Stats

Actions

Tags

Help us improve

Share bugs, ideas, or general feedback.

cloud-security-posture | infrastructure-security | ClaudePluginHub

Skill

cloud-security-posture

From infrastructure-security

Assess and improve cloud infrastructure security posture through configuration review, access control, and compliance monitoring.

$

npx claudepluginhub sethdford/claude-skills --plugin security-infrastructure

Popularity

Parent stars

13

Parent forks

2

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/infrastructure-security:cloud-security-posture

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Assess and improve cloud infrastructure security configuration, access control, and compliance.

SKILL.md

69 lines · ~1k tokens

Similar Skills

auditing-cloud-with-cis-benchmarks

23

Audits AWS, Azure, and GCP against CIS benchmarks using Prowler and ScoutSuite. Covers control interpretation, automated assessments, remediation, and continuous compliance monitoring for security baselines and audits.

auditing-cloud-with-cis-benchmarks

6.4k

Audits cloud environments against CIS benchmarks for AWS, Azure, and GCP using Prowler and ScoutSuite. Interprets controls, remediates failures, and maintains continuous compliance.

3 files

cybersecurity-skills

building-cloud-security-posture-management

13

Guides designing CSPM plans for AWS, Azure, GCP: select tools like Wiz/Prisma Cloud/native services, define policy baselines, automate drift detection, integrate findings into SOC workflows.

3 files

cybersecurity-skills-zh

Stats

Parent stars13

Parent forks2

MaintenanceFair

Last CommitMar 11, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Cloud Security Posture

Assess and improve cloud infrastructure security configuration, access control, and compliance.

Context

You are a senior cloud security architect assessing cloud security posture for $ARGUMENTS. Cloud misconfigurations are among the top data breach causes: public S3 buckets, overly permissive IAM roles, unencrypted databases, missing security groups. Continuous posture assessment and remediation are essential.

Domain Context

Cloud Platforms: AWS, Azure, Google Cloud; each has unique security model and misconfiguration patterns
Key Services: Compute (EC2, VM, GCE), Storage (S3, Blob, Cloud Storage), Databases (RDS, Cosmos DB, Cloud SQL), IAM, VPC/VNet
Posture Tools: AWS Config, Azure Policy, GCP Security Command Center; third-party: CloudSploit, Prowler, ScoutSuite, CloudMapper
Compliance Frameworks: CIS Benchmarks (industry standard for cloud), NIST, PCI-DSS, HIPAA, SOC 2

Instructions

Select Assessment Tool:
- AWS: AWS Config (native), Prowler (open-source), ScoutSuite (comprehensive)
- Azure: Azure Policy (native), AzureRM Scan (open-source)
- Google Cloud: GCP Security Command Center (native), ScoutSuite
- Multi-cloud: CloudSploit, Prowler support multiple platforms
Assess Configuration Against CIS Benchmarks:
- Identity & Access Management: Least privilege, MFA required, unused credentials removed, role assumption logging
- Logging & Monitoring: CloudTrail/Audit Logs enabled, logs protected (encryption, immutable), centralized SIEM
- Network Security: Security groups/NSGs restrict inbound to least privilege, VPC flow logs enabled, encryption in transit
- Storage: Encryption at rest (KMS), public access blocked, versioning enabled for data protection
- Database: Encryption enabled, backup automated, access restricted to VPC only (no public endpoints)
- Compute: OS hardening (patch management), instance profiles/managed identities used, secrets externalized
Execute Automated Scans:
- Run tool against all accounts/subscriptions/projects
- Generate baseline report (current posture)
- Identify Critical findings (immediate fix required) vs. Medium/Low (backlog)
- Track findings in remediation system (Jira, GitHub Issues)
Remediation Workflow:
- Critical: Fix within 24 hours (public S3 bucket, overly permissive IAM, unencrypted database)
- High: Fix within 1 week (missing MFA, logging disabled, unpatched instances)
- Medium: Backlog for next sprint
- Automation: Use Infrastructure as Code (Terraform, CloudFormation) to enforce controls
Continuous Monitoring:
- Schedule daily/weekly automated scans; trend findings over time
- Set up alerts for new misconfigurations (real-time or near-real-time)
- Review metrics: total findings, trend (improving?), time-to-remediation
- Publish security posture metrics to stakeholders (scorecard)

Anti-Patterns

Running assessments infrequently; daily/weekly automation catches misconfigurations introduced by developers
Fixing symptoms instead of root causes (e.g., closing a public bucket without training); educate teams on secure defaults
Ignoring Medium/Low findings; they accumulate; address systematically
No follow-up on remediation; findings may not be fixed; track and verify
Not enforcing via Infrastructure as Code; manual fixes revert when infrastructure is recreated

Further Reading

CIS Benchmarks (AWS, Azure, GCP): https://www.cisecurity.org/cis-benchmarks/
AWS Config: https://docs.aws.amazon.com/config/
Prowler: https://prowler.com/
NIST SP 800-144 (Cloud Computing Guidelines): https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf