Appliscale / Cloud Security Audit
Licence: apache-2.0
A command line security audit tool for Amazon Web Services
Stars: ✭ 68
Projects that are alternatives of or similar to Cloud Security Audit
Awesome Aws
A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
Stars: ✭ 9,895 (+14451.47%)
Mutual labels: aws, cloud, s3, ec2
Aws Sdk Perl
A community AWS SDK for Perl Programmers
Stars: ✭ 153 (+125%)
Mutual labels: aws, s3, amazon-web-services, ec2
Aws Workflows On Github
Workflows for automation of AWS services setup from Github CI/CD
Stars: ✭ 95 (+39.71%)
Mutual labels: aws, cloud, s3, ec2
Perun
A command-line validation tool for AWS Cloud Formation that allows to conquer the cloud faster!
Stars: ✭ 82 (+20.59%)
Mutual labels: aws, amazon-web-services, command-line, tool
Python Aws S3
Demo of AWS S3 Walkthrough using Python
Stars: ✭ 169 (+148.53%)
Mutual labels: aws, s3, amazon-web-services
Opencspm
Open Cloud Security Posture Management Engine
Stars: ✭ 191 (+180.88%)
Mutual labels: aws, cloud, security-audit
Aws Ssh Config
Generate SSH config files from AWS EC2 inventory
Stars: ✭ 229 (+236.76%)
Mutual labels: aws, cloud, ec2
Cloud Portal
Self service web portal for different Cloud platforms like Azure, AWS and VMWare vSphere.
Stars: ✭ 60 (-11.76%)
Mutual labels: aws, cloud, amazon-web-services
Deploy Strapi On Aws
Deploying a Strapi API on AWS (EC2 & RDS & S3)
Stars: ✭ 121 (+77.94%)
Mutual labels: aws, s3, ec2
Aws Auto Cleanup
Open-source application to programmatically clean your AWS resources based on a whitelist and time to live (TTL) settings
Stars: ✭ 276 (+305.88%)
Mutual labels: aws, cloud, amazon-web-services
Howtheyaws
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world use Amazon Web Services (AWS)
Stars: ✭ 389 (+472.06%)
Mutual labels: aws, cloud, amazon-web-services
Autospotting
Saves up to 90% of AWS EC2 costs by automating the use of spot instances on existing AutoScaling groups. Installs in minutes using CloudFormation or Terraform. Convenient to deploy at scale using StackSets. Uses tagging to avoid launch configuration changes. Automated spot termination handling. Reliable fallback to on-demand instances.
Stars: ✭ 2,014 (+2861.76%)
Mutual labels: aws, amazon-web-services, ec2
Gossm
💻Interactive CLI tool that you can connect to ec2 using commands same as start-session, ssh in AWS SSM Session Manager
Stars: ✭ 192 (+182.35%)
Mutual labels: aws, ec2, tool
Kafka Connect Storage Cloud
Kafka Connect suite of connectors for Cloud storage (Amazon S3)
Stars: ✭ 153 (+125%)
Mutual labels: aws, cloud, s3
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+6607.35%)
Mutual labels: aws, cloud, security-audit
Rome
Carthage cache for S3, Minio, Ceph, Google Storage, Artifactory and many others
Stars: ✭ 724 (+964.71%)
Mutual labels: aws, s3, tool
Aws
A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.
Stars: ✭ 493 (+625%)
Mutual labels: aws, s3, ec2
Aws Xray Ts Decorator
Instrument your Typescript code with AWS X-Ray using elegant decorators
Stars: ✭ 17 (-75%)
Mutual labels: aws, cloud, amazon-web-services
Workshop Donkeytracker
Workshop to build a serverless tracking application for your mobile device with an AWS backend
Stars: ✭ 27 (-60.29%)
Mutual labels: aws, s3, amazon-web-services
Cloud Security Audit 
A command line security audit tool for Amazon Web Services
About
Cloud Security Audit is a command line tool that scans for vulnerabilities in your AWS Account. In easy way you will be able to identify unsecure parts of your infrastructure and prepare your AWS account for security audit.
Installation
Currently Cloud Security Audit does not support any package managers, but the work is in progress.
Building from sources
First of all you need to download Cloud Security Audit to your GO workspace:
$GOPATH $ go get github.com/Appliscale/cloud-security-audit
$GOPATH $ cd cloud-security-audit
Then build and install configuration for the application inside cloud-security-audit directory by executing:
cloud-security-audit $ make all
Usage
Initialising Session
If you're using MFA you need to tell Cloud Security Audit to authenticate you before trying to connect by using flag --mfa.
Example:
$ cloud-security-audit --service s3 --mfa --mfa-duration 3600
EC2 Scan
How to use
To perform audit on all EC2 instances, type:
$ cloud-security-audit --service ec2
You can narrow the audit to a region, by using the flag -r or --region. Cloud Security Audit also supports AWS profiles -
to specify profile use the flag -p or --profile.
Example output
+---------------+---------------------+--------------------------------+-----------------------------------+----------+
| AVAILABILITY | EC2 | VOLUMES | SECURITY | |
| | | | | EC2 TAGS |
| ZONE | | (NONE) - NOT ENCRYPTED | GROUPS | |
| | | | | |
| | | (DKMS) - ENCRYPTED WITH | (INCOMING CIDR = 0.0.0.0/0) | |
| | | DEFAULT KMSKEY | | |
| | | | ID : PROTOCOL : PORT | |
+---------------+---------------------+--------------------------------+-----------------------------------+----------+
| eu-central-1a | i-0fa345j6756nb3v23 | vol-0a81288qjd188424d[DKMS] | sg-aaaaaaaa : tcp : 22 | App:some |
| | | vol-0c2834re8dfsd8sdf[NONE] | sg-aaaaaaaa : tcp : 22 | Key:Val |
+---------------+---------------------+--------------------------------+-----------------------------------+----------+
How to read it
- First column
AVAILABILITY ZONEcontains information where the instance is placed - Second column
EC2contains instance ID. - Third column
Volumescontains IDs of attached volumes(virtual disks) to given EC2. Suffixes meaning:-
[NONE]- Volume not encrypted. -
[DKMS]- Volume encrypted using AWS Default KMS Key. More about KMS you can find here
-
- Fourth column
Security Groupscontains IDs of security groups that have too open permissions. e.g. CIDR block is equal to0.0.0.0/0(open to the whole world). - Fifth column
EC2 TAGScontains tags of a given EC2 instance to help you identify purpose of this instance.
Docs
You can find more information about encryption in the following documentation:
S3 Scan
How to use
To perform audit on all S3 buckets, type:
$ cloud-security-audit --service s3
Cloud Security Audit supports AWS profiles - to specify profile use the flag -p or --profile.
Example output
+------------------------------+---------+---------+-------------+------------+
| BUCKET NAME | DEFAULT | LOGGING | ACL | POLICY |
| | | | | |
| | SSE | ENABLED | IS PUBLIC | IS PUBLIC |
| | | | | |
| | | | R - READ | R - READ |
| | | | | |
| | | | W - WRITE | W - WRITE |
| | | | | |
| | | | D - DELETE | D - DELETE |
+------------------------------+---------+---------+-------------+------------+
| bucket1 | NONE | true | false | false |
+------------------------------+---------+---------+-------------+------------+
| bucket2 | DKMS | false | false | true [R] |
+------------------------------+---------+---------+-------------+------------+
| bucket3 | AES256 | false | true [RWD] | false |
+--------------------------- --+---------+---------+-------------+------------+
How to read it
- First column
BUCKET NAMEcontains names of the s3 buckets. - Second column
DEFAULT SSEgives you information on which default type of server side encryption was used in your S3 bucket:
-
NONE- Default SSE not enabled. -
DKMS- Default SSE enabled, AWS KMS Key used to encrypt data. -
AES256- Default SSE enabled, AES256.
- Third column
LOGGING ENABLEDcontains information if Server access logging was enabled for a given S3 bucket. This provides detailed records for the requests that are made to an S3 bucket. More information about Server Access Logging can be found here - Fourth column
ACL IS PUBLICprovides information if ACL (Access Control List) contains permissions, that make the bucket public (allow read/writes for anyone). More information about ACLs here - Fifth column
POLICY IS PUBLICcontains information if bucket's policy allows any action (read/write) for an anonymous user. More about bucket policies here R, W and D letters describe what type of action is available for everyone.
Docs
You can find more about securing your S3's in the following documentations:
- https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
- https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
- https://docs.aws.amazon.com/AmazonS3/latest/user-guide/server-access-logging.html
License
Maintainers
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].