Awesome Cloud Security

🛡️ Awesome Cloud Security Resources ⚔️
Alternatives To Awesome Cloud Security
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Sops14,2821213 days ago16October 11, 2023371mpl-2.0Go
Simple and flexible tool for managing secrets
2 days ago55November 16, 202323apache-2.0Python
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
My Arsenal Of Aws Security Tools8,304
4 months ago1apache-2.0Shell
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Devops Resources7,566
4 months ago14Groovy
DevOps resources - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP
Tfsec6,3701821 days ago411September 11, 202315mitGo
Security scanner for your Terraform code
4 days ago45September 05, 2022204gpl-2.0Python
Multi-Cloud Security Auditing Tool
Steampipe5,7553a day ago518November 30, 202367agpl-3.0Go
Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.
4 days ago202bsd-3-clauseJavaScript
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
20 days ago6mit
Ultimate DevSecOps library
3 years ago1June 15, 201585apache-2.0Python
Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
Alternatives To Awesome Cloud Security
Select To Compare

Alternative Project Comparisons

A curated list of awesome cloud security related resources.

Awesome Cloud Security

🛡️ Awesome Cloud Security Resources ⚔️







  • aws_pwn: A collection of AWS penetration testing junk
  • aws_ir: Python installable command line utility for mitigation of instance and key compromises.
  • aws-firewall-factory: Deploy, update, and stage your WAFs while managing them centrally via FMS.
  • aws-vault: A vault for securely storing and accessing AWS credentials in development environments.
  • awspx: A graph-based tool for visualizing effective access and resource relationships within AWS.
  • azucar: A security auditing tool for Azure environments
  • checkov: A static code analysis tool for infrastructure-as-code.
  • cloud-forensics-utils: A python lib for DF & IR on the cloud.
  • Cloud-Katana: Automate the execution of simulation steps in multi-cloud and hybrid cloud environments.
  • cloudlist: Listing Assets from multiple Cloud Providers.
  • Cloud Sniper: A platform designed to manage Cloud Security Operations.
  • Cloudmapper: Analyze your AWS environments.
  • Cloudmarker: A cloud monitoring tool and framework.
  • Cloudsploit: Cloud security configuration checks.
  • CloudQuery: Open source cloud asset inventory with set of pre-baked SQL policies for security and compliance.
  • Cloud-custodian: Rules engine for cloud security, cost optimization, and governance.
  • consoleme: A Central Control Plane for AWS Permissions and Access
  • cs suite: Tool for auditing the security posture of AWS/GCP/Azure.
  • Deepfence ThreatMapper: Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.
  • dftimewolf: A multi-cloud framework for orchestrating forensic collection, processing and data export.
  • diffy: Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix.
  • ElectricEye: Continuously monitor AWS services for configurations.
  • Forseti security: GCP inventory monitoring and policy enforcement tool.
  • Hammer: A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources.
  • kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code.
  • Matano: Open source serverless security lake platform on AWS that lets you ingest, store, and analyze data into an Apache Iceberg data lake and run realtime Python detections as code.
  • Metabadger: Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
  • Open policy agent: Policy-based control tool.
  • pacbot: Policy as Code Bot.
  • pacu: The AWS exploitation framework.
  • Prowler: Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
  • ScoutSuite: Multi-cloud security auditing tool.
  • Security Monkey: Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  • SkyWrapper: Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS.
  • Smogcloud: Find cloud assets that no one wants exposed.
  • Steampipe: A Postgres FDW that maps APIs to SQL, plus suites of API plugins and compliance mods for AWS/Azure/GCP and many others.
  • Terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  • tfsec: Static analysis powered security scanner for Terraform code.
  • Zeus: AWS Auditing & Hardening Tool.


  • auditkube: Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security.
  • Falco: Container runtime security.
  • mkit: Managed kubernetes inspection tool.
  • Open policy agent: Policy-based control tool.


  • aws-allowlister: Automatically compile an AWS Service Control Policy with your preferred compliance frameworks.
  • binaryalert: Serverless S3 yara scanner.
  • cloudsplaining: An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
  • Cloud Guardrails: Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives.
  • Function Shield: Protection/destection lib of aws lambda and gcp function.
  • FestIN: S3 bucket finder and content discover.
  • GCPBucketBrute: A script to enumerate Google Storage buckets.
  • IAM Zero: Detects identity and access management issues and automatically suggests least-privilege policies.
  • Lambda Guard: AWS Lambda auditing tool.
  • Policy Sentry: IAM Least Privilege Policy Generator.
  • S3 Inspector: Tool to check AWS S3 bucket permissions.
  • Serverless Goat: A serverless application demonstrating common serverless security flaws.
  • SkyArk: Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS.

Penetration testing/learning

  • ccat: Cloud Container Attack Tool.
  • CloudBrute: A multiple cloud enumerator.
  • cloudgoat: "Vulnerable by Design" AWS deployment tool.
  • Leonidas: A framework for executing attacker actions in the cloud.
  • Sadcloud: Tool for spinning up insecure AWS infrastructure with Terraform.
  • TerraGoat: Bridgecrew's "Vulnerable by Design" Terraform repository.
  • WrongSecrets: A vulnerable app which demonstrates how to not use secrets. With AWS/Azure/GCP support.

Native tools

Reading Materials


  1. Overiew of AWS Security
  2. AWS-IAM-Privilege-Escalation by RhinoSecurityLabs: A centralized source of all AWS IAM privilege escalation methods.
  3. MITRE ATT&CK Matrices of AWS
  4. AWS security workshops
  5. ThreatModel for Amazon S3: Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach


  1. Overiew of Azure Security
  2. Azure security fundamentals
  3. MicroBurst by NetSPI: A collection of scripts for assessing Microsoft Azure security
  4. MITRE ATT&CK Matrices of Azure
  5. Azure security center workflow automation


  1. Overiew of GCP Security
  2. GKE security scenarios demo
  3. MITRE ATT&CK Matrices of GCP
  4. Security response automation


  1. Cloud Security Research by RhinoSecurityLabs
  2. CSA cloud security guidance v4
  3. Appsecco provides training
  4. Cloud Risk Encyclopedia by Orca Security: 900+ documented cloud security risks, with ability to filter by cloud vendor, compliance framework, risk category, and criticality.



  1. Bucket search by grayhatwarfare


  1. Mapping of On-Premises Security Controls vs. Major Cloud Providers Services


See contributing

Popular Security Projects
Popular Amazon Web Services Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Amazon Web Services
Cloud Computing
Awesome List
Google Cloud Platform