75 AWS service security reference cards covering attack vectors, misconfigurations, enumeration commands, privilege escalation, persistence techniques, detection indicators, and defense recommendations.
Each card is available in three formats:
- Markdown - readable on GitHub, easy to search and contribute
- HTML - beautiful standalone dark-themed pages, open in any browser
- PDF - print-ready, share with your team
Open source community project.
Security Cards
| # | Service | Category | Risk | Markdown | HTML | ||
|---|---|---|---|---|---|---|---|
| 1 |  |
AWS IAM | Identity | 9.5 | MD | HTML | |
| 2 |  |
AWS STS | Identity | 9.5 | MD | HTML | |
| 3 |  |
AWS Organizations | Multi-Account | 9.5 | MD | HTML | |
| 4 |  |
AWS Secrets Manager | Secrets | 9.5 | MD | HTML | |
| 5 |  |
AWS IAM Identity Center | Identity | 9.5 | MD | HTML | |
| 6 |  |
AWS Redshift | Data Warehouse | 9.2 | MD | HTML | |
| 7 |  |
AWS EC2 | Compute | 9.0 | MD | HTML | |
| 8 |  |
AWS S3 | Storage | 9.0 | MD | HTML | |
| 9 |  |
AWS EKS | Kubernetes | 9.0 | MD | HTML | |
| 10 |  |
AWS RDS | Database | 9.0 | MD | HTML | |
| 11 |  |
AWS CodeBuild & CodePipeline | CI/CD | 9.0 | MD | HTML | |
| 12 |  |
AWS Directory Service | Identity | 9.0 | MD | HTML | |
| 13 |  |
AWS Glue | ETL & Data Catalog | 9.0 | MD | HTML | |
| 14 |  |
AWS Route 53 | DNS | 9.0 | MD | HTML | |
| 15 |  |
AWS Backup | Disaster Recovery | 9.0 | MD | HTML | |
| 16 |  |
AWS CloudFormation | Infrastructure as Code | 9.0 | MD | HTML | |
| 17 |  |
AWS CloudTrail | Audit Logging | 8.5 | MD | HTML | |
| 18 |  |
AWS API Gateway | API | 8.5 | MD | HTML | |
| 19 |  |
AWS ECR | Container | 8.5 | MD | HTML | |
| 20 |  |
AWS ECS | Containers | 8.5 | MD | HTML | |
| 21 |  |
AWS OpenSearch | Search & Analytics | 8.5 | MD | HTML | |
| 22 |  |
AWS Systems Manager | Management | 8.5 | MD | HTML | |
| 23 |  |
AWS SageMaker | ML Platform | 8.5 | MD | HTML | |
| 24 |  |
AWS Step Functions | Workflow Orchestration | 8.5 | MD | HTML | |
| 25 |  |
AWS Security Hub | Security Posture | 8.5 | MD | HTML | |
| 26 |  |
AWS Transit Gateway | Network Transit | 8.5 | MD | HTML | |
| 27 |  |
AWS DynamoDB | Database | 8.0 | MD | HTML | |
| 28 |  |
AWS Cognito | Identity | 8.0 | MD | HTML | |
| 29 |  |
AWS KMS | Encryption | 8.0 | MD | HTML | |
| 30 |  |
AWS EBS | Storage | 8.0 | MD | HTML | |
| 31 |  |
AWS AppSync | Managed GraphQL | 8.0 | MD | HTML | |
| 32 |  |
AWS Athena | SQL Query Service | 8.0 | MD | HTML | |
| 33 |  |
AWS DataSync | Data Transfer | 8.0 | MD | HTML | |
| 34 |  |
AWS ElastiCache | In-Memory Cache | 8.0 | MD | HTML | |
| 35 |  |
AWS EventBridge | Event Bus | 8.0 | MD | HTML | |
| 36 |  |
AWS RAM | Multi-Account | 8.0 | MD | HTML | |
| 37 |  |
AWS MSK | Streaming | 7.8 | MD | HTML | |
| 38 |  |
AWS Lake Formation | Data Lake | 7.8 | MD | HTML | |
| 39 |  |
AWS Batch | Compute | 7.5 | MD | HTML | |
| 40 |  |
AWS Bedrock | AI/ML | 7.5 | MD | HTML | |
| 41 |  |
AWS CloudFront | CDN | 7.5 | MD | HTML | |
| 42 |  |
AWS CloudWatch | Monitoring | 7.5 | MD | HTML | |
| 43 |  |
AWS Config | Compliance & Configuration | 7.5 | MD | HTML | |
| 44 |  |
AWS EFS | File Storage | 7.5 | MD | HTML | |
| 45 |  |
AWS Kinesis | Streaming | 7.5 | MD | HTML | |
| 46 |  |
AWS Lambda | Serverless | 7.5 | MD | HTML | |
| 47 |  |
AWS MemoryDB | Redis | 7.5 | MD | HTML | |
| 48 |  |
AWS Transfer Family | Managed File Transfer | 7.5 | MD | HTML | |
| 49 |  |
Amazon Macie | Data Security | 7.5 | MD | HTML | |
| 50 |  |
AWS VPC | Networking | 7.0 | MD | HTML | |
| 51 |  |
AWS GuardDuty | Threat Detection | 7.0 | MD | HTML | |
| 52 |  |
AWS App Runner | Containers | 6.5 | MD | HTML | |
| 53 |  |
AWS SQS | Queuing | 6.5 | MD | HTML | |
| 54 |  |
AWS ELB/ALB | Networking | 6.0 | MD | HTML | |
| 55 |  |
AWS Amplify | Frontend | 6.0 | MD | HTML | |
| 56 |  |
AWS SNS | Messaging | 6.0 | MD | HTML | |
| 57 |  |
Amazon Inspector V2 | Vulnerability Scanning | 6.0 | MD | HTML | |
| 58 |  |
AWS ACM | Certificates | 5.5 | MD | HTML | |
| 59 |  |
AWS Network Firewall | Network | 5.5 | MD | HTML | |
| 60 |  |
AWS WAF | Web Application Firewall | 5.5 | MD | HTML | |
| 61 |  |
AWS Control Tower | Landing Zone Governance | 9.5 | MD | HTML | |
| 62 |  |
Amazon EMR | Big Data / Analytics | 8.0 | MD | HTML | |
| 63 |  |
AWS Elastic Beanstalk | Compute | 8.0 | MD | HTML | |
| 64 |  |
Amazon Lightsail | Compute | 8.0 | MD | HTML | |
| 65 |  |
Amazon DocumentDB | Database | 8.0 | MD | HTML | |
| 66 |  |
Amazon Neptune | Graph Database | 8.0 | MD | HTML | |
| 67 |  |
Amazon QuickSight | BI / Analytics | 7.5 | MD | HTML | |
| 68 |  |
Amazon WorkSpaces | End-User Computing | 7.5 | MD | HTML | |
| 69 |  |
AWS Firewall Manager | Central Security Management | 7.5 | MD | HTML | |
| 70 |  |
AWS CloudHSM | Hardware Encryption | 7.0 | MD | HTML | |
| 71 |  |
AWS Shield | DDoS Protection | 7.0 | MD | HTML | |
| 72 |  |
AWS X-Ray | Distributed Tracing | 7.0 | MD | HTML | |
| 73 |  |
AWS Verified Access | Zero Trust Networking | 6.5 | MD | HTML | |
| 74 |  |
Amazon Detective | Security Investigation | 6.0 | MD | HTML | |
| 75 |  |
Amazon Verified Permissions | Cedar Authorization | 6.0 | MD | HTML |
What's in each card?
Every security card includes:
- Service Overview - How the service works, with attacker-relevant notes
- Risk Assessment - Numeric risk score with justification
- Attack Vectors - Known attack techniques and exploitation paths
- Common Misconfigurations - The mistakes that lead to breaches
- Enumeration Commands - AWS CLI commands for security assessment
- Privilege Escalation - How attackers escalate access
- Persistence Techniques - How attackers maintain access
- Detection Indicators - What to look for in logs and monitoring
- Exploitation Commands - Practical commands for authorized testing
- Policy Examples - Good vs. bad IAM/resource policies side-by-side
- Defense Recommendations - Hardening steps with CLI examples
Usage
Browse on GitHub: Click any Markdown link above to read directly on GitHub.
Open HTML locally: Clone the repo and open any HTML file in your browser for the full dark-themed experience.
Download PDFs: Each card is available as a print-ready PDF with embedded images and AWS icons.
Disclaimer
These security cards are for authorized security testing and educational purposes only. Always obtain proper authorization before testing. The attack techniques described should only be used in legitimate security assessments, CTF competitions, or defensive security research.
License
This project is open source. See LICENSE for details.
Contributing
Contributions are welcome! Feel free to submit PRs to improve existing cards, fix errors, or add new AWS services.