name: cloud-security-audit description: Professional skills and methodology for cloud security auditing version: 1.0.0

Cloud Security Audit

Overview

Cloud security auditing is an essential part of evaluating the security of cloud environments. This skill provides methods, tools, and best practices for cloud security auditing, covering major cloud platforms such as AWS, Azure, and GCP.

Audit Scope

1. Identity and Access Management

Checklist:

• IAM policy configuration
• User permissions
• Role permissions
• Access key management

2. Network Security

Checklist:

• Security group configuration
• Network ACL
• VPC configuration
• Traffic encryption

3. Data Security

Checklist:

• Data encryption
• Key management
• Backup policy
• Data classification

4. Compliance

Checklist:

• Compliance frameworks
• Audit logs
• Monitoring and alerting
• Incident response

AWS Security Audit

IAM Audit

Check IAM policies:

# List all IAM users
aws iam list-users

# List all IAM policies
aws iam list-policies

# Check user permissions
aws iam list-user-policies --user-name username
aws iam list-attached-user-policies --user-name username

# Check role permissions
aws iam list-role-policies --role-name rolename

Common issues:

• Excessive permissions
• Unused access keys
• Weak password policy
• MFA not enabled

S3 Security Audit

Check S3 buckets:

# List all buckets
aws s3 ls

# Check bucket policy
aws s3api get-bucket-policy --bucket bucketname

# Check bucket ACL
aws s3api get-bucket-acl --bucket bucketname

# Check bucket encryption
aws s3api get-bucket-encryption --bucket bucketname

Common issues:

• Public access
• Unencrypted
• Versioning not enabled
• Logging not enabled

Security Group Audit

Check security groups:

# List all security groups
aws ec2 describe-security-groups

# Check open ports
aws ec2 describe-security-groups --group-ids sg-xxx

Common issues:

• 0.0.0.0/0 open
• Unnecessary open ports
• Overly permissive rules

CloudTrail Audit

Check audit logs:

# List all trails
aws cloudtrail describe-trails

# Check log file integrity
aws cloudtrail get-trail-status --name trailname

Azure Security Audit

Subscriptions and Resource Groups

Check subscriptions:

# List all subscriptions
az account list

# Check resource groups
az group list

Network Security Groups

Check NSG:

# List all NSGs
az network nsg list

# Check NSG rules
az network nsg rule list --nsg-name nsgname --resource-group rgname

Storage Accounts

Check storage accounts:

# List all storage accounts
az storage account list

# Check access policies
az storage account show --name accountname --resource-group rgname

GCP Security Audit

Projects and Organizations

Check projects:

# List all projects
gcloud projects list

# Check IAM policies
gcloud projects get-iam-policy project-id

Compute Engine

Check instances:

# List all instances
gcloud compute instances list

# Check firewall rules
gcloud compute firewall-rules list

Storage

Check buckets:

# List all buckets
gsutil ls

# Check bucket permissions
gsutil iam get gs://bucketname

Automated Tools

Scout Suite

# AWS audit
scout aws

# Azure audit
scout azure

# GCP audit
scout gcp

Prowler

# AWS security audit
prowler -c check11,check12,check13

# Full audit
prowler

CloudSploit

# Scan AWS account
cloudsploit scan aws

# Scan Azure subscription
cloudsploit scan azure

Pacu

# AWS penetration testing framework
pacu

Audit Checklist

IAM Security

• Check user permissions
• Check role permissions
• Check access keys
• Check password policy
• Check MFA status

Network Security

• Check security group/NSG rules
• Check VPC configuration
• Check network ACL
• Check traffic encryption

Data Security

• Check data encryption
• Check key management
• Check backup policy
• Check data classification

Compliance

• Check audit logs
• Check monitoring and alerting
• Check incident response
• Check compliance frameworks

Common Security Issues

1. Excessive Permissions

Issue:

• IAM policies too permissive
• Users have administrator privileges
• Role permissions too broad

Remediation:

• Principle of least privilege
• Regularly review permissions
• Use IAM policy simulation

2. Public Resources

Issue:

• S3 buckets publicly accessible
• Security groups open to 0.0.0.0/0
• Databases publicly accessible

Remediation:

• Restrict access scope
• Use private networks
• Enable access controls

3. Unencrypted Data

Issue:

• Storage unencrypted
• Transmission unencrypted
• Improper key management

Remediation:

• Enable encryption
• Use TLS/SSL
• Use key management services

4. Missing Logs

Issue:

• Audit logs not enabled
• Logs not retained
• Logs not monitored

Remediation:

• Enable CloudTrail/Azure Monitor
• Set log retention policies
• Configure monitoring and alerting

Best Practices

1. Least Privilege

• Grant only necessary permissions
• Regularly review permissions
• Use IAM policy simulation

2. Defense in Depth

• Network layer protection
• Application layer protection
• Data layer protection

3. Monitoring and Alerting

• Enable audit logs
• Configure monitoring and alerting
• Establish incident response processes

4. Compliance

• Follow compliance frameworks
• Regular security audits
• Document security policies

Notes

• Only perform audits in authorized environments
• Avoid impacting production environments
• Note differences across cloud platforms
• Conduct security audits regularly