awesome-cloud-security

Cloud Security Toolkit

A curated collection of cloud security resources and tools for assessing and securing cloud environments.

🛡️ Awesome Cloud Security Resources ⚔️

GitHub

2k stars
44 watching
319 forks
last commit: about 1 month ago
Linked from 1 awesome list

awsaws-securityazureazure-securitycloud-computingcloud-securitycybersecuritygcpgcp-securitysecurity

Standards / Compliances

CSA STAR
ISO/IEC 27017:2015
ISO/IEC 27018:2019
MTCS SS 584

Standards / Benchmarks

CIS Benchmark

Tools / Infrastructure

aws_pwn 1,174 over 1 year ago : A collection of AWS penetration testing junk
aws_ir 344 over 3 years ago : Python installable command line utility for mitigation of instance and key compromises
aws-firewall-factory 237 9 days ago : Deploy, update, and stage your WAFs while managing them centrally via FMS
aws-vault 8,554 5 months ago : A vault for securely storing and accessing AWS credentials in development environments
awspx 924 about 2 years ago : A graph-based tool for visualizing effective access and resource relationships within AWS
azucar 565 about 2 years ago : A security auditing tool for Azure environments
checkov 7,214 5 days ago : A static code analysis tool for infrastructure-as-code
cloud-forensics-utils 467 7 days ago : A python lib for DF & IR on the cloud
Cloud-Katana 250 9 months ago : Automate the execution of simulation steps in multi-cloud and hybrid cloud environments
cloudlist 871 5 days ago : Listing Assets from multiple Cloud Providers
Cloud Sniper 182 8 months ago : A platform designed to manage Cloud Security Operations
Cloudmapper 6,017 5 months ago : Analyze your AWS environments
Cloudmarker 219 4 months ago : A cloud monitoring tool and framework
Cloudsploit 3,372 14 days ago : Cloud security configuration checks
CloudQuery 5,913 5 days ago : Open source cloud asset inventory with set of pre-baked SQL for security and compliance
Cloud-custodian 5,488 5 days ago : Rules engine for cloud security, cost optimization, and governance
consoleme 3,153 5 months ago : A Central Control Plane for AWS Permissions and Access
cs suite 1,145 about 2 years ago : Tool for auditing the security posture of AWS/GCP/Azure
Deepfence ThreatMapper 4,861 5 days ago : Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless
dftimewolf 299 5 days ago : A multi-cloud framework for orchestrating forensic collection, processing and data export
diffy 635 11 months ago : Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix
ElectricEye 966 9 days ago : Continuously monitor AWS services for configurations
Forseti security 1,276 over 1 year ago : GCP inventory monitoring and policy enforcement tool
Hammer 437 over 1 year ago : A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources
kics 2,117 9 days ago : Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code
Matano 1,482 5 months ago : Open source serverless security lake platform on AWS that lets you ingest, store, and analyze data into an Apache Iceberg data lake and run realtime Python detections as code
Metabadger 141 9 months ago : Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2)
Open policy agent : Policy-based control tool
pacbot 1,290 about 2 years ago : Policy as Code Bot
pacu 4,422 about 1 month ago : The AWS exploitation framework
PMapper 1,436 5 months ago : A tool for quickly evaluating IAM permissions in AWS
Prowler 10,941 4 days ago : Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool
ScoutSuite 6,794 28 days ago : Multi-cloud security auditing tool
Security Monkey 4,353 almost 4 years ago : Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time
SkyWrapper 104 over 3 years ago : Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS
Smogcloud 332 over 4 years ago : Find cloud assets that no one wants exposed
Steampipe 7,053 5 days ago : A Postgres FDW that maps APIs to SQL, plus suites of and for AWS/Azure/GCP and many others
Terrascan 4,779 7 days ago : Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure
tfsec 6,732 8 days ago : Static analysis powered security scanner for Terraform code
Zeus 708 almost 5 years ago : AWS Auditing & Hardening Tool

Tools / Container

auditkube 113 9 days ago : Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security
Falco 7,460 8 days ago : Container runtime security
mkit 402 over 3 years ago : Managed kubernetes inspection tool
Open policy agent : Policy-based control tool

Tools / SaaS

aws-allowlister 224 over 1 year ago : Automatically compile an AWS Service Control Policy with your preferred compliance frameworks
binaryalert 1,415 about 1 year ago : Serverless S3 yara scanner
cloudsplaining 2,009 13 days ago : An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report
Cloud Guardrails 183 about 1 year ago : Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives
Function Shield 39 about 5 years ago : Protection/destection lib of aws lambda and gcp function
FestIN 231 about 4 years ago : S3 bucket finder and content discover
GCPBucketBrute 494 over 1 year ago : A script to enumerate Google Storage buckets
IAM Zero 249 almost 2 years ago : Detects identity and access management issues and automatically suggests least-privilege policies
Lambda Guard 400 over 2 years ago : AWS Lambda auditing tool
Policy Sentry 2,028 13 days ago : IAM Least Privilege Policy Generator
S3 Inspector : Tool to check AWS S3 bucket permissions
Serverless Goat 320 5 months ago : A serverless application demonstrating common serverless security flaws
SkyArk 877 about 2 years ago : Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS

Tools / Penetration testing/learning

AWSGoat 1,760 about 2 months ago : AWSGoat is a vulnerable by design AWS infrastructure featuring OWASP Top 10 web application security risks (2021) and AWS service based misconfigurations
ccat 595 about 5 years ago : Cloud Container Attack Tool
CloudBrute 913 4 months ago : A multiple cloud enumerator
cloudgoat 2,991 11 days ago : "Vulnerable by Design" AWS deployment tool
Leonidas 535 19 days ago : A framework for executing attacker actions in the cloud
Pwned Labs : Free hosted labs for learning cloud security
Sadcloud 666 about 1 year ago : Tool for spinning up insecure AWS infrastructure with Terraform
TerraGoat 1,159 3 months ago : Bridgecrew's "Vulnerable by Design" Terraform repository
WrongSecrets 1,246 6 days ago : A vulnerable app which demonstrates how to not use secrets. With AWS/Azure/GCP support

Tools / Native tools / AWS

Artifact : Compliance report selfservice
Audit manager : Continuously audit for AWS usage
Certificate Manager : Private CA and certificate management service
CloudTrail : Record and log API call on AWS
Config : Configuration and resources relationship monitoring
Elastic Disaster Recovery : Application recovery service
Detective : Analyze and visualize security data and help security investigations
Firewall Manager : Firewall management service
GuardDuty : IDS service
CloudHSM : HSM service
Inspector : Vulnerability discover and assessment service
KMS : KMS service
Macie : Fully managed data security and data privacy service for S3
Network Firewall : Network firewall service
Secret Manager : Credential management service
Security Hub : Integration service for other AWS and third-party security service
Shield : DDoS protection service
Single Sign-On : Service of centrally manage access AWS or application
ThreatMapper 4,861 5 days ago : Identify vulnerabilities in running containers, images, hosts and repositories
VPC Flowlog : Log of network traffic
WAF : Web application firewall service

Tools / Native tools / Azure

Application Gateway : L7 load balancer with optional WAF function
DDoS Protection : DDoS protection service
Dedicated HSM : HSM service
Key Vault : KMS service
Monitor : API log and monitoring related service
Security Center : Integration service for other Azure and third-party security service
Sentinel : SIEM service

Tools / Native tools / GCP

Access Transparency : Transparency log and control of GCP
Apigee Sense : API security monitoring, detection, mitigation
Armor : DDoS protection and WAF service
Asset Inventory : Asset monitoring service
Assured workloads : Secure and compliant workloads
Audit Logs : API logs
Binanry Authorization : Binary authorization service for containers and serverless
Cloud HSM : HSM service
Cloud IDS : IDS service
Confidential VM : Encrypt data in use with VM
Context-aware Access : Enable zero trust access to applications and infrastructure
DLP : DLP service:
EKM : External key management service
Identity-Aware Proxy : Identity-Aware Proxy for protect the internal service
KMS : KMS service
Policy Intelligence : Detect the policy related risk
Security Command Center : Integration service for other GCP security service
Security Scanner : Application security scanner for GAE, GCE, GKE
Shielded VM : VM with secure boot and vTPM
Event Threat Detection : Threat dection service
VPC Service Controls : GCP service security perimeter control

Reading Materials / AWS

Overiew of AWS Security
AWS-IAM-Privilege-Escalation by RhinoSecurityLabs 901 over 5 years ago : A centralized source of all AWS IAM privilege escalation methods
MITRE ATT&CK Matrices of AWS
AWS security workshops
ThreatModel for Amazon S3 151 about 1 year ago : Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach

Reading Materials / Azure

Overiew of Azure Security
Azure security fundamentals
MicroBurst by NetSPI 2,068 about 1 month ago : A collection of scripts for assessing Microsoft Azure security
MITRE ATT&CK Matrices of Azure
Azure security center workflow automation 1,717 6 days ago

Reading Materials / GCP

Overiew of GCP Security
GKE security scenarios demo 94 4 months ago
MITRE ATT&CK Matrices of GCP
Security response automation 209 over 1 year ago

Reading Materials / Others

Cloud Security Research by RhinoSecurityLabs 358 over 4 years ago
CSA cloud security guidance v4
Appsecco provides training 928 about 2 years ago
Cloud Risk Encyclopedia by Orca Security : 900+ documented cloud security risks, with ability to filter by cloud vendor, compliance framework, risk category, and criticality

Free Courses

AWS Security
DevSecOps – Kubernetes DevOps & Security
DevSecOps: Insecure Docker Registry
Learn Cloud Security, Kubernetes, DevSecOps, and more
Certified Kubernetes Security Specialist (CKS)

Bootcamps

On-Demand: DevSecOps: Beginner Edition Bootcamp
On-Demand: Cloud Security: AWS Edition Bootcamp
On-Demand: Container Security: Beginner Edition Bootcamp

Trainings

Attacking and Defending AWS

Certifications

CCSP – Certified Cloud Security Professional
AWS Certified Security - Specialty
Microsoft Certified: Azure Security Engineer Associate
Certified Kubernetes Security Specialist (CKS)

Resource / AWS

Bucket search by grayhatwarfare

Resource / Others

Mapping of On-Premises Security Controls vs. Major Cloud Providers Services

Backlinks from these awesome lists:

More related projects: