aws-security

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

The open-source data integration platform for security and infrastructure teams

IAM Least Privilege Policy Generator

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

🛡️ Awesome Cloud Security Resources ⚔️

PacBot (Policy as Code Bot)

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

Continuously monitor your AWS attack surface and evaluate services for configurations that can lead to degradation of confidentiality, integrity or availability. All results can be exported to Security Hub, JSON, CSV, Databases, and more for further aggregation and analysis.

Least privilege AWS IAM Terraformer

Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation and Customizations for AWS Control Tower.

Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security

Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS 🦀

Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)