🔐 Securing cloud environments is critical, but manual security audits can be time-consuming and inefficient. What if you could automate the process and cut audit time by 50%? In this article, I’ll introduce Automated AWS Security Monitoring, a Python-based tool that detects security risks in AWS environments.

Why This Project?

AWS provides security controls, but misconfigurations are a common cause of data breaches. Security teams often spend** hours manually checking IAM policies, security groups, and S3 permissions*. This tool **automates those checks*, providing a quick security audit and actionable insights.

🛠 Features & Capabilities

✅ Security Group Analysis – Detects open ports allowing unrestricted access.
✅ IAM Security Check – Identifies IAM users without MFA enabled.
✅ S3 Bucket Security – Flags unencrypted S3 buckets.
✅ AWS Security Hub Integration – Fetches existing security findings.
✅ Automated Security Report – Saves findings in a structured JSON file.

With these features, the tool helps AWS security teams, cloud engineers, and DevOps professionals ensure compliance and reduce cloud security risks.

⚙ How It Works

The tool uses Boto3 (AWS SDK for Python) to scan AWS configurations:
1️⃣ Checks Security Groups for open ports (e.g., SSH 0.0.0.0/0)
2️⃣ Verifies IAM Users and flags accounts without MFA enabled
3️⃣ Audits S3 Buckets to identify unencrypted storage
4️⃣ Retrieves Security Hub Findings for existing security alerts
5️⃣ Generates a JSON security report for quick remediation

📥 Installation & Setup

🔹 Step 1: Clone the Repository

git clone https://github.com/LeonardKachi/aws-security-monitoring.git
cd aws-security-monitoring

🔹 Step 2: Install Dependencies

pip install -r requirements.txt

🔹 Step 3: Configure AWS Credentials

aws configure

You’ll need to provide:
• AWS Access Key
• AWS Secret Key
• Default region (e.g., us-east-1)

🔹 Step 4: Run the Script

python aws_security_monitor.py

The script will analyze your AWS security posture and generate an audit report.

📊 Sample Output (JSON Report)

{
    "SecurityGroups": [
        "⚠ Security Group 'sg-12345' allows inbound SSH access from ANYWHERE."
    ],
    "IAMUsers": [
        "⚠ IAM User 'admin' does NOT have MFA enabled."
    ],
    "S3Buckets": [
        "⚠ S3 Bucket 'my-unsecured-bucket' is NOT encrypted."
    ],
    "SecurityHubFindings": [
        "🛑 Security Hub Finding: Root account has active access keys - This is a critical security risk."
    ]
}

This structured output makes it easy for security teams to identify vulnerabilities and take corrective action.

📌 Future Improvements

🔹 AWS Lambda support for real-time security monitoring
🔹 Email/SMS notifications for critical vulnerabilities
🔹 Integration with AWS Config for continuous compliance

🤝 Contributing & Feedback

This project is open-source, and I’d love feedback from the community! Feel free to star the repo, submit a pull request, or open an issue if you have ideas for improvements.

📌 GitHub Repo: LeonardKachi/aws-security-monitoring

🔗 Connect With Me

I’m actively building security automation tools and sharing insights on cloud security and penetration testing. Let’s connect!

🔹 GitHub: LeonardKachi
🔹 LinkedIn: onyedikachi-obidiegwu
🔹 Twitter/X: leonard_kachi
💬 What do you think about this tool? Have you faced AWS security challenges? Drop a comment below! 🚀