Cloudberry Engineering

Resources on AWS security

Articles
A Collection of Cloud Security Tools

18 Oct 2020, tools aws gcp azure

Shared Responsibility Models for Public Clouds

26 Sep 2020, gcp azure aws threat-modeling

Tools
aardvark

Aardvark is a multi-account AWS IAM Access Advisor API
🔗, aws iam

actionhero

Action Hero is a sidecar style utility to assist with creating least privilege IAM Policies for AWS.
🔗, aws iam

AirIAM

Least privilege AWS IAM Terraformer
🔗, declarative-infra terraform aws iam

amazon-s3-find-and-forget

Amazon S3 Find and Forget is a solution to handle data erasure requests from data lakes stored on Amazon S3, for example, pursuant to the European General Data Protection Regulation (GDPR)
🔗, aws

automated-cloud-advisor

Automated Cloud Advisor is a extensible tool that aims at facilitating cost optimization in AWS, by collecting data for resources that are under utilized. In addition, this is a great learning tool for new DevOps/Cloud engineers that want to start automating things in AWS.
🔗, aws

autovpn

Create On Demand Disposable OpenVPN Endpoints on AWS.
🔗, aws

aws-auto-remediate

Open source application to instantly remediate common security issues through the use of AWS Config
🔗, aws

aws-billing-slack-lambda

Simple AWS Lambda powered Slack bot that reports your AWS Costs for the current month to a channel
🔗, aws

aws-iam-authenticator

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
🔗, aws iam k8s

aws-iamctl


🔗, aws iam

aws-incident-response


🔗, aws incident-response

aws-incident-response-runbooks


🔗, aws incident-response

aws-lambda-api-call-recorder

A recorder of AWS API calls for Lambda functions
🔗, aws

aws-recon

Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
🔗, aws

aws-s3-virusscan

Antivirus for Amazon S3 buckets
🔗, aws

aws-sso-credential-process

Bring AWS SSO-based credentials to the AWS SDKs until they have proper support
🔗, aws

aws_exposable_resources

Resource types that can be publicly exposed on AWS
🔗, aws

aws_key_triage_tool

Script to automate initial triage/enumeration on a set of aws keys in an input file.
🔗, aws

cdkgoat

CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
🔗, aws

cfngoat

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
🔗, aws declarative-infra

cloudformation-guard

A set of tools to check AWS CloudFormation templates for policy compliance using a simple, policy-as-code, declarative syntax
🔗, aws declarative-infra

cloudsplaining

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
🔗, aws iam

copilot-cli

The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on Amazon ECS and AWS Fargate.
🔗, aws containers

gimme-aws-creds

A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
🔗, aws

govuk-aws

The GOV.UK repository for our Migration to AWS
🔗, aws

lsh

Run interactive shell commands on AWS Lambda
🔗, aws

regula

Regula checks Terraform for AWS, Azure and GCP security and CIS compliance using Open Policy Agent/Rego
🔗, terraform azure gcp aws declarative-infra

SkyArk

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
🔗, azure aws

spacesiren

A honey token manager and alert system for AWS.
🔗, aws

trailscraper

A command-line tool to get valuable information out of AWS CloudTrail
🔗, aws