cwe-monitor-secgrp
Permission checker
A CloudWatch Events rule Lambda function that checks security group permissions against a pre-configured policy and logs non-compliant changes.
This CloudWatch Events rule Lambda function evaluates AWS API calls that change Amazon EC2 security group ingress rules. The function flags rules that violate a preconfigured policy.
25 stars
58 watching
30 forks
Language: Python
last commit: almost 5 years ago
Linked from 1 awesome list
funkmyster/awesome-cloud-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
| awslabs/amazon-inspector-auto-remediate | Automatically patches vulnerable EC2 instances after receiving an Inspector assessment notification | 58 |
| awslabs/amazon-inspector-agent-autodeploy | Automates deployment of security agent to newly launched EC2 instances using AWS Lambda and SSM | 28 |
| awslabs/amazon-inspector-finding-forwarder | Script to process and forward Amazon Inspector findings via SNS to a specified email address. | 39 |
 salesforce/aws-allowlister | Automatically generates AWS Service Control Policies based on compliance frameworks and custom service inclusions/exclusions | 224 |
 rafalwilinski/cloudwatch-public-metrics | Exposes AWS Cloudwatch Metrics as a public HTML page using AWS Lambda and server-side rendering | 28 |
 nccgroup/s3_objects_check | Identifies publicly accessible objects in an AWS S3 bucket based on effective permissions | 74 |
 aws-samples/lambda-ecs-worker-pattern | This code example illustrates how to extend AWS Lambda functionality using Amazon SQS and the Amazon EC2 Container Service (ECS) to process large tasks outside of Lambda's execution time limit. | 290 |
| awslabs/aws-security-automation | Automated incident response and security remediation tools for AWS services | 620 |
| awslabs/aws-lambda-redshift-loader | An AWS Lambda function that automates data loading from Amazon S3 into an Amazon Redshift database cluster | 597 |
 cyberark/skywrapper | Detects suspicious temporary token usage in an AWS account to identify potential security threats. | 104 |
 shimat/opencvsharp_awslambdasample | A proof-of-concept project demonstrating the use of OpenCvSharp in an AWS Lambda function. | 3 |
 portswigger/aws-security-checks | A set of automated security checks for AWS services written in Python to identify potential vulnerabilities and configuration issues. | 36 |
| salesforce/cloudsplaining | A tool that scans AWS IAM policies to identify security vulnerabilities and generates a report with recommendations for remediation | 1,998 |
 aws-solutions/aws-waf-security-automations | Automates deployment of AWS WAF security rules to protect against common web-based attacks | 857 |
 aws-cloudformation/cloudformation-guard | An evaluation tool for JSON- and YAML-formatted data against pre-defined policies written in a domain-specific language. | 1,294 |