List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.

AWS Auditing & Hardening Tool

A command-line tool to get valuable information out of AWS CloudTrail

Terraform module for creating alarms for tracking important changes and occurrences from cloudtrail.

A serverless, event-driven AWS configuration collection service with configuration versioning.

Several bundled Graylog plugins to integrate with different AWS services like CloudTrail and FlowLogs.

The public documentation for the gruntwork-io/module-security repo, which contains packages for setting up best practices for managing secrets, credentials, and servers

A command line utility that allows you to stream data from multiple S3 objects directly into your terminal

Retrospectively tag AWS resources so you can work out who created them

Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs

Easily export AWS CloudTrail events to ElasticSearch

Cloudtrail Log Analytics using Amazon Elasticsearch Service - AWS Serverless Application

🤔 A way of understanding all the AWS lies.

S3 bucket with built in IAM policy to allow CloudTrail logs

Serverless Platform for Enhanced Insights from CloudTrail Logs

The structure of the events from CloudTrail are similar to responses seen when using boto3. Boto3 is powered by the botocore library. The botocore library contains a data directory that describes the API calls (requests and responses). This library allows you to interact with the data directories of botocore to see the API request and responses. This is to help you write custom AWS Config rules and or CloudCustodian policies.

Automate the daily partitioning of your CloudTrail bucket in Athena

Minimalist containerized implementation of Prowler from https://github.com/toniblyx/prowler, made to run within ECS Fargate and have Secrets passed via AWS Secrets Manager

AWS Security Webinar - June 2018

Advanced AWS Security Automation Resources: Used by Udemy Course 🎓

CloudTrail events analysis with ELK

Dump IAM permissions used by each role using CloudTrail

A workshop that uses automation to provision best-practice patterns to administer multiple related AWS accounts together

Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs

AWS CloudTrail Elastic ingest pipeline mapped to ECS

Set up AWS Cloudtrail, optionally passing in S3 bucket for logs

🛡️ Terraform module to provision multi-region AWS cloud security controls

Some example GorillaStack Terraform templates to help you get started