Awesome
Awesome Cloud Security 
Cloud Security blogs, podcasts, standards, projects, and examples.
Contents
- Public Cloud Governance
- Containers
- Cloud Security Standards
- Learning
- Certifications
- Projects
- Examples
- Misc
- Contribute
- License
Public Cloud Governance
AWS Governance
-
AWS - Patterns
URL Services
| Service | URL |
|---|---|
| s3 | https://{user_provided}.s3.amazonaws.com |
| cloudfront | https://{random_id}.cloudfront.net |
| ec2 | ec2-{ip-seperated}.compute-1.amazonaws.com |
| es | https://{user_provided}-{random_id}.{region}.es.amazonaws.com |
| elb | http://{user_provided}-{random_id}.{region}.elb.amazonaws.com:80/443 |
| elbv2 | https://{user_provided}-{random_id}.{region}.elb.amazonaws.com |
| rds | mysql://{user_provided}.{random_id}.{region}.rds.amazonaws.com:3306 |
| rds | postgres://{user_provided}.{random_id}.{region}.rds.amazonaws.com:5432 |
| route 53 | {user_provided} |
| execute-api | https://{random_id}.execute-api.{region}.amazonaws.com/{user_provided} |
| cloudsearch | https://doc-{user_provided}-{random_id}.{region}.cloudsearch.amazonaws.com |
| transfer | sftp://s-{random_id}.server.transfer.{region}.amazonaws.com |
| iot | mqtt://{random_id}.iot.{region}.amazonaws.com:8883 |
| iot | https://{random_id}.iot.{region}.amazonaws.com:8443 |
| iot | https://{random_id}.iot.{region}.amazonaws.com:443 |
| mq | https://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:8162 |
| mq | ssl://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:61617 |
| kafka | b-{1,2,3,4}.{user_provided}.{random_id}.c{1,2}.kafka.{region}.amazonaws.com |
| kafka | {user_provided}.{random_id}.c{1,2}.kafka.useast-1.amazonaws.com |
| cloud9 | https://{random_id}.vfs.cloud9.{region}.amazonaws.com |
| mediastore | https://{random_id}.data.mediastore.{region}.amazonaws.com |
| kinesisvideo | https://{random_id}.kinesisvideo.{region}.amazonaws.com |
| mediaconvert | https://{random_id}.mediaconvert.{region}.amazonaws.com |
| mediapackage | https://{random_id}.mediapackage.{region}.amazonaws.com/in/v1/{random_id}/channel |
MultiCloud Governance
Kubernetes Operators
- Aqua
- Misc
Container Tools
- Anchore
- Aqua
- Misc
Cloud Security Standards
Learning
Blogs
Courses
- Oracle
- A Cloud Guru
- Learning Paths
Labs
- AWS Workshops
- AWS Identity: Using Amazon Cognito for serverless consumer apps
- AWS Network Firewall Workshop
- AWS Networking Workshop
- Access Delegation
- Amazon VPC Endpoint Workshop
- Build a Vulnerability Management Program Using AWS for AWS
- Data Discovery and Classification with Amazon Macie
- Data Protection
- DevSecOps - Integrating security into your pipeline
- Disaster Recovery on AWS
- Finding and addressing Network Misconfigurations on AWS
- Firewall Manager Service - WAF Policy
- Getting Hands on with Amazon GuardDuty
- Hands on Network Firewall Workshop
- Implementing DDoS Resiliency
- Infrastructure Identity on AWS
- Integrating security into your container pipeline
- Integration, Prioritization, and Response with AWS Security Hub
- Introduction to WAF
- Permission boundaries: how to delegate permissions on AWS
- Protecting workloads on AWS from the instance to the edge
- Scaling threat detection and response on AWS
- Serverless Identity
- PagerDuty Training Lab
Podcasts
Vulnerable By Design
Certifications
- Cloud Vendors
- ISC<sup>2</sup> - International Information System Security Certification Consortium
- CSA - Cloud Security Alliance
Projects
Alerting
Automated Security Assessment
- Prowler
- CloudFox
- SkyArk
- Pacu
- Bucket Finder
- Boto3
- Principal Mapper
- ScoutSuite
- s3_objects_check
- cloudsplaining
- weirdAAL
- cloudmapper
- NetSPI/AWS_Consoler
Benchmarking
Data Loss Prevention
Firewall Management
- globaldatanet
Identity and Access Management
- AWS Labs
- Duo Labs
- Netflix
- Salesforce
- welldone.cloud
- Misc
Incident Response
- AWS
- Netflix
- PagerDuty
- PagerDuty Automated Remediation Docs
- PagerDuty Business Response Docs
- PagerDuty DevSecOps Docs
- PagerDuty Full Case Ownership Docs
- PagerDuty Full Service Ownership Docs
- PagerDuty Going OnCall Docs
- PagerDuty Incident Response Docs
- PagerDuty Operational Review Docs
- PagerDuty PostMortem Docs
- PagerDuty Retrospectives Docs
- PagerDuty Stakeholder Communication Docs
- Velocidex
Spring
Threat modeling
- ThreatModel for Amazon S3 - Library of all the attack scenarios on Amazon S3 and how to mitigate them, following a risk-based approach
Examples
Ex. Automated Security Assessment
- AWS Config Rules Repository
- AWS Inspector Agent Autodeploy
- AWS Inspector Auto Remediation
- AWS Inspector Lambda Finding Processor
Ex. Identity and Access Management
Ex. Logging
- AWS Centralized Logging
- AWS Config Snapshots to ElasticSearch
- AWS CloudWatch Events Monitor Security Groups
Ex. Web Application Firewall
Misc
- Other Awesome Lists
Contribute
Contributions welcome! Read the contribution guidelines first.
License
To the extent possible under law, Jacob Silva has waived all copyright and related or neighboring rights to this work.