...
- awscli-login – Access Keys for AWS CLI Using Cornell Two-Step Login - Shibboleth
- 99designs/aws-vault – A vault for securely storing and accessing AWS credentials in development environments
- rapid7/awsaml – Awsaml is an application for providing automatically rotated temporary AWS credentials.
- RiotGames/key-conjurer – Temporary Credential Service
- aws-rotate-key – Easily rotate your AWS access key
- synfinatic/aws-sso-cli – Tool to make it easier to use AWS SSO for the CLI and web console.
- toshke/aws-keys-sectool – Tool that helps to lock down IAM access keys by adding IP-restrictions to IAM policies.
- aws/rolesanywhere-credential-helper – rolesanywhere-credential-helper implements the signing process for IAM Roles Anywhere's CreateSession API and returns temporary credentials in a standard JSON format that is compatible with the
credential_process
feature available across the language SDKs.
...
Monitoring
- zoph-io/aws-security-survival-kit – Bare minimum AWS Security Alerting
Useful Articles
- Incident Response in AWS
- Lesser Known Techniques for Attacking AWS Environments – This post discusses lesser known attack techniques that bad actors can use in attacking AWS accounts, and how to defend against them.
- Github Actions & AWS OIDC
- GitHub Actions: Secure cloud deployments with OpenID Connect – GitHub Actions now supports OpenID Connect (OIDC) for secure deployments to cloud, which uses short-lived tokens that are automatically rotated for each deployment.
- AWS Access Keys - A Reference — This post outlines how to identify the different types of keys, where you’re likely to find them across the different services, and the order of access precedence for the different SDKs and tools.
- IAM Vulnerable - Assessing the AWS Assessment Tools
- AWS federation comes to GitHub Actions
- Cloud Security Orienteering - How to Rapidly Understand and Secure an AWS Cloud Environment (and corresponding checklist)
...