A practical collection of Python scripts I've built for auditing AWS security configurations. These tools help identify common misconfigurations and security risks across IAM, S3, EC2, and KMS services.
- who_am_i.py - Verify your current AWS credentials and identity
- list_users.py - Enumerate IAM users and audit their access key status
- list_buckets.py - Inventory all S3 buckets in your account
- check_public_buckets.py - Identify buckets with public access configurations (a common attack vector)
- list_instances.py - List EC2 instances with networking details
- check_security_groups.py - Flag security groups exposing risky ports (SSH, RDP, databases) to the internet
- check_public_keys_simple.py - Detect KMS keys with overly permissive policies
You'll need Python 3.6 or newer and valid AWS credentials. I assume you've already configured the AWS CLI with appropriate permissions.
# Install dependencies
pip install -r requirements.txt
# Configure AWS credentials if you haven't already
aws configureThese scripts use read-only operations, but you'll need appropriate IAM permissions:
sts:GetCallerIdentityiam:ListUsers,iam:ListAccessKeyss3:ListAllMyBuckets,s3:GetPublicAccessBlockec2:DescribeInstances,ec2:DescribeSecurityGroupskms:ListKeys,kms:DescribeKey,kms:GetKeyPolicy
# Start by verifying your AWS identity
python iam/who_am_i.py
# Audit IAM users and their access keys
python iam/list_users.py
# Check for publicly accessible S3 buckets
python s3/check_public_buckets.py
# Find security groups with dangerous port exposures
python ec2/check_security_groups.py
# Identify KMS keys with public access
python kms/check_public_keys_simple.pyImportant: These are auditing tools, not remediation tools. They'll show you what's wrong, but won't fix it automatically. Here's what you should know:
- Always review output carefully before taking action
- Test in a non-production environment first if you're new to AWS security
- These scripts perform read-only operations, but still require proper AWS credentials
- Store credentials securely and never commit them to version control
- Consider using IAM roles instead of long-lived access keys when possible
In my experience, the most common issues these scripts catch are:
- Security groups with SSH (22) or RDP (3389) open to 0.0.0.0/0
- S3 buckets without Public Access Block enabled
- Unused or inactive IAM access keys that should be rotated or deleted
- Database ports (3306, 5432) exposed to the internet
I'm planning to add:
- CloudTrail logging verification
- IAM password policy checks
- EC2 instance IAM role auditing
- S3 bucket encryption validation
Found a bug or have a feature suggestion? Feel free to open an issue or submit a pull request.
MIT License - use these scripts however they're helpful to you.
Author: master-coder1998
Disclaimer: These scripts are provided as-is for educational and auditing purposes. Always test in a safe environment and understand what each script does before running it in production.