AutoShield is like a digital security guard for your AWS cloud . AutoShield is a serverless cloud security monitoring system built on core AWS services. It detects critical misconfigurations like public S3 buckets, open EC2 ports, or overly permissive IAM policies in real time, alerts administrators via email using SNS, and logs violations into DynamoDB for future analysis and dashboarding.
Designed for DevSecOps, Cloud Engineers, and Security Teams, AutoShield helps prevent accidental data leaks and compliance violations in dynamic cloud environments.
| π What Can Go Wrong | |
|---|---|
| Public S3 Bucket | Customer data or proprietary code exposed to the internet |
| Open EC2 Port (22/3389) | Remote server access, brute-force attacks, and lateral movement |
| Unrestricted IAM Policy | Privilege escalation and full-account compromise |
| Unencrypted RDS/EBS | Sensitive database content exposed without encryption at rest |
| π Feature | π Description | π― Why It Matters |
|---|---|---|
| Real-Time Security Auditing | AutoShield continuously listens for misconfiguration events (like public S3 buckets) via EventBridge. | Enables proactive detection instead of manual, delayed audits β increasing security posture. |
| Serverless Architecture | Built entirely on AWS Lambda, EventBridge, and DynamoDB with no servers to manage. | Ensures scalability, cost-efficiency, and minimal maintenance for continuous monitoring. |
| DynamoDB-Powered Log Storage | Misconfiguration findings are stored in a DynamoDB table. | Offers fast, scalable, and queryable access to historical security logs for audit/troubleshooting. |
| DynbDashboard (Live Insights) | A frontend dashboard displays logged events in real-time. | Provides immediate visibility and context for security teams or developers β no need to check logs manually. |
| IAM + X-Ray + CloudWatch Integration | IAM roles ensure least-privilege access, X-Ray helps trace execution, and CloudWatch tracks logs and alerts. | Guarantees end-to-end observability, traceability, and secure operations in production. |
| S3 Misconfiguration Detection | Specifically targets one of the most common AWS security risks: public S3 buckets. | Solves a real-world cloud security problem that leads to data leaks and compliance failures. |
| EventBridge-Based Triggering | Uses AWS EventBridge rules to trigger Lambda when relevant AWS events occur (e.g., S3 policy change). | Ensures instant response to misconfigurations β no delay or batch processing. |
Detection Flow:
AWS Config β EventBridge β Lambda β SNS & DynamoDB
- AWS Config evaluates resource compliance using managed rules
- EventBridge routes non-compliance events
- Lambda logs violations & triggers alerts
- SNS notifies security teams (via email)
- DynamoDB stores violations for dashboarding (DynbDashboard coming soon)
| AWS Service | Role in the System |
|---|---|
| AWS Lambda | Event processing & alert logic (Python) |
| AWS Config | Detects violations in AWS resources |
| Amazon EventBridge | Routes violation events to Lambda |
| Amazon SNS | Sends email alerts |
| Amazon DynamoDB | Stores violation logs |
| IAM Roles | Provides least-privilege access to services |
- β Real-Time Misconfiguration Detection
- π Event-driven architecture
- π¬ Immediate SNS Alerts via Email
- ποΈ Logs every violation in DynamoDB
- 𧱠Modular & Scalable Lambda structure
- π‘ Infrastructure-as-Code via AWS SAM (
template.yaml) - π« No third-party dependencies β all AWS-native
AutoShield is an open-source, serverless security auditing platform for AWS. We welcome contributions from cloud engineers, security enthusiasts, and DevSecOps professionals!
| π§ Feature Idea | π Description |
|---|---|
| π Multi-Resource Auditing | Extend AutoShield to audit EC2, IAM policies, and Security Groups along with S3 |
| π§ AI-based Risk Scoring | Use ML to prioritize misconfigurations based on severity and historical trends |
| π Alert Dashboard Enhancements | Add sorting, filtering, and graph visualizations for easier insights |
| π Role-Based Access | Add authentication for different dashboard users (Admin vs Viewer) |
| π¨ SNS/Slack Alerts | Send real-time notifications to teams when critical issues are detected |
| π¦ Archive to S3 | Automatically back up old logs to S3 Glacier for cost-efficient storage |
- π΄ Fork the repo
- π¦ Create a new feature branch:
git checkout -b feature-name - β Make your changes and test them
- π¬ Submit a pull request describing your enhancement
Made with β€οΈ by Manas Gantait
- π©οΈ Serverless AWS Monitoring
- π Real-Time Misconfiguration Detection
- π DynamoDB-backed Security Logs
- π Live DynbDashboard Visualization
- π EventBridge + Lambda Driven
- π¦ Open Source β Fully Extendable
- π§ Cloud-Native, DevOps-Ready
- π οΈ Built for Scale and Observability