aws-allowlister
Policy generator
Automatically generates AWS Service Control Policies based on compliance frameworks and custom service inclusions/exclusions
Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.
224 stars
11 watching
34 forks
Language: Python
last commit: over 1 year ago
Linked from 2 awesome lists
awscloudcloud-securitycomplianceiamsalesforcesecurity
4ndersonlin/awesome-cloud-security
funkmyster/awesome-cloud-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
| salesforce/policy_sentry | Automates the creation of least-privilege IAM policies for AWS services | 2,014 |
| salesforce/cloudsplaining | A tool that scans AWS IAM policies to identify security vulnerabilities and generates a report with recommendations for remediation | 1,998 |
| salesforce/terraform-provider-policyguru | Generates and manages least privilege IAM policies using an external audit service | 30 |
 cloudtools/awacs | A Python library to create and manage AWS Access Policy Language JSON | 395 |
| salesforce/metabadger | Automates upgrades to secure AWS Instance Metadata Service v2 to prevent SSRF attacks on EC2 instances | 138 |
 open-sl/serverless-permission-generator | An application that generates AWS IAM permissions required for deploying Serverless Framework stacks | 47 |
 welldone-cloud/aws-lint-iam-policies | A tool that analyzes AWS IAM policies to detect security vulnerabilities and best practice violations. | 111 |
 awslabs/aws-config-rules | Repository of custom Config rules for AWS resources to enforce compliance and security standards | 1,612 |
| awslabs/terraform-iam-policy-validator | A tool to validate Terraform IAM policies against AWS best practices and security standards. | 298 |
 aws-cloudformation/cloudformation-guard | An evaluation tool for JSON- and YAML-formatted data against pre-defined policies written in a domain-specific language. | 1,294 |
 aws-solutions/aws-waf-security-automations | Automates deployment of AWS WAF security rules to protect against common web-based attacks | 857 |
 udondan/iam-floyd | A tool for generating AWS IAM policy statements with a fluent interface. | 549 |
| awslabs/cwe-monitor-secgrp | A CloudWatch Events rule Lambda function that checks security group permissions against a pre-configured policy and logs non-compliant changes. | 25 |
| awslabs/aws-iam-generator | Automates AWS IAM user and group creation based on configuration files. | 240 |
 netflix-skunkworks/policyuniverse | A Python package for parsing and processing AWS IAM policies and statements. | 428 |