🛡️ Awesome Cloud Security Resources ⚔️

• Standards
• Tools
• Reading materials
• Resource
• Contributing

• Compliances
• Benchmarks

• CSA STAR
• ISO/IEC 27017:2015
• ISO/IEC 27018:2019
• MTCS SS 584

• CIS Benchmark

• Infrastrcture
• Container
• SaaS
• [Cross service type](#cross service type): TBD
• Native tools

• aws_pwn: A collection of AWS penetration testing junk
• aws_ir: Python installable command line utility for mitigation of instance and key compromises.
• aws-vault: A vault for securely storing and accessing AWS credentials in development environments.
• awspx: A graph-based tool for visualizing effective access and resource relationships within AWS.
• azucar: A security auditing tool for Azure environments
• checkov: A static code analysis tool for infrastructure-as-code.
• CloudBrute: A multiple cloud enumerator.
• cloud-forensics-utils: A python lib for DF & IR on the cloud.
• Cloud-Katana: Automate the execution of simulation steps in multi-cloud and hybrid cloud environments.
• cloudlist: Listing Assets from multiple Cloud Providers.
• Cloud Sniper: A platform designed to manage Cloud Security Operations.
• cloudgoat: "Vulnerable by Design" AWS deployment tool.
• Cloudmapper: Analyze your AWS environments.
• cloudsplaining: An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
• Cloudsploit Scans: Cloud security configuration checks.
• Cloud-custodian: Rules engine for cloud security, cost optimization, and governance.
• cs suite: Tool for auditing the security posture of AWS/GCP/Azure.
• dftimewolf: A multi-cloud framework for orchestrating forensic collection, processing and data export.
• diffy: Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix.
• ElectricEye: Continuously monitor AWS services for configurations.
• Forseti security: GCP inventory monitoring and policy enforcement tool.
• Hammer: A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources.
• kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code.
• Leonidas: A framework for executing attacker actions in the cloud.
• Open policy agent: Policy-based control tool.
• pacbot: Policy as Code Bot.
• pacu: The AWS exploitation framework.
• Prowler: Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
• Sadcloud: Tool for spinning up insecure AWS infrastructure with Terraform.
• ScoutSuite: Multi-cloud security auditing tool.
• Security Monkey: Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
• SkyArk: Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS.
• SkyWrapper: Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS.
• Smogcloud: Find cloud assets that no one wants exposed.
• TerraGoat: Bridgecrew's "Vulnerable by Design" Terraform repository.
• Terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
• tfsec: Static analysis powered security scanner for Terraform code.
• Zeus: AWS Auditing & Hardening Tool.

• auditkube: Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security.
• ccat: Cloud Container Attack Tool.
• Falco: Container runtime security.
• mkit: Managed kubernetes inspection tool.
• Open policy agent: Policy-based control tool.

• binaryalert: Serverless S3 yara scanner.
• Function Shield: Protection/destection lib of aws lambda and gcp function.
• FestIN: S3 bucket finder and content discover.
• GCPBucketBrute: A script to enumerate Google Storage buckets.
• Lambda Guard: AWS Lambda auditing tool.
• Policy Sentry: IAM Least Privilege Policy Generator.
• S3 Inspector: Tool to check AWS S3 bucket permissions.
• Serverless Goat: A serverless application demonstrating common serverless security flaws

• AWS
  • Artifact: Compliance report selfservice.
  • Certificate Manager: Private CA and certificate management service.
  • CloudTrail: Record and log API call on AWS.
  • Config: Configuration and resources relationship monitoring.
  • Detective: Analyze and visualize security data and help security investigations.
  • Firewall Manager: Firewall management service.
  • GuardDuty: IDS service
  • CloudHSM: HSM service.
  • Inspector: Vulnerability discover and assessment service.
  • KMS: KMS service
  • Macie: Fully managed data security and data privacy service for S3.
  • Network Firewall: Network firewall service.
  • Secret Manager: Credential management service.
  • Security Hub: Integration service for other AWS and third-party security service.
  • Shield: DDoS protection service.
  • ThreatMapper: Identify vulnerabilities in running containers, images, hosts and repositories.
  • VPC Flowlog: Log of network traffic.
  • WAF: Web application firewall service.
• Azure
  • Application Gateway: L7 load balancer with optional WAF function.
  • DDoS Protection: DDoS protection service.
  • Dedicated HSM: HSM service.
  • Key Vault: KMS service
  • Monitor: API log and monitoring related service.
  • Security Center: Integration service for other Azure and third-party security service.
  • Sentinel: SIEM service.
• GCP
  • Access Transparency: Transparency log and control of GCP.
  • Apigee Sense: API security monitoring, detection, mitigation.
  • Armor: DDoS protection and WAF service
  • Asset Inventory: Asset monitoring service.
  • Audit Logs: API logs.
  • Cloud HSM: HSM service
  • Context-aware Access: Enable zero trust access to applications and infrastructure.
  • DLP: DLP service:
  • EKM: External key management service
  • Identity-Aware Proxy: Identity-Aware Proxy for protect the internal service.
  • KMS: KMS service
  • Policy Intelligence: Detect the policy related risk.
  • Security Command Center: Integration service for other GCP security service.
  • Security Scanner: Application security scanner for GAE, GCE, GKE.
  • Event Threat Detection: Threat dection service.
  • VPC Service Controls: GCP service security perimeter control.

• AWS
• Azure
• GCP
• Others

1. Overiew of AWS Security
2. AWS-IAM-Privilege-Escalation by RhinoSecurityLabs: A centralized source of all AWS IAM privilege escalation methods.
3. MITRE ATT&CK Matrices of AWS
4. AWS security workshops

1. Overiew of Azure Security
2. Azure security fundamentals
3. MicroBurst by NetSPI: A collection of scripts for assessing Microsoft Azure security
4. MITRE ATT&CK Matrices of Azure
5. Azure security center workflow automation

1. Overiew of GCP Security
2. GKE security scenarios demo
3. MITRE ATT&CK Matrices of GCP
4. Security response automation

1. Cloud Security Research by RhinoSecurityLabs
2. CSA cloud security guidance v4
3. Appsecco provides training

• AWS
• Others

1. Bucket search by grayhatwarfare

1. Mapping of On-Premises Security Controls vs. Major Cloud Providers Services

See contributing