In this post, we're going to look at four open-source tools to help you get started securing your AWS resources.
1.) Service Screener
Service Screener is a tool from AWS that checks your AWS account and provides you with suggestions to improve the security of your AWS resources such as EC2, RDS, S3, Lambda, etc.
Service Screener runs on AWS Cloud Shell, a terminal accessible via the AWS Management Console.
The AWS Account you're going to use to run Service Screener requires a bit of read permissions on several resources.
After running Service Screener on your AWS Cloud Shell, Service Screener would output a HTML file that had dashboards that lets you see its recommendations.
for more information on how to get started using it look at the GitHub repository, see Service Screener
2.) Cloud Custodian
Cloud Custodian is a tool in which you write YAML files to find unsecure or misconfigured resources such as EC2 instance having port 22(SSH)open to all or s3 buckets that are publicly accessible, Cloud Custodian can also be used to secure resources from other cloud providers such as Google Cloud and Azure.
although, there is a bit of a learning curve as you need to learn YAML and some command line commands, it is worth the trouble as you would be able to use cloud custodian to secure your resources on several cloud platforms such as AWS, Azure, and Google Cloud mostly for free or much less cost compared to security tools offered by cloud platforms(although those often had free tier, beyond free tier they would cost money as long as you are using the service)
If you'd like to a more in-depth introduction to cloud custodian, here are some of the resources i found helpful:
- Cloud Custodian - Proactive Governance of Your Cloud, Cluster, and Code
- Implementing Cloud Governance as a Code using Cloud Custodian
3.) Prowler
Prowler is another for checking your AWS resources for best security practices,
Prowler is a CLI to help you check the security of your AWS resources against several compliance programs such as CIS, PCI-DSS, HIPAA, etc.
You can use Prowler on your computer or just an EC2 instance.
here are few of the resources you can take advantage to get started using Prowler:
4.) ElectricEye
ElectricEye is a Python command line interface tool in helping you with checking the security of your AWS resources and dealing with potentially vulnerable resources.
ElectricEye checks are comprehensive - covering over 320 checks and 80 services to help you with securing your AWS resources.
Here some of the resources I found that gets you up to speed with using this awesome and powerful tool:
- ElectricEye Extending your AWS Security Posture Management with Open Source
- Repository of ElectricEye
5.) HashiCorp Sentinel
Sentinel is a policy as a code framework for creating and enforcing policies against resources managed by Terraform - It is available in Terraform Cloud and Terraform Enterprise,
the basic workflow is that you write sentinel policies, and those policies will check against your configurations files before running terraform apply
notifying you if there is non-compliant resources.
Top comments (0)