π Securing cloud environments is critical, but manual security audits can be time-consuming and inefficient. What if you could automate the process and cut audit time by 50%? In this article, Iβll introduce Automated AWS Security Monitoring, a Python-based tool that detects security risks in AWS environments.
Why This Project?
AWS provides security controls, but misconfigurations are a common cause of data breaches. Security teams often spend** hours manually checking IAM policies, security groups, and S3 permissions*. This tool **automates those checks*, providing a quick security audit and actionable insights.
π Features & Capabilities
β
Security Group Analysis β Detects open ports allowing unrestricted access.
β
IAM Security Check β Identifies IAM users without MFA enabled.
β
S3 Bucket Security β Flags unencrypted S3 buckets.
β
AWS Security Hub Integration β Fetches existing security findings.
β
Automated Security Report β Saves findings in a structured JSON file.
With these features, the tool helps AWS security teams, cloud engineers, and DevOps professionals ensure compliance and reduce cloud security risks.
β How It Works
The tool uses Boto3 (AWS SDK for Python) to scan AWS configurations:
1οΈβ£ Checks Security Groups for open ports (e.g., SSH 0.0.0.0/0)
2οΈβ£ Verifies IAM Users and flags accounts without MFA enabled
3οΈβ£ Audits S3 Buckets to identify unencrypted storage
4οΈβ£ Retrieves Security Hub Findings for existing security alerts
5οΈβ£ Generates a JSON security report for quick remediation
π₯ Installation & Setup
πΉ Step 1: Clone the Repository
git clone https://github.com/LeonardKachi/aws-security-monitoring.git
cd aws-security-monitoring
πΉ Step 2: Install Dependencies
pip install -r requirements.txt
πΉ Step 3: Configure AWS Credentials
aws configure
Youβll need to provide:
β’ AWS Access Key
β’ AWS Secret Key
β’ Default region (e.g., us-east-1)
πΉ Step 4: Run the Script
python aws_security_monitor.py
The script will analyze your AWS security posture and generate an audit report.
π Sample Output (JSON Report)
{
"SecurityGroups": [
"β Security Group 'sg-12345' allows inbound SSH access from ANYWHERE."
],
"IAMUsers": [
"β IAM User 'admin' does NOT have MFA enabled."
],
"S3Buckets": [
"β S3 Bucket 'my-unsecured-bucket' is NOT encrypted."
],
"SecurityHubFindings": [
"π Security Hub Finding: Root account has active access keys - This is a critical security risk."
]
}
This structured output makes it easy for security teams to identify vulnerabilities and take corrective action.
π Future Improvements
πΉ AWS Lambda support for real-time security monitoring
πΉ Email/SMS notifications for critical vulnerabilities
πΉ Integration with AWS Config for continuous compliance
π€ Contributing & Feedback
This project is open-source, and Iβd love feedback from the community! Feel free to star the repo, submit a pull request, or open an issue if you have ideas for improvements.
π GitHub Repo: LeonardKachi/aws-security-monitoring
π Connect With Me
Iβm actively building security automation tools and sharing insights on cloud security and penetration testing. Letβs connect!
πΉ GitHub: LeonardKachi
πΉ LinkedIn: onyedikachi-obidiegwu
πΉ Twitter/X: leonard_kachi
π¬ What do you think about this tool? Have you faced AWS security challenges? Drop a comment below! π
Top comments (0)