cloud-security-audit

Original：🇨🇳 Chinese

Translated

Professional Skills and Methodologies for Cloud Security Audits

2installs

Sourceed1s0nz/cyberstrikeai

Added on2026-03-11

NPX Install

npx skill4agent add ed1s0nz/cyberstrikeai cloud-security-audit

SKILL.md Content (Chinese)

View Translation Comparison →

Cloud Security Audit

Overview

Cloud security audit is a critical process for evaluating the security of cloud environments. This skill provides methods, tools, and best practices for cloud security audits, covering major cloud platforms such as AWS, Azure, and GCP.

Audit Scope

1. Identity and Access Management

Check Items:

IAM policy configuration
User permissions
Role permissions
Access key management

2. Network Security

Check Items:

Security group configuration
Network ACL
VPC configuration
Traffic encryption

3. Data Security

Check Items:

Data encryption
Key management
Backup policies
Data classification

4. Compliance

Check Items:

Compliance frameworks
Audit logs
Monitoring and alerting
Incident response

AWS Security Audit

IAM Audit

Check IAM Policies:

bash

# 列出所有IAM用户
aws iam list-users

# 列出所有IAM策略
aws iam list-policies

# 检查用户权限
aws iam list-user-policies --user-name username
aws iam list-attached-user-policies --user-name username

# 检查角色权限
aws iam list-role-policies --role-name rolename

Common Issues:

Excessive permissions
Unused access keys
Weak password policies
MFA not enabled

S3 Security Audit

Check S3 Buckets:

bash

# 列出所有存储桶
aws s3 ls

# 检查存储桶策略
aws s3api get-bucket-policy --bucket bucketname

# 检查存储桶ACL
aws s3api get-bucket-acl --bucket bucketname

# 检查存储桶加密
aws s3api get-bucket-encryption --bucket bucketname

Common Issues:

Public access
Unencrypted storage
Versioning not enabled
Logging not enabled

Security Group Audit

Check Security Groups:

bash

# 列出所有安全组
aws ec2 describe-security-groups

# 检查开放端口
aws ec2 describe-security-groups --group-ids sg-xxx

Common Issues:

0.0.0.0/0 open access
Unnecessary ports open
Overly permissive rules

CloudTrail Audit

Check Audit Logs:

bash

# 列出所有跟踪
aws cloudtrail describe-trails

# 检查日志文件完整性
aws cloudtrail get-trail-status --name trailname

Azure Security Audit

Subscriptions and Resource Groups

Check Subscriptions:

bash

# 列出所有订阅
az account list

# 检查资源组
az group list

Network Security Groups

Check NSG:

bash

# 列出所有NSG
az network nsg list

# 检查NSG规则
az network nsg rule list --nsg-name nsgname --resource-group rgname

Storage Accounts

Check Storage Accounts:

bash

# 列出所有存储账户
az storage account list

# 检查访问策略
az storage account show --name accountname --resource-group rgname

GCP Security Audit

Projects and Organizations

Check Projects:

bash

# 列出所有项目
gcloud projects list

# 检查IAM策略
gcloud projects get-iam-policy project-id

Compute Engine

Check Instances:

bash

# 列出所有实例
gcloud compute instances list

# 检查防火墙规则
gcloud compute firewall-rules list

Storage

Check Buckets:

bash

# 列出所有存储桶
gsutil ls

# 检查存储桶权限
gsutil iam get gs://bucketname

Automation Tools

Scout Suite

bash

# AWS审计
scout aws

# Azure审计
scout azure

# GCP审计
scout gcp

Prowler

bash

# AWS安全审计
prowler -c check11,check12,check13

# 完整审计
prowler

CloudSploit

bash

# 扫描AWS账户
cloudsploit scan aws

# 扫描Azure订阅
cloudsploit scan azure

Pacu

bash

# AWS渗透测试框架
pacu

Audit Checklist

IAM Security

Check user permissions
Check role permissions
Check access keys
Check password policies
Check MFA enablement

Network Security

Check security group/NSG rules
Check VPC configuration
Check network ACL
Check traffic encryption

Data Security

Check data encryption
Check key management
Check backup policies
Check data classification

Compliance

Check audit logs
Check monitoring and alerting
Check incident response
Check compliance frameworks

Common Security Issues

1. Excessive Permissions

Issue:

Overly permissive IAM policies
Users have administrator permissions
Excessive role permissions

Remediation:

Principle of least privilege
Regular permission reviews
Use IAM policy simulation

2. Public Resources

Issue:

Public S3 buckets
Security groups open to 0.0.0.0/0
Public database access

Remediation:

Restrict access scope
Use private networks
Enable access control

3. Unencrypted Data

Issue:

Unencrypted storage
Unencrypted transmission
Improper key management

Remediation:

Enable encryption
Use TLS/SSL
Use key management services

4. Missing Logs

Issue:

Audit logs not enabled
Logs not retained
Logs not monitored

Remediation:

Enable CloudTrail/Azure Monitor
Set log retention policies
Configure monitoring and alerting

Best Practices

1. Least Privilege

Grant only necessary permissions
Regularly review permissions
Use IAM policy simulation

2. Multi-Layered Protection

Network layer protection
Application layer protection
Data layer protection

3. Monitoring and Alerting

Enable audit logs
Configure monitoring and alerting
Establish incident response processes

4. Compliance

Follow compliance frameworks
Conduct regular security audits
Document security policies

Notes

Only perform audits in authorized environments
Avoid impacting production environments
Note differences between different cloud platforms
Conduct regular security audits

cloud-security-audit

NPX Install

Tags

SKILL.md Content (Chinese)

Cloud Security Audit

Overview

Audit Scope

1. Identity and Access Management

2. Network Security

3. Data Security

4. Compliance

AWS Security Audit

IAM Audit

S3 Security Audit

Security Group Audit

CloudTrail Audit

Azure Security Audit

Subscriptions and Resource Groups

Network Security Groups

Storage Accounts

GCP Security Audit

Projects and Organizations

Compute Engine

Storage

Automation Tools

Scout Suite

Prowler

CloudSploit

Pacu

Audit Checklist

IAM Security

Network Security

Data Security

Compliance

Common Security Issues

1. Excessive Permissions

2. Public Resources

3. Unencrypted Data

4. Missing Logs

Best Practices

1. Least Privilege

2. Multi-Layered Protection

3. Monitoring and Alerting

4. Compliance

Notes