Awesome
<br/> <div align="center">A curated list of awesome cloud security related resources.
</div> <br/>Awesome Cloud Security
🛡️ Awesome Cloud Security Resources ⚔️
Contents
- Standards
- Tools
- Reading materials
- Free Courses
- Paid Courses
- Bootcamps
- Trainings
- Certifications
- Resource
- Contributing
Standards
Compliances
Benchmarks
Tools
Infrastructure
- aws_pwn: A collection of AWS penetration testing junk
- aws_ir: Python installable command line utility for mitigation of instance and key compromises.
- aws-firewall-factory: Deploy, update, and stage your WAFs while managing them centrally via FMS.
- aws-vault: A vault for securely storing and accessing AWS credentials in development environments.
- awspx: A graph-based tool for visualizing effective access and resource relationships within AWS.
- azucar: A security auditing tool for Azure environments
- checkov: A static code analysis tool for infrastructure-as-code.
- cloud-forensics-utils: A python lib for DF & IR on the cloud.
- Cloud-Katana: Automate the execution of simulation steps in multi-cloud and hybrid cloud environments.
- cloudlist: Listing Assets from multiple Cloud Providers.
- Cloud Sniper: A platform designed to manage Cloud Security Operations.
- Cloudmapper: Analyze your AWS environments.
- Cloudmarker: A cloud monitoring tool and framework.
- Cloudsploit: Cloud security configuration checks.
- CloudQuery: Open source cloud asset inventory with set of pre-baked SQL policies for security and compliance.
- Cloud-custodian: Rules engine for cloud security, cost optimization, and governance.
- consoleme: A Central Control Plane for AWS Permissions and Access
- cs suite: Tool for auditing the security posture of AWS/GCP/Azure.
- Deepfence ThreatMapper: Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.
- dftimewolf: A multi-cloud framework for orchestrating forensic collection, processing and data export.
- diffy: Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix.
- ElectricEye: Continuously monitor AWS services for configurations.
- Forseti security: GCP inventory monitoring and policy enforcement tool.
- Hammer: A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources.
- kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code.
- Matano: Open source serverless security lake platform on AWS that lets you ingest, store, and analyze data into an Apache Iceberg data lake and run realtime Python detections as code.
- Metabadger: Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
- Open policy agent: Policy-based control tool.
- pacbot: Policy as Code Bot.
- pacu: The AWS exploitation framework.
- Prowler: Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
- ScoutSuite: Multi-cloud security auditing tool.
- Security Monkey: Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
- SkyWrapper: Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS.
- Smogcloud: Find cloud assets that no one wants exposed.
- Steampipe: A Postgres FDW that maps APIs to SQL, plus suites of API plugins and compliance mods for AWS/Azure/GCP and many others.
- Terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
- tfsec: Static analysis powered security scanner for Terraform code.
- Zeus: AWS Auditing & Hardening Tool.
Container
- auditkube: Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security.
- Falco: Container runtime security.
- mkit: Managed kubernetes inspection tool.
- Open policy agent: Policy-based control tool.
SaaS
- aws-allowlister: Automatically compile an AWS Service Control Policy with your preferred compliance frameworks.
- binaryalert: Serverless S3 yara scanner.
- cloudsplaining: An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
- Cloud Guardrails: Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives.
- Function Shield: Protection/destection lib of aws lambda and gcp function.
- FestIN: S3 bucket finder and content discover.
- GCPBucketBrute: A script to enumerate Google Storage buckets.
- IAM Zero: Detects identity and access management issues and automatically suggests least-privilege policies.
- Lambda Guard: AWS Lambda auditing tool.
- Policy Sentry: IAM Least Privilege Policy Generator.
- S3 Inspector: Tool to check AWS S3 bucket permissions.
- Serverless Goat: A serverless application demonstrating common serverless security flaws.
- SkyArk: Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS.
Penetration testing/learning
- ccat: Cloud Container Attack Tool.
- CloudBrute: A multiple cloud enumerator.
- cloudgoat: "Vulnerable by Design" AWS deployment tool.
- Leonidas: A framework for executing attacker actions in the cloud.
- Pwned Labs: Free hosted labs for learning cloud security.
- Sadcloud: Tool for spinning up insecure AWS infrastructure with Terraform.
- TerraGoat: Bridgecrew's "Vulnerable by Design" Terraform repository.
- WrongSecrets: A vulnerable app which demonstrates how to not use secrets. With AWS/Azure/GCP support.
Native tools
- AWS
- Artifact: Compliance report selfservice.
- Audit manager: Continuously audit for AWS usage.
- Certificate Manager: Private CA and certificate management service.
- CloudTrail: Record and log API call on AWS.
- Config: Configuration and resources relationship monitoring.
- Elastic Disaster Recovery: Application recovery service.
- Detective: Analyze and visualize security data and help security investigations.
- Firewall Manager: Firewall management service.
- GuardDuty: IDS service
- CloudHSM: HSM service.
- Inspector: Vulnerability discover and assessment service.
- KMS: KMS service
- Macie: Fully managed data security and data privacy service for S3.
- Network Firewall: Network firewall service.
- Secret Manager: Credential management service.
- Security Hub: Integration service for other AWS and third-party security service.
- Shield: DDoS protection service.
- Single Sign-On: Service of centrally manage access AWS or application.
- ThreatMapper: Identify vulnerabilities in running containers, images, hosts and repositories.
- VPC Flowlog: Log of network traffic.
- WAF: Web application firewall service.
- Azure
- Application Gateway: L7 load balancer with optional WAF function.
- DDoS Protection: DDoS protection service.
- Dedicated HSM: HSM service.
- Key Vault: KMS service
- Monitor: API log and monitoring related service.
- Security Center: Integration service for other Azure and third-party security service.
- Sentinel: SIEM service.
- GCP
- Access Transparency: Transparency log and control of GCP.
- Apigee Sense: API security monitoring, detection, mitigation.
- Armor: DDoS protection and WAF service
- Asset Inventory: Asset monitoring service.
- Assured workloads: Secure and compliant workloads.
- Audit Logs: API logs.
- Binanry Authorization: Binary authorization service for containers and serverless.
- Cloud HSM: HSM service.
- Cloud IDS: IDS service.
- Confidential VM: Encrypt data in use with VM.
- Context-aware Access: Enable zero trust access to applications and infrastructure.
- DLP: DLP service:
- EKM: External key management service
- Identity-Aware Proxy: Identity-Aware Proxy for protect the internal service.
- KMS: KMS service
- Policy Intelligence: Detect the policy related risk.
- Security Command Center: Integration service for other GCP security service.
- Security Scanner: Application security scanner for GAE, GCE, GKE.
- Shielded VM: VM with secure boot and vTPM.
- Event Threat Detection: Threat dection service.
- VPC Service Controls: GCP service security perimeter control.
Reading Materials
AWS
- Overiew of AWS Security
- AWS-IAM-Privilege-Escalation by RhinoSecurityLabs: A centralized source of all AWS IAM privilege escalation methods.
- MITRE ATT&CK Matrices of AWS
- AWS security workshops
- ThreatModel for Amazon S3: Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach
Azure
- Overiew of Azure Security
- Azure security fundamentals
- MicroBurst by NetSPI: A collection of scripts for assessing Microsoft Azure security
- MITRE ATT&CK Matrices of Azure
- Azure security center workflow automation
GCP
- Overiew of GCP Security
- GKE security scenarios demo
- MITRE ATT&CK Matrices of GCP
- Security response automation
Others
- Cloud Security Research by RhinoSecurityLabs
- CSA cloud security guidance v4
- Appsecco provides training
- Cloud Risk Encyclopedia by Orca Security: 900+ documented cloud security risks, with ability to filter by cloud vendor, compliance framework, risk category, and criticality.
Free Courses
Paid Courses
- DevSecOps – Kubernetes DevOps & Security
- DevSecOps: Insecure Docker Registry
- Learn Cloud Security, Kubernetes, DevSecOps, and more
- Certified Kubernetes Security Specialist (CKS)
Bootcamps
- On-Demand: DevSecOps: Beginner Edition Bootcamp
- On-Demand: Cloud Security: AWS Edition Bootcamp
- On-Demand: Container Security: Beginner Edition Bootcamp
Trainings
Certifications
- CCSP – Certified Cloud Security Professional
- AWS Certified Security - Specialty
- Microsoft Certified: Azure Security Engineer Associate
- Certified Kubernetes Security Specialist (CKS)
Resource
AWS
Others
Contributing
See contributing