A comprehensive multi-cloud security assessment platform that automates the deployment of intentionally misconfigured resources, performs security scanning, aggregates findings into a unified format, and visualizes results through an interactive dashboard with remediation guidance.
# 1. Clone and setup
git clone https://github.com/noble-antwi/cloud-security-posture-dashboard.git
cd cloud-security-posture-dashboard
python3 -m venv venv && source venv/bin/activate
pip install prowler pandas flask scoutsuite
# 2. Scan your AWS accounts
./scripts/scanning/run_multi_account_scan.sh --profiles "your-profile" --quick
# 3. Aggregate and visualize
python scripts/scanning/aggregate_findings.py
python dashboard/app.py
# 4. Open http://localhost:51000Detailed Guide: See docs/USAGE.md for comprehensive documentation.
- Quick Start
- Overview
- How It Works
- Features
- Architecture
- Technology Stack
- Prerequisites
- Installation
- Usage
- Multi-Account Scanning
- Project Structure
- Security Scanners
- Remediation Guidance
- Dashboard
- Cleanup
- Roadmap
- Contributing
- License
- Disclaimer
- Documentation
Cloud Security Posture Dashboard is an end-to-end security auditing solution designed for:
| Capability | Description |
|---|---|
| Deploy | Provision intentionally misconfigured cloud resources using Terraform |
| Scan | Automated security assessment using Prowler (AWS) and ScoutSuite (Azure) |
| Aggregate | Normalize findings from multiple tools into a unified schema |
| Visualize | Interactive web dashboard with charts, filters, and detailed findings |
| Remediate | Remediation guidance with multiple options (CLI, Terraform, Console) |
- Security Engineers: Validate scanning tools and remediation workflows
- Cloud Engineers: Learn common misconfigurations and how to detect them
- Students/Learners: Hands-on practice with cloud security in a safe environment
- DevSecOps Teams: Template for building security automation pipelines
The project follows a pipeline architecture where each step produces output for the next:
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ DEPLOY │ ──▶ │ SCAN │ ──▶ │ AGGREGATE │ ──▶ │ DASHBOARD │
│ (Optional) │ │ │ │ │ │ │
│ Terraform │ │ Prowler │ │ Python │ │ Flask │
│ │ │ ScoutSuite │ │ Script │ │ Chart.js │
└─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘
│ │ │ │
▼ ▼ ▼ ▼
Creates Connects to Reads raw JSON Reads unified
insecure AWS/Azure, normalizes to JSON, renders
test resources runs 500+ checks common format charts & tables
| Step | Script/Tool | Input | Output |
|---|---|---|---|
| Deploy | terraform apply |
Terraform files | Cloud resources |
| Scan | run_multi_account_scan.sh |
AWS credentials | output/*.json |
| Aggregate | aggregate_findings.py |
Raw JSON files | scan-results/aggregated/*.json |
| Visualize | dashboard/app.py |
Aggregated JSON | Web UI on port 51000 |
Why this separation?
- Scans are expensive (API calls, 10-30 min) — run them once
- Aggregation is cheap (local files, seconds) — re-run anytime
- You can update dashboard logic without re-scanning
- AWS: S3 buckets with encryption, versioning, and access policy issues
- Azure: Storage accounts, NSGs, and Key Vaults with security misconfigurations
- Prowler (AWS): 500+ security checks, CIS Benchmark compliance
- ScoutSuite (Azure): Comprehensive Azure security assessment
- Unified JSON/CSV output format
- Normalized severity levels (Critical, High, Medium, Low)
- Compliance framework mapping (CIS 2.0, CIS 1.4, CIS 1.5)
- Real-time visualization on port 51000
- Summary cards with severity breakdown
- Doughnut chart for severity distribution
- Bar chart for cloud provider comparison
- Searchable and filterable findings table
- Detailed findings view with remediation guidance
- Multiple remediation options per finding (CLI, Terraform, Console)
- Copy-to-clipboard for quick command execution
- Links to official documentation
- Company-policy friendly (choose your own approach)
┌─────────────────────────────────────────────────────────────────────────────┐
│ MULTI-CLOUD ENVIRONMENTS │
│ │
│ ┌─────────────────────────────┐ ┌─────────────────────────────┐ │
│ │ AWS Account │ │ Azure Subscription │ │
│ │ ┌───────────────────────┐ │ │ ┌───────────────────────┐ │ │
│ │ │ • insecure_bucket │ │ │ │ • insecure_storage │ │ │
│ │ │ • public_read_bucket │ │ │ │ • no_recovery_storage │ │ │
│ │ │ • website_bucket │ │ │ │ • insecure_nsg │ │ │
│ │ │ • cross_account_bucket│ │ │ │ • insecure_keyvault │ │ │
│ │ └───────────────────────┘ │ │ └───────────────────────┘ │ │
│ └──────────────┬──────────────┘ └──────────────┬──────────────┘ │
└──────────────────┼──────────────────────────────────┼───────────────────────┘
│ │
▼ ▼
┌─────────────────────────────────────────────────────────────────────────────┐
│ SECURITY SCANNING LAYER │
│ │
│ ┌─────────────────────────────┐ ┌─────────────────────────────┐ │
│ │ Prowler │ │ ScoutSuite │ │
│ │ • 500+ AWS checks │ │ • Multi-cloud support │ │
│ │ • CIS Benchmark │ │ • Azure comprehensive │ │
│ │ • JSON output │ │ • HTML + JS output │ │
│ └──────────────┬──────────────┘ └──────────────┬──────────────┘ │
└──────────────────┼──────────────────────────────────┼───────────────────────┘
│ │
└─────────────────┬─────────────────┘
▼
┌─────────────────────────────────────────────────────────────────────────────┐
│ AGGREGATION LAYER (Python) │
│ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ aggregate_findings.py │ │
│ │ • Parse Prowler JSON + ScoutSuite JS │ │
│ │ • Normalize to unified schema │ │
│ │ • Calculate severity statistics │ │
│ │ • Export to JSON/CSV │ │
│ └─────────────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────┬───────────────────────────────────────┘
│
┌──────────────────┴──────────────────┐
▼ ▼
┌─────────────────────────────────────────────────────────────────────────────┐
│ VISUALIZATION & GUIDANCE (Flask) │
│ │
│ • Summary dashboard with severity charts │
│ • Searchable & filterable findings table │
│ • Detailed findings view with risk explanation │
│ • Remediation options: AWS CLI, Terraform, Console steps │
│ • Copy-to-clipboard for quick command execution │
│ • Links to official documentation │
└─────────────────────────────────────────────────────────────────────────────┘
| Layer | Technology | Purpose |
|---|---|---|
| Cloud Platforms | AWS, Azure | Target environments for security testing |
| Infrastructure as Code | Terraform | Deploy misconfigured test resources |
| AWS Scanner | Prowler 3.x | AWS security assessment (500+ checks) |
| Azure Scanner | ScoutSuite | Azure security assessment |
| Backend | Python 3.9+ | Aggregation, normalization, data processing |
| Web Framework | Flask | Dashboard server |
| Frontend | Bootstrap 5, Chart.js | UI components and visualizations |
| Data Format | JSON, CSV | Normalized findings storage |
- AWS Account with IAM permissions for S3 and security audits
- Azure Account with subscription and service principal (optional)
| Tool | Version | Installation |
|---|---|---|
| Python | >= 3.9 | python.org |
| Terraform | >= 1.0.0 | terraform.io |
| AWS CLI | >= 2.0 | AWS CLI Install |
| Azure CLI | >= 2.0 | Azure CLI Install (optional) |
git clone https://github.com/noble-antwi/cloud-security-posture-dashboard.git
cd cloud-security-posture-dashboard# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate # Linux/Mac
# .\venv\Scripts\activate # Windows
# Install dependencies
pip install prowler pandas flask scoutsuiteAWS:
aws configure
# Enter: Access Key ID, Secret Access Key, RegionAzure (optional):
az login
# Set environment variables for Terraform:
export ARM_CLIENT_ID="your-client-id"
export ARM_CLIENT_SECRET="your-client-secret"
export ARM_SUBSCRIPTION_ID="your-subscription-id"
export ARM_TENANT_ID="your-tenant-id"AWS:
cd terraform/aws
terraform init && terraform applyAzure:
cd terraform/azure
terraform init && terraform applyAWS (Prowler):
prowler aws # Full scan
prowler aws --service s3 # S3 only (faster)Azure (ScoutSuite):
scout azure --clipython scripts/scanning/aggregate_findings.pypython dashboard/app.pyOpen http://localhost:51000 in your browser.
The dashboard supports scanning and aggregating findings from multiple AWS accounts. There are three approaches you can use:
Best for: Teams managing a few accounts manually with separate credentials.
Setup:
# Configure profiles in ~/.aws/credentials
[production]
aws_access_key_id = AKIA...
aws_secret_access_key = ...
[staging]
aws_access_key_id = AKIA...
aws_secret_access_key = ...Scan:
./scripts/scanning/run_multi_account_scan.sh --profiles "production,staging"Best for: Organizations using a central security account that assumes roles into target accounts.
Setup:
- Create an IAM role (e.g.,
SecurityAuditRole) in each target account - Attach the
SecurityAuditAWS managed policy - Configure trust policy to allow your security account to assume the role
Scan:
./scripts/scanning/run_multi_account_scan.sh \
--accounts "111111111111,222222222222,333333333333" \
--role-arn "arn:aws:iam::ACCOUNT_ID:role/SecurityAuditRole"Best for: Large organizations with AWS Organizations set up.
Scan:
./scripts/scanning/run_multi_account_scan.sh --org \
--role-arn "arn:aws:iam::ACCOUNT_ID:role/SecurityAuditRole"# 1. Run scans across accounts
./scripts/scanning/run_multi_account_scan.sh --profiles "prod,dev"
# 2. Aggregate findings (auto-detects account subdirectories)
python scripts/scanning/aggregate_findings.py
# 3. Launch dashboard (includes Account filter)
python dashboard/app.pyThe dashboard will show an Account filter dropdown to view findings by account.
| Approach | Best For | Pros | Cons |
|---|---|---|---|
| AWS Profiles | Small teams (2-5 accounts) | Simple setup, no IAM changes | Credentials in multiple places |
| Assume Role | Enterprises | Centralized, auditable | Requires IAM setup |
| Organizations | Large orgs | Auto-discovers accounts | Requires Org access |
cloud-security-posture-dashboard/
├── docs/
│ └── USAGE.md # Detailed usage documentation
├── terraform/
│ ├── aws/
│ │ └── main.tf # AWS misconfigured resources
│ └── azure/
│ └── main.tf # Azure misconfigured resources
├── scripts/
│ └── scanning/
│ ├── aggregate_findings.py # Multi-tool findings aggregator
│ └── run_multi_account_scan.sh # Multi-account scanning script
├── remediation/ # (Reserved for future use)
├── dashboard/
│ ├── app.py # Flask application
│ ├── static/
│ │ └── style.css # Custom styles
│ └── templates/
│ ├── base.html # Base template
│ ├── index.html # Main dashboard
│ └── findings.html # Detailed findings
├── output/ # Prowler scan results
├── scoutsuite-report/ # ScoutSuite scan results
├── scan-results/
│ └── aggregated/ # Normalized findings (JSON/CSV)
└── README.md
| Feature | Description |
|---|---|
| Checks | 500+ security controls |
| Compliance | CIS, NIST, PCI-DSS, HIPAA, GDPR |
| Output | JSON, CSV, HTML |
| Speed | ~10-30 minutes full scan |
| Feature | Description |
|---|---|
| Services | 12+ Azure services |
| Checks | Storage, Network, IAM, Key Vault |
| Output | HTML report + JavaScript data |
| Speed | ~1-5 minutes |
Instead of automated fixes, the dashboard provides multiple remediation options for each finding, allowing your security team to choose the approach that fits your company's policies.
| Scenario | One-Size-Fits-All | Your Company's Policy |
|---|---|---|
| S3 Encryption | AES-256 (default) | KMS with customer-managed keys |
| Public Access | Block everything | Allow specific IPs for partners |
| Versioning | Enable only | Enable + lifecycle policy |
Each finding in the dashboard shows:
| Format | Description |
|---|---|
| AWS CLI | Ready-to-run commands with copy button |
| Terraform | Infrastructure as Code snippets |
| Console Steps | Step-by-step portal instructions |
| Documentation | Links to official AWS/Azure docs |
- Open the dashboard:
python dashboard/app.py - Navigate to All Findings
- Expand a finding to see remediation options
- Choose the approach that fits your policy
- Copy the command or follow the steps
- Total Findings: Aggregate count across all clouds
- Severity Cards: Critical (red), High (orange), Medium (yellow)
- Charts: Doughnut for severity, Bar for cloud providers
- Sortable columns
- Severity badges
- Resource identification
- Provider tags
- Expandable accordion for each finding
- Issue description and risk explanation
- Tabbed remediation options (CLI, Terraform, Console)
- Copy-to-clipboard for commands
- Documentation links
- Compliance framework references
Important: Always destroy test resources to avoid charges and security risks.
# AWS
cd terraform/aws && terraform destroy
# Azure
cd terraform/azure && terraform destroy- AWS test infrastructure with Terraform
- Azure test infrastructure with Terraform
- Prowler integration for AWS scanning
- ScoutSuite integration for Azure scanning
- Multi-tool findings aggregator
- Flask dashboard with Chart.js
- Search and filter functionality
- Remediation guidance with multiple options
- CIS compliance mapping
- Multi-account AWS support
- CI/CD pipeline with GitHub Actions
- Historical trend analysis
- Alerting and notifications
- Docker containerization
- GCP support
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License. See LICENSE for details.
Warning: This project deploys intentionally insecure cloud resources for educational and testing purposes only.
- Only deploy in test/sandbox accounts
- Never use in production environments
- Always destroy resources after testing
- You are responsible for any charges incurred
| Document | Description |
|---|---|
| README.md | Project overview and quick start |
| docs/USAGE.md | Detailed usage guide with examples |
As the project evolves, documentation is updated to reflect new features and changes.
- Prowler - AWS Security Tool
- ScoutSuite - Multi-Cloud Security Auditing
- Terraform - Infrastructure as Code
- Flask - Python Web Framework
- Chart.js - JavaScript Charting
- Bootstrap - CSS Framework
- CIS Benchmarks - Security Best Practices
Built for learning cloud security through hands-on practice