ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

A collection of lambda functions to collect data from Cloudwatch, Kinesis, VPC Flow logs, S3, security-hub and AWS Inspector

Code examples for the AWS Security Blog post: How to use CI/CD to deploy and configure AWS security services with Terraform

Advanced AWS Security Automation Resources: Used by Udemy Course 🎓

Proof of Value Terraform Scripts to utilize Amazon Web Services (AWS) Security, Identity & Compliance Services to Support your AWS Account Security Posture.

Configure and deploy AWS Security Hub.

control-controls control controls of AWS Security Hub across all regions.

AWS Security Hub automatic suppression rules

AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.

AWS Fargate and Prowler to send AWS service security configuration findings to Security Hub to Automate Compliance Checks for AWS CIS Benchmarks

An AWS Security Hub Custom Findings provider, using the Have I Been Pwned API

Analyse database activity with Aurora Database Activity Streams and send findings to Security Hub

Terraform module to update AWS securityhub findings such as suppressions

:shield: Terraform module to provision multi-region AWS cloud security controls

Security & Privacy hub (website).

Process AWS Security Hub v2 (OCSF) findings with auto-suppression rules, filtering, and optional Slack alerts

AWS Organization baseline configuration

Sample demonstrating how to use AWS Systems Manager Inventory to detect file changes on EC2 instances and publish findings to AWS Security Hub and Amazon Security Lake.

Detect and automate responses to Kubernetes privilege escalation risks in AWS EKS. Mapped to NIST 800-53, CIS Controls, and ISO 27001 using AWS-native services.

Terraform module to enable AWS security hub

Terraform module for AWS security baseline - implements CIS AWS Foundations Benchmark 5.0.0 controls including Security Hub, CloudTrail, Config, IAM policies, and Access Analyzer

Automated AWS security monitoring with Config, Security Hub, GuardDuty and Lambda remediation

Simple Terraform module for AWS Security Hub configuration and management

Event driven AWS security automation platform GuardDuty threat detection, Security Hub (CIS 1.4 + PCI DSS), Inspector v2, Macie, and IAM Access Analyzer feeding EventBridge rules that trigger Lambda auto remediation: EC2 isolation, IAM credential revocation, malicious IP blocking (WAFv2 + NACL), and S3 hardening. Full audit trail in DynamoDB.

Enterprise-grade AWS security & networking portfolio: Terraform-built hub-and-spoke VPC architecture with centralized ingress/egress, organization-wide IAM zero-trust guardrails (SCPs/permission boundaries), and centralized detection/response using multi-account logging and automated alerting.

This AWS SAM (Serverless Application Model) deployment configures the required resources to send Trend Micro's Cloud One Application Security events to AWS Security Hub.

🔧 Establish a secure AWS Organization baseline with Terraform, ensuring structured hierarchy and robust security services for effective cloud management.

🛠️ Sets up Opsgenie + Amazon Security Hub integration using Terraform

Automated security scanning for AWS RAG pipelines using Amazon Bedrock Guardrails

AWS Account baseline configuration