Back to Projects
AWS Security Audit Tool
IFS R&D International•2021•Software Engineer
Key Highlights
- •Serverless security auditing tool for AWS IAM and account security
- •IAM policy analysis and MFA enforcement monitoring
- •Unused account detection through last login tracking
- •Extensible framework for adding custom security checks
Overview
A serverless AWS security auditing tool that scans AWS environments for IAM security issues and inactive accounts. Built with Python and AWS Lambda to automate routine security checks and notify relevant parties via email.
Key Features
IAM Security Analysis
- Policy Analysis: Scans IAM policies for overprivileged access and risky permissions
- MFA Enforcement: Monitors MFA status across all IAM users
- Unused Accounts: Detects inactive accounts through last login tracking
- Email Notifications: Sends security reports to relevant stakeholders via AWS SES
Extensible Design
- Modular architecture allowing easy addition of new security checks
- Plugin-style test framework for custom audit rules
- Configuration-driven scan definitions
Architecture
Built as a serverless application using AWS Lambda and Python. EventBridge triggers scheduled scans, Lambda functions execute security checks using Boto3, and results are emailed via SES. Infrastructure deployed with CloudFormation/SAM templates.
Impact
- Automated IAM security auditing across multiple AWS accounts at IFS
- Reduced manual security review time from hours to minutes
- Identified unused accounts and MFA gaps proactively across engineering teams
- Enhanced AWS security posture through automated monitoring
Technologies
Cloud: AWS Lambda, EventBridge, SES, S3, CloudFormation, SAM
Language: Python 3.9+
Libraries: Boto3, Jinja2 (report templates)
Tools: AWS CLI, SAM CLI