@company.com,full,123456
jane.readonly@company.com,read-only,123456
security.team@company.com,full,654321

🚨 Security Monitoring

Automated Risk Assessment

The tool automatically identifies administrators who pose security risks:

High-Risk Criteria

• 2FA Not Enabled - Missing two-factor authentication
• Dormant API Keys - Have API access but haven't used it recently
• Inactive Administrators - No API activity beyond threshold period
• Permission Mismatches - Inappropriate access levels

Security Validation Logic

# Example security validation
is_high_risk = (
    not two_factor_enabled or
    (has_api_key and last_usage > 30_days_ago) or
    (has_api_key and never_used_api)
)

Compliance Reporting

• 2FA Adoption Rate - Percentage of administrators with 2FA enabled
• API Usage Statistics - Active vs. inactive API key holders
• Risk Distribution - Breakdown of security risk categories
• Trend Analysis - Historical compliance data (with regular runs)

🔄 Automation and CI/CD

GitHub Actions Integration

Create .github/workflows/security-check.yml:

name: Daily Security Check

on:
  schedule:
    - cron: '0 9 * * *'  # Daily at 9 AM
  workflow_dispatch:

jobs:
  security-check:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    
    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v2
    
    - name: Run Security Assessment
      env:
        MERAKI_API_KEY: ${{ secrets.MERAKI_API_KEY }}
      run: |
        terraform init
        terraform apply -auto-approve
        ./export_outputs.sh
    
    - name: Upload Security Report
      uses: actions/upload-artifact@v3
      with:
        name: security-report
        path: web_ui/terraform_outputs.json

Cron Automation

# Add to crontab for daily checks
0 9 * * * cd /path/to/project && terraform apply -auto-approve && ./export_outputs.sh

Automated Workflow: Schedule → Security Scan → Risk Assessment → Report Generation → Notification

🛠️ Advanced Usage

Multiple Organizations

email,permission_level,organization_id
admin@company.com,full,123456
admin@company.com,read-only,654321
regional@company.com,full,789012

Custom Risk Thresholds

# terraform.tfvars
api_inactivity_threshold_days = 45  # Custom threshold

Integration with External Systems

# Export data for external processing
terraform output -json > security_data.json

# Send to monitoring system
curl -X POST -H "Content-Type: application/json" \
  -d @security_data.json \
  https://your-monitoring-system.com/api/security-reports

🚨 Troubleshooting

Common Issues and Solutions

API Rate Limits

# Solution: Add delays between operations
export TF_LOG=DEBUG
terraform apply

# Check rate limit status
curl -H "X-Cisco-Meraki-API-Key: $MERAKI_API_KEY" \
  https://api.meraki.com/api/v1/organizations

Permission Errors

# Verify API key permissions
terraform output admin_summary

# Check organization access
curl -H "X-Cisco-Meraki-API-Key: $MERAKI_API_KEY" \
  "https://api.meraki.com/api/v1/organizations/YOUR_ORG_ID/admins"

CSV Format Issues

# Validate CSV format
python3 -c "import csv; print(list(csv.DictReader(open('admins.csv'))))"

Debug Mode

Enable detailed debug output for troubleshooting:

export TF_LOG=DEBUG
terraform apply

📈 Performance and Scale

Benchmarks

Optimization Tips

# Parallel execution for large deployments
terraform apply -parallelism=10

# Reduced API calls with caching
export TF_LOG=WARN  # Reduce logging overhead

🔐 Security Considerations

API Key Management

• Store API keys as environment variables only
• Never commit API keys to version control
• Use secure credential management in production
• Regularly rotate API keys

Access Control

• Limit API key permissions to required organizations
• Implement proper file permissions (600) for sensitive files
• Use HTTPS for all API communications
• Enable audit logging for all changes

Data Protection

# Secure file permissions
chmod 600 terraform.tfvars
chmod 600 *.tfstate
chmod +x scripts/*.py

🤝 Contributing

We welcome contributions! Please see our Contributing Guidelines.

Development Setup

# Fork and clone repository
git clone https://github.com/yourusername/meraki-admin-security-tool.git
cd meraki-admin-security-tool

# Install development dependencies
pip install requests pytest

# Run tests
terraform validate
python3 -m pytest tests/ (if tests exist)

# Format code
terraform fmt

Feature Requests

Have an idea? Create a discussion or open an issue!

Popular requested features:

• Slack/Teams notifications
• PDF report generation
• Historical trend analysis
• Custom security policies
• SSO integration
• Multi-tenant dashboard
• Email alerting system
• Custom compliance rules

📊 Output Examples

Terraform Outputs

# View security summary
terraform output admin_security_report

# Check risky administrators
terraform output risky_admins_alert

# View compliance metrics
terraform output two_factor_compliance

# API usage statistics
terraform output api_usage_summary

Example Output Format

{
  "risky_admins_alert": {
    "count": 2,
    "message": "Security risks detected",
    "details": {
      "admin@company.com": {
        "email": "admin@company.com",
        "organization_id": "123456",
        "reasons": ["2FA not enabled", "Has API key but never used APIs"]
      }
    }
  }
}

📋 File Structure

meraki-admin-security-tool/
├── README.md                   # This file
├── LICENSE                     # MIT License
├── main.tf                     # Main Terraform configuration
├── variables.tf                # Variable definitions
├── outputs.tf                  # Output definitions
├── terraform.tfvars.example   # Example variables file
├── admins.csv                  # Administrator definitions
├── export_outputs.sh          # Export script for web UI
├── scripts/
│   └── check_2fa_status.py    # Security monitoring script
├── web_ui/
│   └── dashboard.html         # Professional security dashboard
└── docs/
    ├── INSTALLATION.md        # Detailed installation guide
    └── TROUBLESHOOTING.md     # Common issues and solutions

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

MIT License - Feel free to use, modify, and distribute
Commercial use ✅ | Private use ✅ | Modification ✅ | Distribution ✅

🙏 Acknowledgments

• Cisco DevNet for the excellent Meraki Terraform provider
• HashiCorp for Terraform and comprehensive documentation

📞 Support and Community

⭐ If this tool helps you manage Meraki administrators more securely, please star the repository!

Made with ❤️ for the Cisco community

• By Udara Thenuwara