aws-security-scanner

# AWS Security Scanner Skill ## Purpose Automated AWS security configuration scanning and hardening to identify misconfigurations, compliance violations, and security risks across AWS accounts and organizations. ## Capabilities ### Prowler Security Assessments - Run comprehensive Prowler security scans - Execute CIS AWS Foundations Benchmark checks - Run AWS Well-Architected security pillar assessments - Check PCI DSS, HIPAA, GDPR compliance - Generate multi-format reports (HTML, CSV, JSON) ### IAM Security Analysis - Analyze IAM policies for over-permissive access - Check for unused credentials and access keys - Identify IAM users without MFA - Review cross-account access configurations - Detect privilege escalation paths - Analyze service control policies (SCPs) ### S3 Bucket Security - Identify publicly accessible buckets - Check bucket encryption configurations - Review bucket policies and ACLs - Verify access logging enabled - Check for sensitive data exposure - Validate versioning and replication ### Network Security Analysis - Review security group configurations - Analyze Network ACLs - Check VPC flow log enablement - Identify public-facing resources - Validate VPC endpoint configurations - Check for overly permissive rules ### Encryption Verification - Verify EBS volume encryption - Check RDS encryption settings - Validate S3 encryption configurations - Review KMS key policies - Check secrets manager configurations - Verify certificate validity ### Logging a...