Cloud Development Framework.

The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation.

It offers a high-level object-oriented abstraction to define AWS resources imperatively using the power of modern programming languages. Using the CDK’s library of infrastructure constructs, you can easily encapsulate AWS best practices in your infrastructure definition and share it without worrying about boilerplate logic.

• AWS Cloud Development Kit @ GitHub.

eks-node-viewer is a tool for visualizing dynamic node usage within a cluster. It was originally developed as an internal tool at AWS for demonstrating consolidation with Karpenter. It displays the scheduled pod resource requests vs the allocatable capacity on the node. It does not look at the actual pod resource usage.

IAM Least Privilege Policy Generator.

Policy Sentry is an AWS IAM Least Privilege Policy Generator, auditor, and analysis database. It compiles database tables based on the AWS IAM Documentation on Actions, Resources, and Condition Keys and leverages that data to create least-privilege IAM policies.

• Policy Sentry @ GitHub.

A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources.

Cloud Custodian enables you to manage your cloud resources by filtering, tagging, and then applying actions to them. The YAML DSL allows defininition of rules to enable well-managed cloud infrastructure that's both secure and cost optimized.

Cloud Custodian, also known as c7n, is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting.

• Cloud Custodian @ GitHub.

Open-source best practices for protecting a secure, sensible cloud platform.

Your Quick Reference to Cloud Best Practices.
An open-source collection of cloud infrastructure best practices, for bootstrapping your own cloud platform.

• Cloud Guardrails @ GitHub.
• Reasonable 🔐AppSec #74 - The absence of vulnerability, Five Security Articles and Podcast Corner @ Reasonable Application Security.

S3oosh allows users to upload multiple files at once to S3 Buckets. It provides a drag-and-drop interface for users to easily upload files to a S3 Bucket. The component supports various file types and allows users to set maximum file count, maximum file size, and accepted file types.

• S3oosh @ GitHub.

The Open-Source Tool Democratizing Multi-Cloud Security Testing by Arpan Sarkar.

Multi-Cloud Security Testing Tool to execute a comprehensive array of attack techniques across multiple surfaces via a simple web interface.

Halberd is a powerful, multi-cloud security testing tool. Born out of the need for a unified, easy-to-use tool, Halberd enables you to proactively assess your cloud defenses by executing a comprehensive array of attack techniques across Entra ID, M365, Azure, and AWS. With its intuitive web interface, you can simulate real-world attacks, generate valuable telemetry, and validate your security controls with ease & speed.

• Halberd @ GitHub.

Quickly and easily design network layouts. Split and join subnets, add notes and color, then collaborate with others by sharing a custom link to your design.

Enter the network you wish to subnet and use the Split/Join buttons on the right to start designing!

• Visual Subnet Calculator @ GitHub.

Your CVE dashboard for AWS Lambda!

Command Line S3 Client and S3 Backup for Windows, Linux: s3cmd, s3express.

S3cmd is a free command line tool and client for uploading, retrieving and managing data in Amazon S3 and other cloud storage service providers that use the S3 protocol, such as Google Cloud Storage or DreamHost DreamObjects. It is best suited for power users who are familiar with command line programs. It is also ideal for batch scripts and automated backup to S3, triggered from cron, etc.

• S3cmd @ GitHub.
• Gérer vous buckets S3 avec s3cmd @ Culture et Outils DevSecOps :fr:.

Interactive SQL. Analyze petabyte-scale data where it lives with ease and flexibility.

Amazon Athena is a serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats. Athena provides a simplified, flexible way to analyze petabytes of data where it lives. Analyze data or build applications from an Amazon Simple Storage Service (S3) data lake and 30 data sources, including on-premises data sources or other cloud systems using SQL or Python. Athena is built on open-source Trino and Presto engines and Apache Spark frameworks, with no provisioning or configuration effort required.

• 286 - Data & Dev - Christophe Blefari @ <ifttd> :fr:.

Multi-cloud continuous delivery for the enterprise.

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.

Spinnaker provides application management and deployment to help you release software changes with high velocity and confidence. Spinnaker is an open-source, multi-cloud continuous delivery platform that combines a powerful and flexible pipeline management system with integrations to the major cloud providers. If you are looking to standardize your release processes and improve quality, Spinnaker is for you.

• Spinnaker @ GitHub.
• Why Airbnb moved away from a monolithic architecture @ StackSweep.

Infrastructure as Code in Any Programming Language. Open Source Infrastructure as Code. Manage infrastructure, secrets, and configurations intuitively on any cloud.Build infrastructure intuitively on any cloud using familiar languages 🚀.

Pulumi's Infrastructure as Code SDK is the easiest way to build and deploy infrastructure, of any architecture and on any cloud, using programming languages that you already know and love. Code and ship infrastructure faster with your favorite languages and tools, and embed IaC anywhere with Automation API.

• Pulumi @ GitHub.
• Terraform vs. Pulumi: Which Is Better for Your IaC Requirements? @ DZone.
• Pimp your Kubernetes cluster with Pulumi @ yodamad's quick blog.

Run Locally, Deploy Globally

Develop and test your AWS applications locally to reduce development time and increase product velocity. Reduce unnecessary AWS spend and remove the complexity and risk of maintaining AWS dev accounts

• LocalStack @ GitHub.
• Tester vos déploiements AWS avec localstack @ Culture et Outils DevSecOps :fr:.

Lambda function that streamlines containment of an AWS account compromise.

AWS Kill Switch is a Lambda function (and proof of concept client) that an organization can implement in a dedicated "Security" account to give their security engineers the ability to delete IAM roles or apply a highly restrictive service control policy (SCP) on any account in their organization.

• AWS Kill Switch: Open-source incident response tool @ Help Net Security.

Simple and flexible tool for managing secrets.

SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

• SOPS la solution de gestion de secret DevOps ? @ DamyR :fr:.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Terraform, Terragrunt, and IaC Automated Management. Collaborate, deploy, and manage your Infrastructure as Code with confidence

env0 automates your Terraform, Terragrunt, AWS CloudFormation and other Infrastructure as Code tools.