{"id":13510537,"url":"https://github.com/4ndersonLin/awesome-cloud-security","last_synced_at":"2025-03-30T16:33:41.654Z","repository":{"id":37630976,"uuid":"262716319","full_name":"4ndersonLin/awesome-cloud-security","owner":"4ndersonLin","description":"šŸ›”ļø Awesome Cloud Security Resources āš”ļø","archived":false,"fork":false,"pushed_at":"2023-10-07T14:55:28.000Z","size":61,"stargazers_count":1921,"open_issues_count":6,"forks_count":297,"subscribers_count":42,"default_branch":"master","last_synced_at":"2024-05-19T19:49:32.196Z","etag":null,"topics":["aws","aws-security","azure","azure-security","cloud-computing","cloud-security","cybersecurity","gcp","gcp-security","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/4ndersonLin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-05-10T05:07:06.000Z","updated_at":"2024-05-17T11:35:28.000Z","dependencies_parsed_at":"2024-01-05T23:44:35.455Z","dependency_job_id":"e4d5f0b5-3d2c-4433-852b-464c0d30b690","html_url":"https://github.com/4ndersonLin/awesome-cloud-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ndersonLin%2Fawesome-cloud-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ndersonLin%2Fawesome-cloud-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ndersonLin%2Fawesome-cloud-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ndersonLin%2Fawesome-cloud-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/4ndersonLin","download_url":"https://codeload.github.com/4ndersonLin/awesome-cloud-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222566739,"owners_count":17004237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-security","azure","azure-security","cloud-computing","cloud-security","cybersecurity","gcp","gcp-security","security"],"created_at":"2024-08-01T02:01:42.896Z","updated_at":"2025-03-30T16:33:41.647Z","avatar_url":"https://github.com/4ndersonLin.png","language":null,"readme":"\u003cbr/\u003e\n\u003cdiv align=\"center\"\u003e\n\nA curated list of awesome cloud security related resources.\n\n\u003c/div\u003e\n\u003cbr/\u003e\n\n# Awesome Cloud Security\nšŸ›”ļø Awesome Cloud Security Resources āš”ļø\n\n# Contents\n- [Standards](#standards)\n- [Tools](#tools)\n- [Reading materials](#reading-materials)\n- [Free Courses](#free-courses)\n- [Paid Courses](#paid-courses)\n- [Bootcamps](#bootcamps)\n- [Trainings](#trainings)\n- [Certifications](#certifications)\n- [Resource](#resource)\n- [Contributing](#contributing)\n\n# Standards\n- [Compliances](#compliances)\n- [Benchmarks](#benchmarks)\n\n## Compliances\n* [CSA STAR](https://cloudsecurityalliance.org/star/)\n* [ISO/IEC 27017:2015](https://www.iso.org/standard/43757.html)\n* [ISO/IEC 27018:2019](https://www.iso.org/standard/76559.html)\n* [MTCS SS 584](https://www.imda.gov.sg/regulations-and-licensing-listing/ict-standards-and-quality-of-service/IT-Standards-and-Frameworks/ComplianceAndCertification)\n\n## Benchmarks\n* [CIS Benchmark](https://www.cisecurity.org/cis-benchmarks/)\n\n# Tools\n- [Infrastructure](#infrastructure)\n- [Container](#container)\n- [SaaS](#saas)\n- [Penetration testing/learning](#penetration-testinglearning)\n- [Native tools](#nativetools)\n\n## Infrastructure\n* [aws_pwn](https://github.com/dagrz/aws_pwn): A collection of AWS penetration testing junk\n* [aws_ir](https://github.com/ThreatResponse/aws_ir): Python installable command line utility for mitigation of instance and key compromises.\n* [aws-firewall-factory](https://github.com/globaldatanet/aws-firewall-factory): Deploy, update, and stage your WAFs while managing them centrally via FMS.\n* [aws-vault](https://github.com/99designs/aws-vault): A vault for securely storing and accessing AWS credentials in development environments.\n* [awspx](https://github.com/FSecureLABS/awspx): A graph-based tool for visualizing effective access and resource relationships within AWS.\n* [azucar](https://github.com/nccgroup/azucar): A security auditing tool for Azure environments\n* [checkov](https://github.com/bridgecrewio/checkov): A static code analysis tool for infrastructure-as-code.\n* [cloud-forensics-utils](https://github.com/google/cloud-forensics-utils): A python lib for DF \u0026 IR on the cloud.\n* [Cloud-Katana](https://github.com/Azure/Cloud-Katana): Automate the execution of simulation steps in multi-cloud and hybrid cloud environments.\n* [cloudlist](https://github.com/projectdiscovery/cloudlist): Listing Assets from multiple Cloud Providers.\n* [Cloud Sniper](https://github.com/cloud-sniper/cloud-sniper): A platform designed to manage Cloud Security Operations.\n* [Cloudmapper](https://github.com/duo-labs/cloudmapper): Analyze your AWS environments.\n* [Cloudmarker](https://github.com/cloudmarker/cloudmarker): A cloud monitoring tool and framework.\n* [Cloudsploit](https://github.com/aquasecurity/cloudsploit): Cloud security configuration checks.\n* [CloudQuery](https://github.com/cloudquery/cloudquery): Open source cloud asset inventory with set of pre-baked SQL [policies](https://hub.cloudquery.io/policies) for security and compliance.\n* [Cloud-custodian](https://github.com/cloud-custodian/cloud-custodian): Rules engine for cloud security, cost optimization, and governance.\n* [consoleme](https://github.com/Netflix/consoleme): A Central Control Plane for AWS Permissions and Access\n* [cs suite](https://github.com/SecurityFTW/cs-suite): Tool for auditing the security posture of AWS/GCP/Azure.\n* [Deepfence ThreatMapper](https://github.com/deepfence/ThreatMapper): Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.\n* [dftimewolf](https://github.com/log2timeline/dftimewolf): A multi-cloud framework for orchestrating forensic collection, processing and data export.\n* [diffy](https://github.com/Netflix-Skunkworks/diffy): Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix.\n* [ElectricEye](https://github.com/jonrau1/ElectricEye): Continuously monitor AWS services for configurations.\n* [Forseti security](https://github.com/forseti-security/forseti-security): GCP inventory monitoring and policy enforcement tool.\n* [Hammer](https://github.com/dowjones/hammer): A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources.\n* [kics](https://github.com/Checkmarx/kics): Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code.\n* [Matano](https://github.com/matanolabs/matano): Open source serverless security lake platform on AWS that lets you ingest, store, and analyze data into an Apache Iceberg data lake and run realtime Python detections as code.\n* [Metabadger](https://github.com/salesforce/metabadger): Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).\n* [Open policy agent](https://www.openpolicyagent.org/): Policy-based control tool.\n* [pacbot](https://github.com/tmobile/pacbot): Policy as Code Bot.\n* [pacu](https://github.com/RhinoSecurityLabs/pacu): The AWS exploitation framework.\n* [PMapper](https://github.com/nccgroup/PMapper): A tool for quickly evaluating IAM permissions in AWS.\n* [Prowler](https://github.com/toniblyx/prowler): Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.\n* [ScoutSuite](https://github.com/nccgroup/ScoutSuite): Multi-cloud security auditing tool.\n* [Security Monkey](https://github.com/Netflix/security_monkey): Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.\n* [SkyWrapper](https://github.com/cyberark/SkyWrapper): Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS.\n* [Smogcloud](https://github.com/BishopFox/smogcloud): Find cloud assets that no one wants exposed.\n* [Steampipe](https://github.com/turbot/steampipe): A Postgres FDW that maps APIs to SQL, plus suites of [API plugins](https://hub.steampipe.io/plugins) and [compliance mods](https://hub.steampipe.io/mods) for AWS/Azure/GCP and many others.\n* [Terrascan](https://github.com/accurics/terrascan): Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.\n* [tfsec](https://github.com/liamg/tfsec): Static analysis powered security scanner for Terraform code.\n* [Zeus](https://github.com/DenizParlak/Zeus): AWS Auditing \u0026 Hardening Tool.\n\n## Container\n* [auditkube](https://github.com/opszero/auditkube): Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security.\n* [Falco](https://github.com/falcosecurity/falco): Container runtime security.\n* [mkit](https://github.com/darkbitio/mkit): Managed kubernetes inspection tool.\n* [Open policy agent](https://www.openpolicyagent.org/): Policy-based control tool.\n\n## SaaS\n* [aws-allowlister](https://github.com/salesforce/aws-allowlister): Automatically compile an AWS Service Control Policy with your preferred compliance frameworks.\n* [binaryalert](https://github.com/airbnb/binaryalert): Serverless S3 yara scanner.\n* [cloudsplaining](https://github.com/salesforce/cloudsplaining): An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.\n* [Cloud Guardrails](https://github.com/salesforce/cloud-guardrails): Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives.\n* [Function Shield](https://github.com/puresec/FunctionShield): Protection/destection lib of aws lambda and gcp function.\n* [FestIN](https://github.com/cr0hn/festin): S3 bucket finder and content discover.\n* [GCPBucketBrute](https://github.com/RhinoSecurityLabs/GCPBucketBrute): A script to enumerate Google Storage buckets.\n* [IAM Zero](https://github.com/common-fate/iamzero): Detects identity and access management issues and automatically suggests least-privilege policies.\n* [Lambda Guard](https://github.com/Skyscanner/LambdaGuard): AWS Lambda auditing tool.\n* [Policy Sentry](https://github.com/salesforce/policy_sentry): IAM Least Privilege Policy Generator.\n* [S3 Inspector](https://github.com/kromtech/s3-inspector): Tool to check AWS S3 bucket permissions.\n* [Serverless Goat](https://github.com/OWASP/Serverless-Goat): A serverless application demonstrating common serverless security flaws.\n* [SkyArk](https://github.com/cyberark/SkyArk): Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS.\n\n## Penetration testing/learning\n* [AWSGoat](https://github.com/ine-labs/AWSGoat): AWSGoat is a vulnerable by design AWS infrastructure featuring OWASP Top 10 web application security risks (2021) and AWS service based misconfigurations.\n* [ccat](https://github.com/RhinoSecurityLabs/ccat): Cloud Container Attack Tool.\n* [CloudBrute](https://github.com/0xsha/CloudBrute): A multiple cloud enumerator.\n* [cloudgoat](https://github.com/RhinoSecurityLabs/cloudgoat): \"Vulnerable by Design\" AWS deployment tool.\n* [Leonidas](https://github.com/FSecureLABS/leonidas): A framework for executing attacker actions in the cloud.\n* [Pwned Labs](https://pwnedlabs.io): Free hosted labs for learning cloud security.\n* [Sadcloud](https://github.com/nccgroup/sadcloud): Tool for spinning up insecure AWS infrastructure with Terraform.\n* [TerraGoat](https://github.com/bridgecrewio/terragoat): Bridgecrew's \"Vulnerable by Design\" Terraform repository.\n* [WrongSecrets](https://github.com/commjoen/wrongsecrets): A vulnerable app which demonstrates how to not use secrets. With AWS/Azure/GCP support.\n\n## Native tools\n* AWS\n * [Artifact](https://aws.amazon.com/artifact/): Compliance report selfservice.\n * [Audit manager](https://aws.amazon.com/audit-manager/): Continuously audit for AWS usage.\n * [Certificate Manager](https://aws.amazon.com/certificate-manager/): Private CA and certificate management service.\n * [CloudTrail](https://aws.amazon.com/cloudtrail/): Record and log API call on AWS.\n * [Config](https://aws.amazon.com/config/): Configuration and resources relationship monitoring.\n * [Elastic Disaster Recovery](https://aws.amazon.com/disaster-recovery/): Application recovery service.\n * [Detective](https://aws.amazon.com/detective/): Analyze and visualize security data and help security investigations.\n * [Firewall Manager](https://aws.amazon.com/firewall-manager/): Firewall management service.\n * [GuardDuty](https://aws.amazon.com/guardduty/): IDS service\n * [CloudHSM](https://aws.amazon.com/cloudhsm/): HSM service.\n * [Inspector](https://aws.amazon.com/inspector/): Vulnerability discover and assessment service.\n * [KMS](https://aws.amazon.com/kms/): KMS service\n * [Macie](https://aws.amazon.com/macie/): Fully managed data security and data privacy service for S3.\n * [Network Firewall](https://aws.amazon.com/network-firewall/): Network firewall service.\n * [Secret Manager](https://aws.amazon.com/secrets-manager/): Credential management service.\n * [Security Hub](https://aws.amazon.com/security-hub/): Integration service for other AWS and third-party security service. \n * [Shield](https://aws.amazon.com/shield/): DDoS protection service.\n * [Single Sign-On](https://aws.amazon.com/single-sign-on/): Service of centrally manage access AWS or application.\n * [ThreatMapper](https://github.com/deepfence/ThreatMapper): Identify vulnerabilities in running containers, images, hosts and repositories.\n * [VPC Flowlog](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html): Log of network traffic.\n * [WAF](https://aws.amazon.com/waf/): Web application firewall service.\n* Azure\n * [Application Gateway](https://azure.microsoft.com/en-us/services/application-gateway/): L7 load balancer with optional WAF function.\n * [DDoS Protection](https://azure.microsoft.com/en-us/services/ddos-protection/): DDoS protection service.\n * [Dedicated HSM](https://azure.microsoft.com/en-us/services/azure-dedicated-hsm/): HSM service.\n * [Key Vault](https://azure.microsoft.com/en-us/services/key-vault/): KMS service\n * [Monitor](https://docs.microsoft.com/en-us/azure/azure-monitor/): API log and monitoring related service.\n * [Security Center](https://azure.microsoft.com/en-us/services/security-center/): Integration service for other Azure and third-party security service.\n * [Sentinel](https://azure.microsoft.com/zh-tw/services/azure-sentinel/): SIEM service.\n* GCP\n * [Access Transparency](https://cloud.google.com/access-transparency): Transparency log and control of GCP.\n * [Apigee Sense](https://cloud.google.com/apigee/api-management/apigee-sense): API security monitoring, detection, mitigation.\n * [Armor](https://cloud.google.com/armor): DDoS protection and WAF service\n * [Asset Inventory](https://cloud.google.com/asset-inventory): Asset monitoring service.\n * [Assured workloads](https://cloud.google.com/assured-workloads/): Secure and compliant workloads.\n * [Audit Logs](https://cloud.google.com/audit-logs): API logs.\n * [Binanry Authorization](https://cloud.google.com/binary-authorization/): Binary authorization service for containers and serverless.\n * [Cloud HSM](https://cloud.google.com/hsm): HSM service.\n * [Cloud IDS](https://cloud.google.com/intrusion-detection-system/): IDS service.\n * [Confidential VM](https://cloud.google.com/compute/confidential-vm/): Encrypt data in use with VM.\n * [Context-aware Access](https://cloud.google.com/context-aware-access): Enable zero trust access to applications and infrastructure.\n * [DLP](https://cloud.google.com/dlp): DLP service:\n * [EKM](https://cloud.google.com/ekm): External key management service\n * [Identity-Aware Proxy](https://cloud.google.com/iap): Identity-Aware Proxy for protect the internal service.\n * [KMS](https://cloud.google.com/kms): KMS service\n * [Policy Intelligence](https://cloud.google.com/policy-intelligence): Detect the policy related risk.\n * [Security Command Center](https://cloud.google.com/security-command-center): Integration service for other GCP security service.\n * [Security Scanner](https://cloud.google.com/security-scanner): Application security scanner for GAE, GCE, GKE.\n * [Shielded VM](https://cloud.google.com/compute/shielded-vm/): VM with secure boot and vTPM.\n * [Event Threat Detection](https://cloud.google.com/event-threat-detection): Threat dection service.\n * [VPC Service Controls](https://cloud.google.com/vpc-service-controls): GCP service security perimeter control.\n\n# Reading Materials\n- [AWS](#aws)\n- [Azure](#azure)\n- [GCP](#gcp)\n- [Others](#others)\n\n## AWS\n1. [Overiew of AWS Security](https://aws.amazon.com/security/)\n2. [AWS-IAM-Privilege-Escalation by RhinoSecurityLabs](https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation): A centralized source of all AWS IAM privilege escalation methods.\n3. [MITRE ATT\u0026CK Matrices of AWS](https://attack.mitre.org/matrices/enterprise/cloud/aws/)\n4. [AWS security workshops](https://github.com/aws-samples/aws-security-workshops)\n5. [ThreatModel for Amazon S3](https://github.com/trustoncloud/threatmodel-for-aws-s3): Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach\n## Azure\n1. [Overiew of Azure Security](https://azure.microsoft.com/en-us/overview/security/)\n2. [Azure security fundamentals](https://docs.microsoft.com/en-us/azure/security/fundamentals/)\n3. [MicroBurst by NetSPI](https://github.com/NetSPI/MicroBurst): A collection of scripts for assessing Microsoft Azure security\n4. [MITRE ATT\u0026CK Matrices of Azure](https://attack.mitre.org/matrices/enterprise/cloud/azure/)\n5. [Azure security center workflow automation](https://github.com/Azure/Azure-Security-Center/tree/master/Workflow%20automation)\n## GCP\n1. [Overiew of GCP Security](https://cloud.google.com/security)\n2. [GKE security scenarios demo](https://github.com/GoogleCloudPlatform/gke-security-scenarios-demo)\n3. [MITRE ATT\u0026CK Matrices of GCP](https://attack.mitre.org/matrices/enterprise/cloud/gcp/)\n4. [Security response automation](https://github.com/GoogleCloudPlatform/security-response-automation)\n## Others\n1. [Cloud Security Research by RhinoSecurityLabs](https://github.com/RhinoSecurityLabs/Cloud-Security-Research) \n2. [CSA cloud security guidance v4](https://cloudsecurityalliance.org/artifacts/security-guidance-v4/)\n3. [Appsecco provides training](https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training)\n4. [Cloud Risk Encyclopedia by Orca Security](https://orca.security/resources/cloud-risk-encyclopedia/): 900+ documented cloud security risks, with ability to filter by cloud vendor, compliance framework, risk category, and criticality.\n\n# Free Courses\n1. [AWS Security](https://www.youtube.com/playlist?list=PL0-xwzAwzllw_dvNfabV28-bpAEoMchd3)\n\n# Paid Courses\n1. [DevSecOps ā€“ Kubernetes DevOps \u0026 Security](https://kodekloud.com/courses/devsecops) \n2. [DevSecOps: Insecure Docker Registry](https://www.pentesteracademy.com/course?id=48) \n3. [Learn Cloud Security, Kubernetes, DevSecOps, and more](https://www.appsecengineer.com)\n4. [Certified Kubernetes Security Specialist (CKS)](https://kodekloud.com/courses/certified-kubernetes-security-specialist-cks)\n\n# Bootcamps\n1. [On-Demand: DevSecOps: Beginner Edition Bootcamp](https://bootcamps.pentesteracademy.com/course/devsecops-on-demand) \n2. [On-Demand: Cloud Security: AWS Edition Bootcamp](https://bootcamps.pentesteracademy.com/course/cloud-security-aws-on-demand) \n3. [On-Demand: Container Security: Beginner Edition Bootcamp](https://bootcamps.pentesteracademy.com/course/container-security-on-demand) \n\n# Trainings\n1. [Attacking and Defending AWS](https://resources.tryhackme.com/attacking-and-defending-aws) \n\n# Certifications\n1. [CCSP ā€“ Certified Cloud Security Professional](https://www.isc2.org/Certifications/CCSP) \n2. [AWS Certified Security - Specialty](https://aws.amazon.com/certification/certified-security-specialty) \n3. [Microsoft Certified: Azure Security Engineer Associate](https://learn.microsoft.com/en-us/certifications/azure-security-engineer) \n4. [Certified Kubernetes Security Specialist (CKS)](https://training.linuxfoundation.org/certification/certified-kubernetes-security-specialist) \n\n# Resource\n- [AWS](#aws-1)\n- [Others](#others-1)\n\n## AWS\n1. [Bucket search by grayhatwarfare](https://buckets.grayhatwarfare.com/)\n\n## Others\n1. [Mapping of On-Premises Security Controls vs. Major Cloud Providers Services](https://www.eventid.net/docs/onprem_to_cloud.asp)\n\n# Contributing\nSee [contributing](https://github.com/4ndersonLin/awesome-cloud-security/blob/master/CONTRIBUTING.md)\n","funding_links":[],"categories":["Others","ā˜ļø Cloud Platforms \u0026 Infrastructure","Other Lists","azure","Web","Security","Uncategorized"],"sub_categories":["Resources","TeX Lists","Uncategorized"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F4ndersonLin%2Fawesome-cloud-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F4ndersonLin%2Fawesome-cloud-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F4ndersonLin%2Fawesome-cloud-security/lists"}