Open-source best practices for protecting a secure, sensible cloud platform.

Your Quick Reference to Cloud Best Practices.
An open-source collection of cloud infrastructure best practices, for bootstrapping your own cloud platform.

• Cloud Guardrails @ GitHub.
• Reasonable AppSec #74 - The absence of vulnerability, Five Security Articles and Podcast Corner @ Reasonable Application Security.

S3oosh allows users to upload multiple files at once to S3 Buckets. It provides a drag-and-drop interface for users to easily upload files to a S3 Bucket. The component supports various file types and allows users to set maximum file count, maximum file size, and accepted file types.

• S3oosh @ GitHub.

The Open-Source Tool Democratizing Multi-Cloud Security Testing by Arpan Sarkar.

Multi-Cloud Security Testing Tool to execute a comprehensive array of attack techniques across multiple surfaces via a simple web interface.

Halberd is a powerful, multi-cloud security testing tool. Born out of the need for a unified, easy-to-use tool, Halberd enables you to proactively assess your cloud defenses by executing a comprehensive array of attack techniques across Entra ID, M365, Azure, and AWS. With its intuitive web interface, you can simulate real-world attacks, generate valuable telemetry, and validate your security controls with ease & speed.

• Halberd @ GitHub.

Quickly and easily design network layouts. Split and join subnets, add notes and color, then collaborate with others by sharing a custom link to your design.

Enter the network you wish to subnet and use the Split/Join buttons on the right to start designing!

• Visual Subnet Calculator @ GitHub.

Your CVE dashboard for AWS Lambda!

Command Line S3 Client and S3 Backup for Windows, Linux: s3cmd, s3express.

S3cmd is a free command line tool and client for uploading, retrieving and managing data in Amazon S3 and other cloud storage service providers that use the S3 protocol, such as Google Cloud Storage or DreamHost DreamObjects. It is best suited for power users who are familiar with command line programs. It is also ideal for batch scripts and automated backup to S3, triggered from cron, etc.

• S3cmd @ GitHub.
• Gérer vous buckets S3 avec s3cmd @ Culture et Outils DevSecOps .

Interactive SQL. Analyze petabyte-scale data where it lives with ease and flexibility.

Amazon Athena is a serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats. Athena provides a simplified, flexible way to analyze petabytes of data where it lives. Analyze data or build applications from an Amazon Simple Storage Service (S3) data lake and 30 data sources, including on-premises data sources or other cloud systems using SQL or Python. Athena is built on open-source Trino and Presto engines and Apache Spark frameworks, with no provisioning or configuration effort required.

• 286 - Data & Dev - Christophe Blefari @ <ifttd> .

Multi-cloud continuous delivery for the enterprise.

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.

Spinnaker provides application management and deployment to help you release software changes with high velocity and confidence. Spinnaker is an open-source, multi-cloud continuous delivery platform that combines a powerful and flexible pipeline management system with integrations to the major cloud providers. If you are looking to standardize your release processes and improve quality, Spinnaker is for you.

• Spinnaker @ GitHub.
• Why Airbnb moved away from a monolithic architecture @ StackSweep.

Infrastructure as Code in Any Programming Language. Open Source Infrastructure as Code. Manage infrastructure, secrets, and configurations intuitively on any cloud.Build infrastructure intuitively on any cloud using familiar languages .

Pulumi's Infrastructure as Code SDK is the easiest way to build and deploy infrastructure, of any architecture and on any cloud, using programming languages that you already know and love. Code and ship infrastructure faster with your favorite languages and tools, and embed IaC anywhere with Automation API.

• Pulumi @ GitHub.

Related contents:

• Terraform vs. Pulumi: Which Is Better for Your IaC Requirements? @ DZone.
• Pimp your Kubernetes cluster with Pulumi @ yodamad's quick blog.
• Tranches de Tech 13 - De la tech et du coeur .

Run Locally, Deploy Globally

Develop and test your AWS applications locally to reduce development time and increase product velocity. Reduce unnecessary AWS spend and remove the complexity and risk of maintaining AWS dev accounts

• LocalStack @ GitHub.
• Tester vos déploiements AWS avec localstack @ Culture et Outils DevSecOps .

Lambda function that streamlines containment of an AWS account compromise.

AWS Kill Switch is a Lambda function (and proof of concept client) that an organization can implement in a dedicated "Security" account to give their security engineers the ability to delete IAM roles or apply a highly restrictive service control policy (SCP) on any account in their organization.

• AWS Kill Switch: Open-source incident response tool @ Help Net Security.

Simple and flexible tool for managing secrets.

SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

• SOPS la solution de gestion de secret DevOps ? @ DamyR .

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Terraform, Terragrunt, and IaC Automated Management. Collaborate, deploy, and manage your Infrastructure as Code with confidence

env0 automates your Terraform, Terragrunt, AWS CloudFormation and other Infrastructure as Code tools.

Parallel S3 and local filesystem execution tool.

s5cmd is a very fast S3 and local filesystem execution tool. It comes with support for a multitude of operations including tab completion and wildcard support for files, which can be very handy for your object storage workflow while working with large number of files.

A fully functional local cloud stack. Develop and test your cloud and serverless
apps offline!

LocalStack is an easy-to-use test/mocking framework for developing cloud applications. Using LocalStack, you can spin up a local test environment in seconds, and get the same functionality you would get from a real AWS environment.

LocalStack @ GitHub.

RedCloud OS is a Debian based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers (CSPs). It includes tools optimized for adversary simulation tasks within Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Preevy is a powerful CLI tool designed to simplify the process of creating ephemeral preview environments. Using Preevy, you can easily provision any Docker-Compose application on AWS using affordable Lightsail, Google Cloud, or Microsoft Azure VMs (support for more cloud providers is on the way).

Preevy @ GitHub

Serverless PHP made simple. Simple and scalable PHP applications with serverless.
Serverless PHP on AWS Lambda.

• Bref @ GitHub.

Related contents:

• Déployer vos application serverless avec Bref.sh @ Laravel France .