...
- Multiple Resource Types
- asecure.cloud – Creates customized CloudFormation/Terraform templates to improve security of existing AWS resources, or deploy secured resources.
- cloud-custodian/cloud-custodian – Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
- toniblyx/prowler – Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
- aquasecurity/cloudsploit – Cloud Security Posture Management (CSPM)
- airbnb/streamalert – StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
- RhinoSecurityLabs/pacu – The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
- Netflix/security_monkey – Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
- RiotGames/cloud-inquisitor – Enforce ownership and data security within AWS
- tmobile/pacbot – Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud.
- darkbitio/aws-recon – Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
- righteousgambitresearch/quiet-riot – Unauthenticated enumeration of services, roles, and users in an AWS account or in every AWS account in existence.
- fivexl/terraform-aws-cloudtrail-to-slack – Terraform module that deploys resources to parse AWS CloudTrail events and send alerts to Slack for events that match pre-configured rules
- cloudquery/cloudquery – Open-source cloud asset inventory powered by SQL. Can also perform Terraform drift checks.
- turbot/steampipe – Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.
- CloudFormation
- cfripper – Library and CLI tool for analyzing CloudFormation templates and check them for security compliance
- stelligent/cfn_nag – The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
- Keys and Secrets
awslabs/git-secrets – Prevents you from committing secrets and credentials into git repositories
- exec-with-secrets – Handle secrets in Docker using AWS KMS, SSM parameter store, Secrets Manager, or Azure Key Vault
- dxa4481/truffleHog – Searches through git repositories for high entropy strings and secrets, digging deep into commit history
- zricethezav/gitleaks – Scan git repos (or files) for secrets using regex and entropy
- S3
Useful Articles
- Github Actions & AWS OIDC
- GitHub Actions: Secure cloud deployments with OpenID Connect – GitHub Actions now supports OpenID Connect (OIDC) for secure deployments to cloud, which uses short-lived tokens that are automatically rotated for each deployment.
- AWS Access Keys - A Reference — This post outlines how to identify the different types of keys, where you’re likely to find them across the different services, and the order of access precedence for the different SDKs and tools.
- IAM Vulnerable - Assessing the AWS Assessment Tools
- AWS federation comes to GitHub Actions
...