aws
Open-source best practices for protecting a secure, sensible cloud platform.
Your Quick Reference to Cloud Best Practices. An open-source collection of cloud infrastructure best practices, for bootstrapping your own cloud platform.
IAM Least Privilege Policy Generator.
Policy Sentry is an AWS IAM Least Privilege Policy Generator, auditor, and analysis database. It compiles database tables based on the AWS IAM Documentation on Actions, Resources, and Condition Keys and leverages that data to create least-privilege IAM policies.
Run Locally, Deploy Globally
Develop and test your AWS applications locally to reduce development time and increase product velocity. Reduce unnecessary AWS spend and remove the complexity and risk of maintaining AWS dev accounts
specialized MCP servers that bring AWS best practices directly to your development workflow .
[Node, Python, Java] Repository of sample Custom Rules for AWS Config. AWS Community repository of custom Config rules. Contributions welcome. Instructions for leveraging these rules are below.
Open source alternative to AWS.
Open source alternative to AWS. Elastic compute, block storage (non replicated), firewall and load balancer, managed Postgres, and IAM services in public beta.
Ubicloud provides IaaS cloud features on bare metal providers, such as Hetzner, Leaseweb, and AWS Bare Metal. You can set it up yourself on these providers or you can use our managed service. We're currently in public beta.
Command Line S3 Client and S3 Backup for Windows, Linux: s3cmd, s3express.
S3cmd is a free command line tool and client for uploading, retrieving and managing data in Amazon S3 and other cloud storage service providers that use the S3 protocol, such as Google Cloud Storage or DreamHost DreamObjects. It is best suited for power users who are familiar with command line programs. It is also ideal for batch scripts and automated backup to S3, triggered from cron, etc.
DNS and Service Discovery.
CoreDNS is a DNS server. It is written in Go. It can be used in a multitude of environments because of its flexibility.
CoreDNS is a DNS server/forwarder, written in Go, that chains plugins. Each plugin performs a (DNS) function.
CoreDNS can listen for DNS requests coming in over UDP/TCP (go'old DNS), TLS (RFC 7858), also called DoT, DNS over HTTP/2 - DoH - (RFC 8484) and gRPC (not a standard).
Related contents:
Yet Another Testing & Auditing Solution
A simple tool to audit your AWS infrastructure for misconfiguration or potential security issues with plugins integration.
The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won't check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that is not covered.
Your unified cloud storages interface.
Sourcerer is a CLI-based cloud storage explorer that provides a unified interface for developers and DevOps engineers to view and manage files across multiple cloud providers like GCP Storage, Azure Storage, AWS S3, and S3-compatible services.
Développez des applications à l'échelle planétaire dans le cloud avec des données géospatiales libres.
Zero-Friction Serverless Apps On AWS Lambda & Beyond. Easy Serverless Apps on AWS Lambda.
Deploy APIs, scheduled tasks, workflows and event-driven apps to AWS Lambda easily with the Serverless Framework.
Related contents:
A Dynamic DNS system built with API Gateway, Lambda & Route 53.
eks-node-viewer is a tool for visualizing dynamic node usage within a cluster. It was originally developed as an internal tool at AWS for demonstrating consolidation with Karpenter. It displays the scheduled pod resource requests vs the allocatable capacity on the node. It does not look at the actual pod resource usage.
Immutable Infrastructure for Developers
Fuse your App into an Image in 5 seconds. Run it on both VirtualBox and AWS unchanged.
A terminal-based AWS cost and resource dashboard built with Python and the Rich library. It provides an overview of AWS spend by account, service-level breakdowns, budget tracking, and EC2 instance summaries.
A fully functional local cloud stack. Develop and test your cloud and serverless apps offline!
LocalStack is an easy-to-use test/mocking framework for developing cloud applications. Using LocalStack, you can spin up a local test environment in seconds, and get the same functionality you would get from a real AWS environment.
Preevy is a powerful CLI tool designed to simplify the process of creating ephemeral preview environments. Using Preevy, you can easily provision any Docker-Compose application on AWS using affordable Lightsail, Google Cloud, or Microsoft Azure VMs (support for more cloud providers is on the way).
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. You can use Amazon DynamoDB to create a database table that can store and retrieve any amount of data, and serve any level of request traffic. Amazon DynamoDB automatically spreads the data and traffic for the table over a sufficient number of servers to handle the request capacity specified by the customer and the amount of data stored, while maintaining consistent and fast performance.
Related contents:
Seed-Farmer is an orchestration tool that works with AWS CodeSeeder and acts as an orchestration tool modeled after GitOps deployments. It has a CommandLine Interface based in Python, leverages modular code deployments defined by declarative manifests, and includes change detection and deployment optimization.
Backup interface for volumes attached to containers.
Bivac allows to backup Container volumes using Restic.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes ~3 minutes. It will create a VPC with proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN configuration file is downloaded and ready to use. There is also functionality to see which instances are running in which region and ability to terminate the instance when done. Additional functionality includes specifying instance type, generate ssh keypairs, specify custom ami, change login user and more to come.
Infrastructure as Code in Any Programming Language. Open Source Infrastructure as Code. Manage infrastructure, secrets, and configurations intuitively on any cloud.Build infrastructure intuitively on any cloud using familiar languages 🚀.
Pulumi's Infrastructure as Code SDK is the easiest way to build and deploy infrastructure, of any architecture and on any cloud, using programming languages that you already know and love. Code and ship infrastructure faster with your favorite languages and tools, and embed IaC anywhere with Automation API.
Related contents:
Cloud Development Framework.
The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation.
It offers a high-level object-oriented abstraction to define AWS resources imperatively using the power of modern programming languages. Using the CDK’s library of infrastructure constructs, you can easily encapsulate AWS best practices in your infrastructure definition and share it without worrying about boilerplate logic.
OpenNext takes the Next.js build output and converts it into packages that can be deployed across a variety of environments. Natively OpenNext has support for AWS Lambda, and classic Node.js Server.
Related contents:
Security Monkey monitors policy changes and alerts on insecure configurations in an AWS account. While Security Monkey’s main purpose is security, it also proves a useful tool for tracking down potential problems as it is essentially a change tracking system.
It works on CPython 2.7. It is known to work on Ubuntu Linux and OS X.
Interactive SQL. Analyze petabyte-scale data where it lives with ease and flexibility.
Amazon Athena is a serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats. Athena provides a simplified, flexible way to analyze petabytes of data where it lives. Analyze data or build applications from an Amazon Simple Storage Service (S3) data lake and 30 data sources, including on-premises data sources or other cloud systems using SQL or Python. Athena is built on open-source Trino and Presto engines and Apache Spark frameworks, with no provisioning or configuration effort required.
Contribute to krishnaik06/The-Grand-Complete-Data-Science-Materials development by creating an account on GitHub.
A model for event interoperability between event producers and their consumers to favor better developer experience, robust integration, and infrastructural efficiency.
Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user.
Prometheus exporter for AWS CloudWatch - Discovers services through AWS tags, gets CloudWatch metrics data and provides them as Prometheus metrics with AWS tags as labels.
infrastructure made simple with Python.WS for Python devs - made simple.
Build AWS apps in high-level Python with smart defaults. Keep full control when you need it. No YAML, JSON or HSL. No clicking through consoles. No configuration hell.
Stelvio is a Python framework that simplifies AWS cloud infrastructure management and deployment. It lets you define your cloud infrastructure using pure Python, with smart defaults that handle complex configuration automatically.
The Open-Source Tool Democratizing Multi-Cloud Security Testing by Arpan Sarkar.
Multi-Cloud Security Testing Tool to execute a comprehensive array of attack techniques across multiple surfaces via a simple web interface.
Halberd is a powerful, multi-cloud security testing tool. Born out of the need for a unified, easy-to-use tool, Halberd enables you to proactively assess your cloud defenses by executing a comprehensive array of attack techniques across Entra ID, M365, Azure, and AWS. With its intuitive web interface, you can simulate real-world attacks, generate valuable telemetry, and validate your security controls with ease & speed.
Secure and fast microVMs for serverless computing. Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models. Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine the security and isolation properties provided by hardware virtualization technology with the speed and flexibility of containers.
The easiest way to access your cloud A CLI application which provides the world’s best developer UX for finding and accessing cloud roles to multiple cloud accounts, fast!
Granted is a command line interface (CLI) application which simplifies access to cloud roles and allows multiple cloud accounts to be opened in your web browser simultaneously.
AIOps modules is a collection of reusable Infrastructure as Code (IaC) modules for Machine Learning (ML), Foundation Models (FM), Large Language Models (LLM) and GenAI development and operations on AWS
Cloud native secrets management for developers - never leave your command line for secrets.
Never leave your terminal to use secrets while developing, testing, and building your apps.
Instead of custom scripts, tokens in your .zshrc files, visible EXPORTs in your bash history, misplaced .env.production files and more around your workstation -- just use teller and connect it to any vault, key store, or cloud service you like (Teller support Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, and many more).
React hooks for the AWS UI component library.
use-awsui is a collection of React hooks for the AWS UI components. By instantiating your components' local state with this library, you can save repetitive boilerplate surrounding state instantiation and event handlers. You may also rest comfortably knowing this package maintains 100% test coverage.
RedCloud OS is a Debian based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers (CSPs). It includes tools optimized for adversary simulation tasks within Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Terraform, Terragrunt, and IaC Automated Management. Collaborate, deploy, and manage your Infrastructure as Code with confidence
env0 automates your Terraform, Terragrunt, AWS CloudFormation and other Infrastructure as Code tools.
A lightweight, ultra-fast tool for building observability pipelines.
Related contents:
Quickly and easily design network layouts. Split and join subnets, add notes and color, then collaborate with others by sharing a custom link to your design.
Enter the network you wish to subnet and use the Split/Join buttons on the right to start designing!
Distributed SQL Databases
Fastest serverless distributed SQL database for always available applications.
S3oosh allows users to upload multiple files at once to S3 Buckets. It provides a drag-and-drop interface for users to easily upload files to a S3 Bucket. The component supports various file types and allows users to set maximum file count, maximum file size, and accepted file types.
Multi-cloud continuous delivery for the enterprise.
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.
Spinnaker provides application management and deployment to help you release software changes with high velocity and confidence. Spinnaker is an open-source, multi-cloud continuous delivery platform that combines a powerful and flexible pipeline management system with integrations to the major cloud providers. If you are looking to standardize your release processes and improve quality, Spinnaker is for you.
A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies
Fix Inventory is an open-source cloud asset inventory tool for infrastructure and security engineers.
Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.
Fix Inventory enables a broad set of exploration and automation scenarios. Its foundation is a graph-based data model, which exposes resource metadata and dependency relationships between your service's assets.
A powerful CLI allows you to search, explore, and manage your cloud resources.
Related contents:
Serverless is the application framework for building web, mobile and IoT applications exclusively on Amazon Web Services' Lambda and API Gateway. It's a command line interface that helps you build and maintain serverless apps across teams of any size. It's also completely extensible via Plugins. We believe AWS Lambda will be the focal point of AWS cloud, and the Serverless Framework interprets AWS from Lambda's perspective.
Effortlessly run tasks and manage your services on AWS ECS (Elastic Container Service).
RunECS is a cross-platform tool available for macOS, Linux, and Windows.
Enable generative AI applications to automate multistep tasks by seamlessly connecting with company systems, APIs, and data sources.
Related contents:
Production Grade k8s Installation, Upgrades and Management. The easiest way to get a production grade Kubernetes cluster up and running. We like to think of it as kubectl for clusters.
kops will not only help you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes cluster, but it will also provision the necessary cloud infrastructure.
AWS (Amazon Web Services) and GCE (Google Cloud Platform) are currently officially supported, with DigitalOcean, Hetzner and OpenStack in beta support, and Azure in alpha.
MCP server for understanding AWS spend.
An MCP server for getting AWS spend data via Cost Explorer and Amazon Bedrock usage data via Model invocation logs in Amazon Cloud Watch through Anthropic's MCP (Model Control Protocol).
SST makes it easy to build full-stack serverless applications on AWS. Build modern full-stack applications on AWS:
- Deploy Next.js, Remix, or Astro to AWS.
- Add any backend feature.
- Go from idea to IPO!
A CLI to create code sandboxes with automatic HTTPS and long running processes in your cloud provider account.
Install the AWS CLI on modern Macs without a package manager.
Related contents:
Find AWS resources that are not logging, and turn them on.
Assisted Log Enabler for AWS is for customers who do not have logging turned on for various services, and lack knowledge of best practices and/or how to turn them on.
Parallel S3 and local filesystem execution tool.
s5cmd is a very fast S3 and local filesystem execution tool. It comes with support for a multitude of operations including tab completion and wildcard support for files, which can be very handy for your object storage workflow while working with large number of files.
Serverless PHP made simple. Simple and scalable PHP applications with serverless. Serverless PHP on AWS Lambda.
Related contents: