Cloudsplaining and Checkov: Identify AWS IAM least privilege violations from code to cloud

I worked with Barak Schoster to build Cloudsplaining's IAM Scanning logic into Checkov so you can enforce least privilege in Terraform code.

Using CloudQuery to Identify Public Network Endpoints in AWS

A cheatsheet of SQL queries to use in CloudQuery to identify public network endpoints in AWS.

Scheduling Prowler Security scans in AWS

Short tutorial to set up recurring Prowler scans in AWS

Sensitive AWS API Calls That Return Credentials and Data

Worried about AWS IAM permissions that allow you to access data (like S3 objects, CodeCommit code, others) or return credentials in their response? I've updated my list of these potentially dangerous API calls and you can read about them here.

Building Secure AWS AMIs: Building hardened CentOS AMIs from scratch

This tutorial covers building secure AWS AMIs with Packer. We go over building the prerequisite infrastructure to create EC2 AMIs from scratch, how to use the example hardening scripts for CentOS, and how to validate the testing with Amazon Inspector.

Automating Least Privilege in AWS IAM with Policy Sentry

Introduction to Policy Sentry, an easy way to create least privilege policies by copying/pasting ARNs into a YAML file.