Cloud Custodian |
- Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
- Custodian can be used to manage AWS, Azure, and GCP environments by ensuring real time compliance to security policies (like encryption and access requirements), tag policies, and cost management via garbage collection of unused resources and off-hours resource management
|
Cloud Inquisitor |
- Monitor AWS objects for ownership attribution, notifying account owners of unowned objects, and subsequently removing unowned AWS objects if ownership is not resolved
- Detect domain hijacking
- Verify security services such as Cloudtrail and VPC Flowlogs
- Managing IAM policies across multiple accounts
|
Dow Jones Hammer |
- Multi-account cloud security tool for AWS
- Identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts
- It has near real-time reporting capabilities (e.g. JIRA, Slack)
- Can perform auto-remediation of some misconfigurations
|
AWS Auto Remediate |
Instantly remediate common security issues through the use of AWS Config |
Cloudkeeper |
Standalone CLI tool that periodically collects a list of resources in cloud accounts (AWS, GCP, Azure), provides metrics about them, and can clean them up |
metabadger |
A tool to help prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2) |