...
- awscli-login – Access Keys for AWS CLI Using Cornell Two-Step Login - Shibboleth
- 99designs/aws-vault – A vault for securely storing and accessing AWS credentials in development environments
- rapid7/awsaml – Awsaml is an application for providing automatically rotated temporary AWS credentials.
- RiotGames/key-conjurer – Temporary Credential Service
- aws-rotate-key – Easily rotate your AWS access key
- synfinatic/aws-sso-cli – Tool to make it easier to use AWS SSO for the CLI and web console.
- toshke/aws-keys-sectool – Tool that helps to lock down IAM access keys by adding IP-restrictions to IAM policies.
- aws/rolesanywhere-credential-helper – rolesanywhere-credential-helper implements the signing process for IAM Roles Anywhere's CreateSession API and returns temporary credentials in a standard JSON format that is compatible with the
credential_process
feature available across the language SDKs. - tuladhar/cleanup-aws-access-keys – tool to search and clean up unused AWS access keys
IAM/Resources Policy
- AWS Policy Generator – The AWS Policy Generator is a tool that enables you to create policies that control access to Amazon Web Services (AWS) products and resources.
- salesforce/policy_sentry – IAM Least Privilege Policy Generator
- duo-labs/cloudtracker – CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
- goldfiglabs/rpCheckup – rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources
- iann0036/iamlive – Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
- Netflix/repokid – Repokid removes permissions granting access to unused services from the inline policies of IAM roles in an AWS account
- aminohealth/wonk - tool that analyzes IAM policies and minimizes them to fit under IAM policy length limits aws.permissions.cloud – uses a variety of information gathered within the IAM Dataset and exposes that information in a clean, easy-to-read format
- ermetic/access-undenied-aws – parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps
- https://aws.permissions.cloud/ – comprehensive list of IAM actions, permissions, and API methods
- BishopFox/iam-vulnerable – Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
- PaloAltoNetworks/IAM-Deescalate – Helps mitigate privilege escalation risk in AWS identity and access management
- duo-labs/parliament – AWS IAM linting library to find malformed json, incorrect prefix and action names, incorrect resources or conditions for the actions provided, etc.
- flosell/iam-policy-json-to-terraform – Tool to convert an IAM Policy in JSON format into a Terraform aws_iam_policy_document
Tools that Help Secure AWS Resources
...
- asecure.cloud – Creates customized CloudFormation/Terraform templates to improve security of existing AWS resources, or deploy secured resources
- cloud-custodian/cloud-custodian – Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
- toniblyx/prowler – Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness
- aquasecurity/cloudsploit – Cloud Security Posture Management (CSPM)
- airbnb/streamalert – StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define
- RhinoSecurityLabs/pacu – The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
- RhinoSecurityLabs/cloudgoat – CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
- Netflix/security_monkey – Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
- RiotGames/cloud-inquisitor – Enforce ownership and data security within AWS
- tmobile/pacbot – Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud.
- darkbitio/aws-recon – Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
- righteousgambitresearch/quiet-riot – Unauthenticated enumeration of services, roles, and users in an AWS account or in every AWS account in existence.
- fivexl/terraform-aws-cloudtrail-to-slack – Terraform module that deploys resources to parse AWS CloudTrail events and send alerts to Slack for events that match pre-configured rules
- cloudquery/cloudquery – Open-source cloud asset inventory powered by SQL. Can also perform Terraform drift checks.
- turbot/steampipe – Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.
- simonw/s3-credentials – A tool for creating credentials for accessing S3 buckets. Helps generate tightly-scoped IAM policies limited to a single prefix within a single bucket.
- nccgroup/ScoutSuite – Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.
- DataDog/stratus-red-team – Stratus Red Team is "Atomic Red Team™" for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.
- awslabs/aws-cloudsaga – Simulate security events in AWS
- awslabs/aws-automated-incident-response-and-forensics – The Automated Incident Response and Forensics aims to facilitate automated steps for incident response and forensics based on the AWS Incident Response White Paper
- awslabs/aws-security-assessment-solution – An AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks.
- jonrau1/ElectricEye – Continuously monitor your AWS attack surface and evaluate services for configurations that can lead to degradation of confidentiality, integrity or availability.
- ovotech/domain-protect – Protect against subdomain takeover by looking for dangling DNS (Route 53) records
- 9rnt/poro – Scan for publicly accessible assets on your AWS cloud environment
- aws-cloudformation/cloudformation-guard – Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules.
- awslabs/assisted-log-enabler-for-aws – Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on. Can easily enable logging for S3 access, CloudTrail, load balancers, EKS, VPC flow logs, Route 53 resolver logs.
- BishopFox/cloudfox – Automating situational awareness for cloud penetration tests.
- flosell/trailscraper – CLI tool to get information out of AWS CloudTrail logs
CloudFormation
- cfripper – Library and CLI tool for analyzing CloudFormation templates and check them for security compliance
- stelligent/cfn_nag – The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
- bridgecrewio/checkov – Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Keys and Secrets
awslabs/git-secrets – Prevents you from committing secrets and credentials into git repositories
- exec-with-secrets – Handle secrets in Docker using AWS KMS, SSM parameter store, Secrets Manager, or Azure Key Vault
- dxa4481/truffleHog – Searches through git repositories for high entropy strings and secrets, digging deep into commit history
- zricethezav/gitleaks – Scan git repos (or files) for secrets using regex and entropy
...
Log Querying
- https://github.com/Permiso-io-tools/CloudGrappler –A purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure
- https://github.com/Permiso-io-tools/CloudConsoleCartographer – A framework for condensing groupings of cloud events (e.g. CloudTrail logs) and mapping them to the original user input actions in the management console UI for simplified analysis and explainability
Monitoring
- zoph-io/aws-security-survival-kit – Bare minimum AWS Security Alerting
...
- AWS Security Workshops – A collection of the latest AWS Security workshops from AWS
- Serverless Security Workshop – In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. From AWS
- flAWS 2 Challenge – Teaches you AWS (Amazon Web Services) security concepts. The challenges are focused on AWS specific issues, so no buffer overflows, XSS, etc. Able to be attacker or defender for challenges.
- CI/CDon't – An active learning exercise where you plan the bad guy where your goal is to gain access to administrative credentials for an AWS account.
- https://github.com/avishayil/cdk-goat – Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure
- https://github.com/BishopFox/cloudfoxable – Create your own vulnerable by design AWS penetration testing playground
Other Compilations of Security Resources
- puresec/awesome-serverless-security – A curated list of serverless security resources such as (e)books, articles, whitepapers, blogs and research papers.
- toniblyx/my-arsenal-of-aws-security-tools – List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
- ramimac/aws-customer-security-incidents - A repository of breaches of AWS customers
- hackingthe.cloud - An encyclopedia for offensive and defensive security knowledge in cloud native technologies (repo / website)