Loading repository data…
Loading repository data…
Lakewest1 / repository
Production-ready AWS security automation framework built with Python and Boto3. Automates security posture assessments across IAM, CloudTrail, S3, and KMS services. Features least-privilege architecture, modular design, and JSON reporting. Reduces human error and enforces AWS security best practices programmatically.
A transparent discovery signal based on current public GitHub metadata.
This score does not audit code, security, maintainers, documentation quality, or suitability. Verify the repository and its current documentation before adoption.
This project is an AWS Security Automation framework built with Python and Boto3 to help detect, enforce, and audit security best practices across AWS accounts.
It is designed to reduce human error, enforce least privilege, and automate repetitive security operations such as:
This repository demonstrates real-world cloud security engineering skills, not just exam knowledge.
The automation interacts with AWS services using Boto3, AWS’s official SDK for Python.
Core AWS Services Used
Authentication is handled using IAM roles or access keys, following least-privilege best practices.
✔ IAM security posture checks
✔ Detection of overly permissive IAM policies
✔ Validation of CloudTrail logging status
✔ S3 bucket encryption and public access checks
✔ KMS key usage validation
✔ Automated security findings output
✔ Modular Python structure for easy extension
aws-security-automation/
│
├── scripts/
│ ├── iam_audit.py
│ ├── cloudtrail_check.py
│ ├── s3_security_check.py
│ ├── kms_validation.py
│
├── utils/
│ ├── aws_session.py
│ ├── helpers.py
│
├── reports/
│ └── findings.json
│
├── requirements.txt
├── config.example.json
├── .gitignore
└── README.md
Before running this project, ensure you have the following:
It is strongly recommended to use read-only security audit permissions.
Minimum example policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:Get*",
"iam:List*",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"s3:GetBucket*",
"kms:DescribeKey",
"logs:DescribeLogGroups"
],
"Resource": "*"
}
]
}
⚠️ Do NOT use AdministratorAccess in production environments.
git https://github.com/Lakewest1/AWS-Security-Automation
cd aws-security-automation
python -m venv venv
source venv/bin/activate # Linux / Mac
venv\Scripts\activate # Windows
pip install -r requirements.txt
Use one of the following methods:
aws configure
export AWS_ACCESS_KEY_ID=your_key
export AWS_SECRET_ACCESS_KEY=your_secret
export AWS_DEFAULT_REGION=us-east-1
Attach an IAM role to your EC2 instance or Lambda function.
Run individual security checks:
python scripts/iam_audit.py
python scripts/cloudtrail_check.py
python scripts/s3_security_check.py
python scripts/kms_validation.py
Or run all checks:
python main.py
Findings will be saved to:
reports/findings.json
{
"IAM": {
"OverlyPermissivePolicies": ["AdminAccess"]
},
"CloudTrail": {
"MultiRegionTrail": true,
"LogFileValidation": true
},
"S3": {
"PublicBuckets": ["example-bucket"]
}
}
This project demonstrates:
This tool is intended for educational and internal security assessment purposes only. Always obtain proper authorization before running security checks in any AWS environment.
Musa Olalekan Cloud Security Engineer | AWS | Python | Automation
This project reflects hands-on cloud security engineering, not just certification knowledge. It aligns directly with roles such as: