Cloud Security Resources
This page distills the highlights
For the full, continuously updated list, see jassics/awesome-cloud-security-learning-resources on GitHub. Also see the companion Awesome AWS Security repo.
Use this page as the "go deeper" reference for the whole Cloud Security section - organized so you can jump straight to standards, papers, tools, or hands-on practice depending on what you need.
Standards & Frameworks
| Framework | What It Covers |
|---|---|
| CSA Cloud Controls Matrix (CCM) v4 | The de-facto control framework spanning all major cloud providers |
| NIST SP 800-210 | General access control guidance for cloud systems |
| MITRE ATT&CK for Cloud | Real-world adversary tactics/techniques specific to cloud environments |
| CIS Benchmarks | Configuration baselines for AWS, Azure, GCP, and Kubernetes |
| Azure Security Benchmark | Microsoft's baseline security recommendations for Azure workloads |
| Google Cloud Security Foundations Blueprint | Google's reference architecture for a secure GCP organization |
| AWS Well-Architected Framework: Security Pillar | AWS's own security design guidance |
Books
| Book | Author |
|---|---|
| AWS Security | Dylan Shields - hands-on, covers IAM/VPC/KMS/GuardDuty/Security Hub |
| Practical Cloud Security | Chris Dotson - cloud-agnostic, very accessible (2nd ed. 2023) |
| Microsoft Azure Security Infrastructure | Yuri Diogenes |
| Cloud Security Handbook | Eyal Estrin - multi-cloud, defender-oriented |
Videos & Conferences
- fwd:cloudsec - arguably the best practitioner-led cloud security conference
- AWS re:Inforce - AWS's annual security conference
- Cloud Security Podcast by Ashish Rajan
- John Savill's Technical Training - Azure Security
Courses & Certifications
AWS - AWS Skill Builder Security Learning Plan (free), SANS SEC488/SEC510/SEC540
Azure - Microsoft Learn AZ-500 path (free), SC-100 Cybersecurity Architect
GCP - Google Cloud Skills Boost - Security Engineer path
Vendor-neutral - CCSK, CCSP, Practical DevSecOps CCSE
Certifications - AWS Security-Specialty, Azure AZ-500, Google Professional Cloud Security Engineer, CCAK
Tools
Multi-Cloud CSPM / CNAPP (Open Source)
| Tool | Purpose |
|---|---|
| Prowler | AWS/Azure/GCP/Kubernetes CSPM, 400+ checks |
| ScoutSuite | Multi-cloud security auditing |
| Cloudsplaining | AWS IAM least-privilege assessment |
| Steampipe | Query cloud configuration with SQL |
| Cartography (Lyft, now CNCF sandbox) | Graph-based infrastructure asset inventory |
AWS-Specific
Pacu, aws-nuke, Parliament (IAM policy linter), Policy Sentry (least-privilege policy generator), CloudMapper, PMapper, S3Scanner
Azure-Specific
ROADtools, AzureHound, MicroBurst, Stormspotter (archived, still useful)
GCP-Specific
Commercial CNAPP Landscape
Wiz (acquired by Google, $32B, 2025), Orca Security, Cortex Cloud by Palo Alto Networks (formerly Prisma Cloud, rebranded Feb 2025), CrowdStrike Falcon Cloud Security, Lacework (Fortinet), Microsoft Defender for Cloud, AWS Security Hub + GuardDuty + Inspector, Sysdig Secure, Aqua Security, Snyk Cloud, Tenable Cloud Security.
Hands-On Labs & CTFs
See Cloud Red Teaming & Practice Labs for the full list organized by provider (flaws.cloud, CloudGoat, AzureGoat, GCPGoat, HackTricks Cloud, and more) plus assessment methodology.
Blogs & Research
- AWS Security Blog, Microsoft Security Blog, Google Cloud Security Blog
- Summit Route by Scott Piper - deep AWS security research
- Rhino Security Labs blog
- Wiz Research, Orca Security Research
- Hacking the Cloud - community wiki, one of the best living references for cloud attack techniques
- Chris Farris - AWS threat research
Where to Go Next on This Site
- Cloud Security Essentials and OWASP Top 10 Cloud for foundations
- AWS Security Overview, Azure Security Overview, GCP Security Overview for provider-specific depth
- Multi-Cloud Security Architecture for the architecture/CSPM view
- Cloud Security Incidents to learn from real breaches
- Cloud Red Teaming & Practice Labs to practice
Credits/References
- jassics/awesome-cloud-security-learning-resources - the full, continuously updated source this page distills
- jassics/awesome-aws-security - companion AWS-specific repo
- Hacking the Cloud