...
- Access Key Management
awscli-login – Access Keys for AWS CLI Using Cornell Two-Step Login (Shibboleth)
- rapid7/awsaml – Awsaml is an application for providing automatically rotated temporary AWS credentials.
- 99designs/aws-vault – A vault for securely storing and accessing AWS credentials in development environments
- RiotGames/key-conjurer – Temporary Credential Service
- aws-rotate-key – Easily rotate your AWS access key
- IAM/Resources Policy
AWS Policy Generator – The AWS Policy Generator is a tool that enables you to create policies that control access to Amazon Web Services (AWS) products and resources.
- duo-labs/cloudtracker – CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
- goldfiglabs/rpCheckup – rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
- iann0036/iamlive – Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
Tools that Help Secure AWS Resources
- Multiple Resource Types
asecure.cloud – Creates customized CloudFormation/Terraform templates to improve security of existing AWS resources, or deploy secured resources.
- toniblyx/prowler – Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
- aquasecurity/cloudsploit – Cloud Security Posture Management (CSPM)
- airbnb/streamalert – StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
- RhinoSecurityLabs/pacu – The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
- Netflix/security_monkey – Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
- RiotGames/cloud-inquisitor – Enforce ownership and data security within AWS
- CloudFormation
- cfripper – Library and CLI tool for analyzing CloudFormation templates and check them for security compliance
- stelligent/cfn_nag – The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
- Keys and Secrets
- exec-with-secrets – Handle secrets in Docker using AWS KMS, SSM parameter store, Secrets Manager, or Azure Key Vault
- dxa4481/truffleHog – Searches through git repositories for high entropy strings and secrets, digging deep into commit history
- S3
...