A curated list of awesome cloud security related resources.

Awesome Cloud Security

🛡️ Awesome Cloud Security Resources ⚔️

Standards
Tools
Reading materials
Resource
Contributing

Standards

Compliances
Benchmarks

Compliances

Benchmarks

CIS Benchmark

Tools

Infrastructure
Container
SaaS
Penetration testing/learning
Native tools

Infrastructure

aws_pwn: A collection of AWS penetration testing junk
aws_ir: Python installable command line utility for mitigation of instance and key compromises.
aws-firewall-factory: Deploy, update, and stage your WAFs while managing them centrally via FMS.
aws-vault: A vault for securely storing and accessing AWS credentials in development environments.
awspx: A graph-based tool for visualizing effective access and resource relationships within AWS.
azucar: A security auditing tool for Azure environments
checkov: A static code analysis tool for infrastructure-as-code.
cloud-forensics-utils: A python lib for DF & IR on the cloud.
Cloud-Katana: Automate the execution of simulation steps in multi-cloud and hybrid cloud environments.
cloudlist: Listing Assets from multiple Cloud Providers.
Cloud Sniper: A platform designed to manage Cloud Security Operations.
Cloudmapper: Analyze your AWS environments.
Cloudmarker: A cloud monitoring tool and framework.
Cloudsploit: Cloud security configuration checks.
Cloud-custodian: Rules engine for cloud security, cost optimization, and governance.
cs suite: Tool for auditing the security posture of AWS/GCP/Azure.
Deepfence ThreatMapper: Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.
dftimewolf: A multi-cloud framework for orchestrating forensic collection, processing and data export.
diffy: Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix.
ElectricEye: Continuously monitor AWS services for configurations.
Forseti security: GCP inventory monitoring and policy enforcement tool.
Hammer: A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources.
kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code.
Metabadger: Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
Open policy agent: Policy-based control tool.
pacbot: Policy as Code Bot.
pacu: The AWS exploitation framework.
Prowler: Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
ScoutSuite: Multi-cloud security auditing tool.
Security Monkey: Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
SkyWrapper: Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS.
Smogcloud: Find cloud assets that no one wants exposed.
Steampipe: A Postgres FDW that maps APIs to SQL, plus suites of API plugins and compliance mods for AWS/Azure/GCP and many others.
Terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
tfsec: Static analysis powered security scanner for Terraform code.
Zeus: AWS Auditing & Hardening Tool.

Container

auditkube: Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security.
Falco: Container runtime security.
mkit: Managed kubernetes inspection tool.
Open policy agent: Policy-based control tool.

SaaS

aws-allowlister: Automatically compile an AWS Service Control Policy with your preferred compliance frameworks.
binaryalert: Serverless S3 yara scanner.
cloudsplaining: An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
Cloud Guardrails: Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives.
Function Shield: Protection/destection lib of aws lambda and gcp function.
FestIN: S3 bucket finder and content discover.
GCPBucketBrute: A script to enumerate Google Storage buckets.
IAM Zero: Detects identity and access management issues and automatically suggests least-privilege policies.
Lambda Guard: AWS Lambda auditing tool.
Policy Sentry: IAM Least Privilege Policy Generator.
S3 Inspector: Tool to check AWS S3 bucket permissions.
Serverless Goat: A serverless application demonstrating common serverless security flaws.
SkyArk: Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS.

Penetration testing/learning

ccat: Cloud Container Attack Tool.
CloudBrute: A multiple cloud enumerator.
cloudgoat: "Vulnerable by Design" AWS deployment tool.
Leonidas: A framework for executing attacker actions in the cloud.
Sadcloud: Tool for spinning up insecure AWS infrastructure with Terraform.
TerraGoat: Bridgecrew's "Vulnerable by Design" Terraform repository.
WrongSecrets: A vulnerable app which demonstrates how to not use secrets. With AWS/Azure/GCP support.

Native tools

AWS
- Artifact: Compliance report selfservice.
- Audit manager: Continuously audit for AWS usage.
- Certificate Manager: Private CA and certificate management service.
- CloudTrail: Record and log API call on AWS.
- Config: Configuration and resources relationship monitoring.
- Elastic Disaster Recovery: Application recovery service.
- Detective: Analyze and visualize security data and help security investigations.
- Firewall Manager: Firewall management service.
- GuardDuty: IDS service
- CloudHSM: HSM service.
- Inspector: Vulnerability discover and assessment service.
- KMS: KMS service
- Macie: Fully managed data security and data privacy service for S3.
- Network Firewall: Network firewall service.
- Secret Manager: Credential management service.
- Security Hub: Integration service for other AWS and third-party security service.
- Shield: DDoS protection service.
- Single Sign-On: Service of centrally manage access AWS or application.
- ThreatMapper: Identify vulnerabilities in running containers, images, hosts and repositories.
- VPC Flowlog: Log of network traffic.
- WAF: Web application firewall service.
Azure
- Application Gateway: L7 load balancer with optional WAF function.
- DDoS Protection: DDoS protection service.
- Dedicated HSM: HSM service.
- Key Vault: KMS service
- Monitor: API log and monitoring related service.
- Security Center: Integration service for other Azure and third-party security service.
- Sentinel: SIEM service.
GCP
- Access Transparency: Transparency log and control of GCP.
- Apigee Sense: API security monitoring, detection, mitigation.
- Armor: DDoS protection and WAF service
- Asset Inventory: Asset monitoring service.
- Assured workloads: Secure and compliant workloads.
- Audit Logs: API logs.
- Binanry Authorization: Binary authorization service for containers and serverless.
- Cloud HSM: HSM service.
- Cloud IDS: IDS service.
- Confidential VM: Encrypt data in use with VM.
- Context-aware Access: Enable zero trust access to applications and infrastructure.
- DLP: DLP service:
- EKM: External key management service
- Identity-Aware Proxy: Identity-Aware Proxy for protect the internal service.
- KMS: KMS service
- Policy Intelligence: Detect the policy related risk.
- Security Command Center: Integration service for other GCP security service.
- Security Scanner: Application security scanner for GAE, GCE, GKE.
- Shielded VM: VM with secure boot and vTPM.
- Event Threat Detection: Threat dection service.
- VPC Service Controls: GCP service security perimeter control.