cloud-security

# Cloud Security Cloud security posture assessment skill for detecting IAM privilege escalation, public storage exposure, network configuration risks, and infrastructure-as-code misconfigurations. This is NOT incident response for active cloud compromise (see incident-response) or application vulnerability scanning (see security-pen-testing) — this is about systematic cloud configuration analysis to prevent exploitation. --- ## Table of Contents - [Overview](#overview) - [Cloud Posture Check Tool](#cloud-posture-check-tool) - [IAM Policy Analysis](#iam-policy-analysis) - [S3 Exposure Assessment](#s3-exposure-assessment) - [Security Group Analysis](#security-group-analysis) - [IaC Security Review](#iac-security-review) - [Cloud Provider Coverage Matrix](#cloud-provider-coverage-matrix) - [Workflows](#workflows) - [Anti-Patterns](#anti-patterns) - [Cross-References](#cross-references) --- ## Overview ### What This Skill Does This skill provides the methodology and tooling for **cloud security posture management (CSPM)** — systematically checking cloud configurations for misconfigurations that create exploitable attack surface. It covers IAM privilege escalation paths, storage public exposure, network over-permissioning, and infrastructure code security. ### Distinction from Other Security Skills | Skill | Focus | Approach | |-------|-------|----------| | **cloud-security** (this) | Cloud configuration risk | Preventive — assess before exploitation | | incident-respons...