cfn_nag
aws-recon
Our great sponsors
cfn_nag | aws-recon | |
---|---|---|
14 | 3 | |
1,220 | 474 | |
0.6% | - | |
0.0 | 0.0 | |
8 months ago | 11 months ago | |
Ruby | Ruby | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cfn_nag
-
Setting up my own landing zone on AWS
.pre-commit-config.yaml – contains the cfn-lint and cfn_nag pre-commit hooks.
-
Guide to Serverless & Lambda Testing — Part 2 — Testing Pyramid
For generic CloudFormation templates, check CFN-NAG.
-
AWS Serverless Production Readiness Checklist
If you use CDK, you should implement CDK nag; otherwise, use cfn-nag.
-
Make your life easier using Makefiles
cfn_nag
-
Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline
CodeBuild will run a linting check against the CloudFormation Template using cfn-lint and will then run cfn-nag to check for patterns that indicate insecure resources within the CloudFormation template.
-
App with self-contained infrastructure on AWS
Security checks for the Cloudformation stack using cfn-nag
-
Mastering AWS CDK Aspects
cdk-nag contains several Aspects to check your applications for best practices. It is especially useful if you need to be HIPAA-compliant or have other compliance requirements. It is inspired by cfn_nag which is a a tool checking for patterns in your CloudFormation templates.
-
how did you get good at iac-cloudformation
cfn-lint and cfn_nag or other tools of that nature to check as you write so you don't need to continually try to deploy only to find that you've done something dumb.
-
Source Control your AWS CloudFormation templates with GitHub
There is another tool called cfn_nag that can check your code for potentially any insecure infrastructure. When you read the documentation around this tool, the author says it can check for things such as:
-
Install cfn_nag on Windows
I recently wanted to use the cfn-nag tool on some templates I was writing but couldn't find any instructions to install on Windows, but I have found a way to do it.
aws-recon
-
Automated capturing & documenting infra for AWS (EKS, IAM, VPC etc.)
For an open source approach, tools from the security realm could potentially be a fit (keyword: aws recon), e.g. https://github.com/darkbitio/aws-recon
- Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
-
AWS tool / service to see EVERYTHING that we have running / using / etc ... to avoid billing ...
It's not graphical, but AWS Recon does this.
What are some alternatives?
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
cfn-python-lint - CloudFormation Linter
opencspm - Open Cloud Security Posture Management Engine
SonarQube - Continuous Inspection
awesome-runners - A curated list of awesome self-hosted GitHub Action runners in a large comparison matrix
aws-secure-environment-accelerator - The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
aws-foundations-cis-baseline - InSpec profile to validate your VPC to the standards of the CIS Amazon Web Services Foundations Benchmark
vscode-cloudformation-snippets - This extension adds snippets for all the AWS CloudFormation resources into Visual Studio Code.
cloud-lusat - Cloud Internal Threat Intelligence Feeds, Inventory and Compliance Data Collection
tfsec - Security scanner for your Terraform code
WhatWeb - Next generation web scanner