Awesome Cloud Security

Cloud Security blogs, podcasts, standards, projects, and examples.

Contents

• Public Cloud Governance
• AWS Governance
• MultiCloud Governance
• AWS - Patterns
• URL Services
• Containers
• Docker Images
• Kubernetes Operators
• Container Tools
• Cloud Security Standards
• Learning
• Blogs
• Courses
• Labs
• Podcasts
• Vulnerable by Design
• Certifications
• Projects
• Alerting
• Benchmarking
• Data Loss Prevention
• Identity and Access Management
• Incident Response
• Spring
• Examples
• Automated Security Assessment
• Identity and Access Management
• Logging
• Misc
• Other Awesome Lists
• Contribute
• License

  Public Cloud Governance

  AWS Governance

• AWS CloudFormation Guard
• AWS CodePipeline Governance
• AWS Config Rules Development Kit
• AWS Control Tower Customizations
• AWS Security Hub Automated Response and Remediation
• AWS Vault
• AWS Well Architected Labs

• AWS - Patterns

URL Services

MultiCloud Governance

• Cloud Custodian
• CloudQuary
• Cloudsploit
• ManageIQ by RedHat
• Mist.io
• NeuVector
• Triton by Joyent

  Kubernetes Operators

• Aqua
  • Aqua Security Operator
  • Starboard Operator
• Misc
  • Anchore - Anchore Engine Operator
  • Falco Security - Falco Operator
  • Quay - Project Quay Container Security
  • Snyk - Snyk Operator
  • Splunk - Splunk Operator for Kubernetes
  • Sysdig - Sysdig Agent Operator

Container Tools

• Anchore
  • Anchore Engine
  • Grype
  • Kai
  • Syft
• Aqua
  • Cloudsploit
  • Kube-Bench
  • Kube-Hunter
  • Kubectl-who-can
  • Trivy
• Misc
  • Docker - Docker Bench for Security
  • Elias - Dagda
  • Falco Security - Falco
  • Harbor - Harbor
  • Quay - Clair
  • Snyk - Snyk
  • vchinnipilli - Kubestriker

    Cloud Security Standards

• ISO/IEC 27017:2015
• ISO/IEC 27018:2019
• MTCS SS 584
• CCM
• NIST 800-53

  Learning

  Blogs

• AWS Security
• Azure Security
• Dark Reading

  Courses

• Oracle
  • Oracle Cloud Security Administrator
• A Cloud Guru
  • Learning Paths
    • AWS Security Path
    • Azure Security Path
    • GCP Security Path

      Labs

• AWS Workshops
  • AWS Identity: Using Amazon Cognito for serverless consumer apps
  • AWS Network Firewall Workshop
  • AWS Networking Workshop
  • Access Delegation
  • Amazon VPC Endpoint Workshop
  • Build a Vulnerability Management Program Using AWS for AWS
  • Data Discovery and Classification with Amazon Macie
  • Data Protection
  • DevSecOps - Integrating security into your pipeline
  • Disaster Recovery on AWS
  • Finding and addressing Network Misconfigurations on AWS
  • Firewall Manager Service - WAF Policy
  • Getting Hands on with Amazon GuardDuty
  • Hands on Network Firewall Workshop
  • Implementing DDoS Resiliency
  • Infrastructure Identity on AWS
  • Integrating security into your container pipeline
  • Integration, Prioritization, and Response with AWS Security Hub
  • Introduction to WAF
  • Permission boundaries: how to delegate permissions on AWS
  • Protecting workloads on AWS from the instance to the edge
  • Scaling threat detection and response on AWS
  • Serverless Identity
• PagerDuty Training Lab
  • PagerDuty Training GitHub
  • PagerDuty Training for Engineers
  • PagerDuty Training for Everyone: Part 1
  • PagerDuty Training for Everyone: Part 2

    Podcasts

• Azure DevOps Podcast
• Cloud Security Podcast by Google
• Security Now

  Vulnerable By Design

• CloudGoat by Rhino Security Labs
• ServerlessGoat by OWASP
• WrongSecrets by OWASP

  Certifications

• Cloud Vendors
  • AWS Certified Security Specialty
  • Azure Security Engineer Associate
  • Google Professional Cloud Security Engineer
  • Oracle Cloud Platform Identity and Security Management
• ISC² - International Information System Security Certification Consortium
  • CCSP - Certified Cloud Security Professional
• CSA - Cloud Security Alliance
  • CCSK - Certificate of Cloud Security Knowledge
  • CCAK - Certificate of Cloud Auditing Knowledge

    Projects

    Alerting

• 411 by Etsy
• ElastAlert by Yelp
• StreamAlert by Airbnb

  Automated Security Assessment

• Prowler
• CloudFox
• SkyArk
• Pacu
• Bucket Finder
• Boto3
• Principal Mapper
• ScoutSuite
• s3_objects_check
• cloudsplaining
• weirdAAL
• cloudmapper
• NetSPI/AWS_Consoler

  Benchmarking

• AWS Security Benchmark

  Data Loss Prevention

• Git Secrets by AWS Labs

  Firewall Management

• globaldatanet
  • AWS Firewall Factory

    Identity and Access Management

• AWS Labs
  • AWS IAM Generator
• Duo Labs
  • Parliament
  • CloudTracker
• Netflix
  • Aardvark
  • ConsoleMe
  • PolicyUniverse
  • Repokid
• Pinterest
  • Knox
• Salesforce
  • Policy Sentry
  • CloudSplaining
  • AWS-AllowLister
  • Terraform for Policy Guru
• welldone.cloud
  • aws-lint-iam-policies
• Misc
  • AWS Missing Tools by CloudAvail
  • Awesome IAM List
  • Enumerate IAM by Andres Riancho
  • Kubernetes AWS IAM Authenticator by Kubernetes SIG

    Incident Response

• AWS
  • AWS Incident Response Playbooks by AWS Samples
  • AWS Security Hub Automated Response and Remediation
• Netflix
  • Dispatch by Netflix
• PagerDuty
  • PagerDuty Automated Remediation Docs
  • PagerDuty Business Response Docs
  • PagerDuty DevSecOps Docs
  • PagerDuty Full Case Ownership Docs
  • PagerDuty Full Service Ownership Docs
  • PagerDuty Going OnCall Docs
  • PagerDuty Incident Response Docs
  • PagerDuty Operational Review Docs
  • PagerDuty PostMortem Docs
  • PagerDuty Retrospectives Docs
  • PagerDuty Stakeholder Communication Docs
• Velocidex
  • Velociraptor

    Spring

• Spring Cloud Security

  Threat modeling

• ThreatModel for Amazon S3 - Library of all the attack scenarios on Amazon S3 and how to mitigate them, following a risk-based approach

  Examples

  Ex. Automated Security Assessment

• AWS Config Rules Repository
• AWS Inspector Agent Autodeploy
• AWS Inspector Auto Remediation
• AWS Inspector Lambda Finding Processor

  Ex. Identity and Access Management

• Amazon Cognito Streams connector for Amazon Redshift

  Ex. Logging

• AWS Centralized Logging
• AWS Config Snapshots to ElasticSearch
• AWS CloudWatch Events Monitor Security Groups

  Ex. Web Application Firewall

• AWS WAF Sample
• AWS WAF Security Automations

  Misc

• Other Awesome Lists
  • Awesome Cloud Cost Control
  • Awesome Cloud Native Security
  • Awesome Cloud Security
  • Awesome IAM List
  • Awesome Incident Response List
  • Awesome Shodan Queries

    Contribute

    Contributions welcome! Read the contribution guidelines first.

    License

    

To the extent possible under law, Jacob Silva has waived all copyright and related or neighboring rights to this work.