Introduction
The below scripts can help you secure your AWS cloud by:
- Highlighting risk.
- Highlighting presence (Shadow/ Stale resource).
- Highlighting coverage and misconfiguration.
The Scripts
The scripts can be found here: Securethelogs Github.
Each script has a different purpose as explained below:
AWS-Scan-Open-SG: Security groups help isolate networks and protect resources. By default open rulesets are created, and if kept will bring risk to the resources and VPC.
This script will flag these security groups and even show linked Instances (Ec2).
AWS-Scan-Regions: Not knowing what “we” are running is one of the biggest risks to a cloud user. Developers using cheaper regions, or “processes” going under the radar.
This script will highlight common resources and where they are being used. This will allow you to review and hopefully remove if they are a waste ($), or bring risk.
AWS-Scan-Risky-S3: S3s are a common cause of data loss for companies using AWS. Having default configurations can bring risk to the data so plugging these gaps is a must.
This script will help prioritise which buckets to review and those most exposed. This includes configuration of those public facing:
If you enjoyed reading my content and want to support, why not consider signing up and becoming a member. It’s $5 a month, for unlimited access to all stories on Medium. Join now! 🙂
Need help? Why not also check out my Fiverr or UpWork.
Regardless, thank you for reading!
amoran.io 
Leave a Reply