Securing cloud environments is critical, but manual security audits can be time-consuming and inefficient. What if you could automate the process and cut audit time by 50%? In this article, I’ll introduce Automated AWS Security Monitoring, a Python-based tool that detects security risks in AWS environments.
Why This Project?
AWS provides security controls, but misconfigurations are a common cause of data breaches. Security teams often spend hours manually checking IAM policies, security groups, and S3 permissions. This tool automates those checks, providing a quick security audit and actionable insights.
Features & Capabilities
Security Group Analysis – Detects open ports allowing unrestricted access.
IAM Security Check – Identifies IAM users without MFA enabled.
S3 Bucket Security – Flags unencrypted S3 buckets.
AWS Security Hub Integration – Fetches existing security findings.
Automated Security Report – Saves findings in a structured JSON file.
With these features, the tool helps AWS security teams, cloud engineers, and DevOps professionals ensure compliance and reduce cloud security risks.
How It Works
The tool uses Boto3 (AWS SDK for Python) to scan AWS configurations:
Checks Security Groups for open ports (e.g., SSH 0.0.0.0/0)
Verifies IAM Users and flags accounts without MFA enabled
Audits S3 Buckets to identify unencrypted storage
Retrieves Security Hub Findings for existing security alerts
Generates a JSON security report for quick remediation
Installation & Setup
Step 1: Clone the Repository
git clone https://github.com/LeonardKachi/aws-security-monitoring.git
cd aws-security-monitoring
Step 2: Install Dependencies
pip install -r requirements.txt
Step 3: Configure AWS Credentials
aws configure
You’ll need to provide:
• AWS Access Key
• AWS Secret Key
• Default region (e.g., us-east-1)
Step 4: Run the Script
python aws_security_monitor.py
The script will analyze your AWS security posture and generate an audit report.
Sample Output (JSON Report)
{
"SecurityGroups": [
"⚠ Security Group 'sg-12345' allows inbound SSH access from ANYWHERE."
],
"IAMUsers": [
"⚠ IAM User 'admin' does NOT have MFA enabled."
],
"S3Buckets": [
"⚠ S3 Bucket 'my-unsecured-bucket' is NOT encrypted."
],
"SecurityHubFindings": [
" Security Hub Finding: Root account has active access keys - This is a critical security risk."
]
}
This structured output makes it easy for security teams to identify vulnerabilities and take corrective action.
Future Improvements
AWS Lambda support for real-time security monitoring
Email/SMS notifications for critical vulnerabilities
Integration with AWS Config for continuous compliance
Contributing & Feedback
This project is open-source, and I’d love feedback from the community! Feel free to star the repo, submit a pull request, or open an issue if you have ideas for improvements.
GitHub Repo: LeonardKachi/aws-security-monitoring
Connect With Me
I’m actively building security automation tools and sharing insights on cloud security and penetration testing. Let’s connect!
GitHub: LeonardKachi
LinkedIn: onyedikachi-obidiegwu
Twitter/X: leonard_kachi
What do you think about this tool? Have you faced AWS security challenges? Drop a comment below!
Top comments (0)