Cloud Snitch provides a sleek and intuitive way of exploring your AWS account activity. It's a great addition to any toolbox, regardless of if you're a hobbyist that's just getting started with the cloud or a large enterprise with complex and mature cloud infrastructure.
Share links to IP address, CIDR network, and AWS principal activity within your team. Document AWS principals with Markdown notes for your teammates. Cloud Snitch provides summaries of activity by AWS region, principal, IP address, and CIDR network. Errors are highlighted, so you can quickly spot suspicious behavior or bugs in your code. Take the investigation further with quick links into to your CloudTrail event history.
Chief Cloud Economist Corey Quinn goes through the torrent of news about Amazon’s cloud ecosystem and strains out the noise. Then he takes what’s left and gently and lovingly makes fun of it. The world of cloud takes itself far too seriously. We aim to change that.
RSS: https://www.lastweekinaws.com/feed/
I don't know if the newsletter is different from the site's blog or not.
Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.
Basically it helps you figure out IAM policies that'll fit AWS' limits (not more than 6k characters long, users can't be in more than 10 groups, objects can't have more than 10 roles applied to them, no object can have more than 10 policies, SSO authentication limits each account to only one role).
A list of all of AWS' regions around the world. Mirrored from here: https://aws.amazon.com/about-aws/global-infrastructure/
AWS publishes security bulletins for its various components. I didn't know they did that; nice surprise.
RSS: https://aws.amazon.com/security/security-bulletins/rss/feed/
A Jupyter notebook that noodles over using waterfall visualizations to analyze AWS Cloudwatch logs. Uses Matplotlib and Numpy.
Documentation for the Go AWS SDK library.
In this tutorial, you will learn ways to import pre-existing cloud resources before you continue to develop the IaC in Terraform. This guide will provide you with an IaC import scenario which is often faced by teams starting to adopt Terraform for their operations.
As AWS security professionals we are often asked by customers to validate their use of AWS security services and to give tips and tricks on how to use these services and how others use AWS security services. With this guide we have the goal of more broadly sharing this knowledge with the user community and at the same time give the ability for others outside of AWS to contribute.
Simply, we will be covering best practices for configuring AWS security services. This is NOT overall AWS security best practices. This documentation is not simply a numbered list of best practices. Instead this documentation is meant to walk you through what you need to know before deploying an AWS security service to what you should be doing after enablement and through fully operationalizing the service. Often this is done through discussing different use cases and different factors associated with specific use cases that can help in making design decisions. Following this guide you should feel confident that you have the ability configure and use an AWS security service effectively.
AWS Kill Switch is a Lambda function (and proof of concept client) that an organization can implement in a dedicated "Security" account to give their security engineers the ability to delete IAM roles or apply a highly restrictive service control policy (SCP) on any account in their organization.
The actions you take with this tool are one-way operations. Do not test/experiment in production. Any SCPs applied or IAM roles deleted will remain in this state until manual action is taken to remove the SCP or recreate deleted role and/or policies. Ensure that you have the the ability to reverse these changes and incorporate the appropriate steps in your incident response playbooks.
If you need to lock down and lock out an AWS environment, this will do it for you, but it's the nuclear option.
Balcony is a modern CLI tool that with some killer features:
- Auto-fill the required parameters for AWS API calls
- Read the JSON data of any AWS resource in your account
- Generate Terraform Import Blocks
- Generate actual .tf Terraform Resource code
Balcony uses read-only operations, it does not take any action on the used AWS account.
An actually accurate AWS service dashboard.
The last S3 security document that we’ll ever need, and how to use it.
A search engine for open and unsecured Amazon S3 buckets.
Has a REST API. Have a key.
A list of default usernames for Linux AMI's in Amazon's EC2.
- Amazon Linux - ec2-user
- Ubuntu - ubuntu, root
- Debian - admin, root
- RHEL 6.4 and later - ec2-user
- RHEL 6.3 and earlier - root
- Fedora - fedora, ec2-user, root
- Centos - centos, root
- SUSE- ec2-user, root
- BitNami - bitnami
- TurnKey - root
- NanoStack - ubuntu
- FreeBSD - ec2-user
- OmniOS - root
Amazon makes available a hidden API endpoint which lists the IP address ranges used for EC2.
Python module that interfaces directly with AWS FlowLogs.