2017-05-28 19:49:36 -04:00
# Awesome Cloud Security [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
2017-05-29 07:53:05 -04:00
> Cloud Security blogs, podcasts, standards, projects, and examples.
2017-05-28 19:49:36 -04:00
## Contents
2021-07-16 17:43:17 -04:00
* [Public Cloud Governance ](#public-cloud-governance )
* [AWS Governance ](#aws-governance )
2021-05-29 13:45:59 -04:00
* [Containers ](#containers )
2021-06-03 12:39:59 -04:00
* [Docker Images ](#docker-images )
* [Kubernetes Operators ](#kubernetes-operators )
2021-07-16 17:50:12 -04:00
* [Container Tools ](#container-tools )
2017-05-29 07:53:05 -04:00
* [Cloud Security Standards ](#cloud-security-standards )
2021-05-29 13:45:59 -04:00
* [Learning ](#learning )
* [Blogs ](#blogs )
2021-07-16 17:50:12 -04:00
* [Courses ](#courses )
2021-06-03 12:39:59 -04:00
* [Labs ](#labs )
2021-07-16 17:50:12 -04:00
* [Podcasts ](#podcasts )
2021-06-03 12:39:59 -04:00
* [Certifications ](#certifications )
2017-05-28 19:33:51 -04:00
* [Projects ](#projects )
2021-07-15 11:59:25 -04:00
* [Alerting ](#alerting )
2017-05-28 20:02:32 -04:00
* [Benchmarking ](#benchmarking )
2017-05-29 08:01:51 -04:00
* [Data Loss Prevention ](#data-loss-prevention )
2017-06-06 07:42:11 -04:00
* [Identity and Access Mangement ](#identity-and-access-management )
2021-07-15 15:17:32 -04:00
* [Incident Response ](#incident-response )
2017-05-29 08:01:51 -04:00
* [Spring ](#spring )
2017-05-28 19:33:51 -04:00
* [Examples ](#examples )
2017-06-06 07:42:11 -04:00
* [Automated Security Assessment ](#ex-automated-security-assessment )
2017-06-06 07:43:25 -04:00
* [Identity and Access Mangement ](#ex-identity-and-access-management )
2017-06-06 07:42:11 -04:00
* [Logging ](#ex-logging )
2021-07-16 17:50:12 -04:00
* [Misc ](#misc )
* [Other Awesome Lists ](#other-awesome-lists )
2017-05-28 19:49:36 -04:00
* [Contribute ](#contribute )
* [License ](#license )
2021-07-16 17:43:17 -04:00
## Public Cloud Governance
### AWS Governance
2021-07-16 16:35:09 -04:00
* [AWS CodePipeline Governance ](https://github.com/awslabs/aws-codepipeline-governance )
* [AWS Config Rules Development Kit ](https://github.com/awslabs/aws-config-rdklib )
* [AWS Control Tower Customizations ](https://github.com/awslabs/aws-control-tower-customizations )
* [AWS Security Hub Automated Response and Remediation ](https://github.com/awslabs/aws-security-hub-automated-response-and-remediation )
* [AWS Well Architected Labs ](https://github.com/awslabs/aws-well-architected-labs )
2021-06-03 12:39:59 -04:00
## Kubernetes Operators
2021-07-15 15:49:42 -04:00
* Aqua
* [Aqua Security Operator ](https://operatorhub.io/operator/aqua )
* [Starboard Operator ](https://operatorhub.io/operator/starboard-operator )
2021-06-03 12:39:59 -04:00
* [Anchore - Anchore Engine Operator ](https://operatorhub.io/operator/anchore-engine )
* [Falco Security - Falco Operator ](https://operatorhub.io/operator/falco )
* [Quay - Project Quay Container Security ](https://operatorhub.io/operator/project-quay-container-security-operator )
* [Snyk - Snyk Operator ](https://operatorhub.io/operator/snyk-operator )
* [Splunk - Splunk Operator for Kubernetes ](https://operatorhub.io/operator/splunk )
* [Sysdig - Sysdig Agent Operator ](https://operatorhub.io/operator/sysdig )
2021-07-16 17:50:12 -04:00
## Container Tools
2021-07-15 15:49:42 -04:00
* Anchore
2021-07-16 18:02:35 -04:00
* [Anchore Engine ](https://github.com/anchore/anchore-engine )
2021-07-15 15:49:42 -04:00
* [Grype ](https://github.com/anchore/grype )
* [Kai ](https://github.com/anchore/kai )
* [Syft ](https://github.com/anchore/syft )
* Aqua
* [Cloudsploit ](https://github.com/aquasecurity/cloudsploit )
* [Kube-Bench ](https://github.com/aquasecurity/kube-bench )
* [Kube-Hunter ](https://github.com/aquasecurity/kube-hunter )
* [Kubectl-who-can ](https://github.com/aquasecurity/kubectl-who-can )
* [Trivy ](https://github.com/aquasecurity/trivy )
2021-05-29 15:07:14 -04:00
* [Docker - Docker Bench for Security ](https://github.com/docker/docker-bench-security )
2021-06-03 12:39:59 -04:00
* [Elias - Dagda ](https://github.com/eliasgranderubio/dagda/ )
* [Falco Security - Falco ](https://github.com/falcosecurity/falco )
2021-05-29 15:07:14 -04:00
* [Harbor - Harbor ](https://github.com/goharbor/harbor )
2021-06-03 12:39:59 -04:00
* [Quay - Clair ](https://github.com/quay/clair )
* [Snyk - Snyk ](https://github.com/snyk/snyk )
* [vchinnipilli - Kubestriker ](https://github.com/vchinnipilli/kubestriker )
2017-05-29 07:53:05 -04:00
## Cloud Security Standards
* [ISO/IEC 27017:2015 ](https://www.iso.org/standard/43757.html )
* [MTCS SS 584 ](https://www.imda.gov.sg/industry-development/infrastructure/ict-standards-and-frameworks/mtcs-certification-scheme/multi-tier-cloud-security-certified-cloud-services )
2017-05-29 07:56:44 -04:00
* [CCM ](https://cloudsecurityalliance.org/group/cloud-controls-matrix )
2017-05-29 07:53:05 -04:00
* [NIST 800-53 ](https://nvd.nist.gov/800-53 )
2021-05-29 13:45:59 -04:00
## Learning
### Blogs
* [AWS Security ](https://aws.amazon.com/blogs/security/ )
2021-07-16 18:25:11 -04:00
* [Azure Security ](https://www.microsoft.com/security/blog/azure-security/ )
* [Dark Reading ](https://www.darkreading.com/cloud-security.asp )
2021-07-16 17:27:03 -04:00
### Courses
2021-07-16 18:29:11 -04:00
* Oracle
* [Oracle Cloud Security Administrator ](https://learn.oracle.com/ols/learning-path/become-a-cloud-security-administrator/35644/38707 )
* A Cloud Guru
* Learning Paths
* [AWS Security Path ](https://learn.acloud.guru/learning-path/aws-security )
* [Azure Security Path ](https://learn.acloud.guru/learning-path/azure-security )
* [GCP Security Path ](https://learn.acloud.guru/learning-path/gcp-security )
2021-07-16 17:50:12 -04:00
### Labs
* [PagerDuty Security Training ](https://github.com/PagerDuty/security-training )
### Podcasts
2021-07-16 18:25:11 -04:00
* [Security Now ](https://twit.tv/shows/security-now )
* [Azure DevOps Podcast ](http://azuredevopspodcast.clear-measure.com )
2021-07-16 17:27:03 -04:00
## Certifications
* Cloud Vendors
* [AWS Certified Security Specialty ](https://aws.amazon.com/certification/certified-security-specialty/ )
* [Azure Security Engineer Associate ](https://docs.microsoft.com/en-us/learn/certifications/azure-security-engineer/ )
* [Google Professional Cloud Security Engineer ](https://cloud.google.com/certification/cloud-security-engineer )
* [Oracle Cloud Platform Identity and Security Management ](https://education.oracle.com/oracle-cloud-platform-identity-and-security-management-2020-certified-specialist/trackp_OCPISM2020CA )
* ISC< sup > 2</ sup > - International Information System Security Certification Consortium
* [CCSP - Certified Cloud Security Professional ](https://www.isc2.org/Certifications/CCSP )
* CSA - Cloud Security Alliance
* [CCSK - Certificate of Cloud Security Knowledge ](https://cloudsecurityalliance.org/education/ccsk/ )
* [CCAK - Certificate of Cloud Auditing Knowledge ](https://cloudsecurityalliance.org/education/ccak/ )
2017-05-28 19:31:47 -04:00
## Projects
2021-07-15 11:59:25 -04:00
### Alerting
* [411 by Etsy ](https://github.com/etsy/411 )
* [ElastAlert by Yelp ](https://github.com/Yelp/elastalert )
* [StreamAlert by Airbnb ](https://github.com/airbnb/streamalert )
2017-05-29 08:01:51 -04:00
### Benchmarking
* [AWS Security Benchmark ](https://github.com/awslabs/aws-security-benchmark )
2017-05-28 20:02:32 -04:00
### Data Loss Prevention
2021-07-16 16:35:09 -04:00
* [Git Secrets by AWS Labs ](https://github.com/awslabs/git-secrets )
2017-06-06 07:42:11 -04:00
### Identity and Access Management
2021-07-15 15:49:42 -04:00
* AWS Labs
* [AWS IAM Generator ](https://github.com/awslabs/aws-iam-generator )
* Duo Labs
* [Parliament ](https://github.com/duo-labs/parliament )
* [CloudTracker ](https://github.com/duo-labs/cloudtracker )
* Netflix
* [Aardvark ](https://github.com/Netflix-Skunkworks/aardvark )
* [ConsoleMe ](https://github.com/Netflix/consoleme )
* [Repokid ](https://github.com/Netflix/Repokid )
* Salesforce
* [Policy Sentry ](https://github.com/salesforce/policy_sentry/ )
* [CloudSplaining ](https://github.com/salesforce/cloudsplaining )
* [AWS-AllowLister ](https://github.com/salesforce/aws-allowlister )
* [Terraform for Policy Guru ](https://github.com/salesforce/terraform-provider-policyguru )
2021-07-16 18:02:35 -04:00
* Misc
* [AWS Missing Tools by CloudAvail ](https://github.com/cloudavail/aws-missing-tools )
* [Awesome IAM List ](https://github.com/kdeldycke/awesome-iam )
* [Enumerate IAM by Andres Riancho ](https://github.com/andresriancho/enumerate-iam )
* [Kubernetes AWS IAM Authenticator by Kubernetes SIG ](https://github.com/kubernetes-sigs/aws-iam-authenticator )
2021-07-15 15:17:32 -04:00
### Incident Response
2021-07-16 16:44:13 -04:00
* AWS
* [AWS Incident Response Playbooks by AWS Samples ](https://github.com/aws-samples/aws-incident-response-playbooks )
* [AWS Security Hub Automated Response and Remediation ](https://github.com/awslabs/aws-security-hub-automated-response-and-remediation )
* Netflix
* [Dispatch by Netflix ](https://github.com/Netflix/dispatch )
* PagerDuty
* [PagerDuty Automated Remediation Docs ](https://github.com/PagerDuty/automated-remediation-docs )
* [PagerDuty Business Response Docs ](https://github.com/PagerDuty/business-response-docs )
* [PagerDuty DevSecOps Docs ](https://github.com/PagerDuty/devsecops-docs )
* [PagerDuty Full Case Ownership Docs ](https://github.com/PagerDuty/full-case-ownership-docs )
* [PagerDuty Full Service Ownership Docs ](https://github.com/PagerDuty/full-service-ownership-docs )
* [PagerDuty Going OnCall Docs ](https://github.com/PagerDuty/goingoncall-docs )
* [PagerDuty Incident Response Docs ](https://github.com/PagerDuty/incident-response-docs )
* [PagerDuty Operational Review Docs ](https://github.com/PagerDuty/operational-review-docs )
* [PagerDuty PostMortem Docs ](https://github.com/PagerDuty/postmortem-docs )
* [PagerDuty Retrospectives Docs ](https://github.com/PagerDuty/retrospectives-docs )
* [PagerDuty Stakeholder Communication Docs ](https://github.com/PagerDuty/stakeholder-comms-docs )
2017-05-29 08:01:51 -04:00
### Spring
* [Spring Cloud Security ](https://github.com/dschadow/CloudSecurity )
2017-05-28 20:02:32 -04:00
## Examples
2017-06-06 07:42:11 -04:00
### Ex. Automated Security Assessment
2017-05-28 19:31:47 -04:00
* [AWS Config Rules Repository ](https://github.com/awslabs/aws-config-rules )
* [AWS Inspector Agent Autodeploy ](https://github.com/awslabs/amazon-inspector-agent-autodeploy )
* [AWS Inspector Auto Remediation ](https://github.com/awslabs/amazon-inspector-auto-remediate )
* [AWS Inspector Lambda Finding Processor ](https://github.com/awslabs/amazon-inspector-finding-forwarder )
2017-06-06 07:43:25 -04:00
### Ex. Identity and Access Management
* [Amazon Cognito Streams connector for Amazon Redshift ](https://github.com/awslabs/amazon-cognito-streams-sample )
2017-06-06 07:42:11 -04:00
### Ex. Logging
2017-05-28 19:31:47 -04:00
* [AWS Centralized Logging ](https://github.com/awslabs/aws-centralized-logging )
* [AWS Config Snapshots to ElasticSearch ](https://github.com/awslabs/aws-config-to-elasticsearch )
* [AWS CloudWatch Events Monitor Security Groups ](https://github.com/awslabs/cwe-monitor-secgrp )
2017-06-06 07:42:11 -04:00
### Ex. Web Application Firewall
2017-05-28 19:31:47 -04:00
* [AWS WAF Sample ](https://github.com/awslabs/aws-waf-sample )
2017-05-28 19:49:36 -04:00
* [AWS WAF Security Automations ](https://github.com/awslabs/aws-waf-security-automations )
2021-07-16 17:43:17 -04:00
## Misc
2021-07-16 18:02:35 -04:00
* Other Awesome Lists
* [Awesome Cloud Native Security ](https://github.com/brant-ruan/awesome-cloud-native-security )
* [Awesome Cloud Security ](https://github.com/Funkmyster/awesome-cloud-security )
* [Awesome IAM List ](https://github.com/kdeldycke/awesome-iam )
* [Awesome Incident Response List ](https://github.com/meirwah/awesome-incident-response )
* [Awesome Shodan Queries ](https://github.com/jakejarvis/awesome-shodan-queries )
2017-05-28 19:49:36 -04:00
## Contribute
Contributions welcome! Read the [contribution guidelines ](contributing.md ) first.
## License
[![CC0 ](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg )](http://creativecommons.org/publicdomain/zero/1.0)
To the extent possible under law, Jacob Silva has waived all copyright and
related or neighboring rights to this work.