Skip to content

TOC Consulting - Cloud. Secure. Scale.

Paris-based AWS consulting firm specializing in cloud security, architecture, and DevOps.
We build free, open-source tools that help teams secure and optimize their AWS environments.

Website Security scanners LocalEmu

tocconsulting.fr | AWS Security Cards | LocalEmu Emulator | LinkedIn

TocConsulting in action: open-source security scanners audit your AWS environment (EC2, S3, IAM, Lambda, RDS, ECS/EKS and more) with findings mapped to CIS, PCI DSS, HIPAA, SOC 2, ISO and GDPR

Open-source AWS security scanners, built from real client audits. We scan what we secure for clients every day: EC2, S3, IAM, Lambda, RDS, ECS and EKS. Every finding is mapped to the compliance frameworks auditors actually ask about: CIS, PCI DSS, HIPAA, SOC 2, ISO 27001, GDPR and NIST.


Featured: LocalEmu

We maintain LocalEmu, a free, open-source AWS cloud emulator, continued from the archived LocalStack community edition under the Apache 2.0 license. No account, no auth token, no sign-up. Point your existing AWS CLI, boto3, Terraform, or CDK at localhost:4566 and build against AWS APIs from your laptop. Where it counts, the behavior is real, not stubbed: Lambda runs your code in the official AWS runtime images, EC2 instances are real containers on a real VPC, and RDS is a real PostgreSQL or MySQL you can connect to.


AWS Security Scanners

Each scanner is a Python CLI available on PyPI and Docker Hub, with multi-threaded scanning, JSON, CSV and interactive HTML reports, and per-framework compliance mapping (CIS, AWS FSBP, PCI DSS, HIPAA, SOC 2, ISO 27001/27017/27018, GDPR, NIST 800-53).

Project What it scans
s3-security-scanner S3 buckets: public access, weak bucket policies, missing encryption, cross-account replication exfiltration, CORS, and subdomain takeover risks
ec2-security-scanner EC2 and its network: IMDSv2, security groups, EBS encryption, public AMIs and snapshots, patch compliance, and UserData secret detection
iam-security-scanner IAM: privilege escalation paths, confused-deputy trust, MFA enforcement, key rotation, password policy, and least-privilege analysis
rds-security-scanner RDS and Aurora: storage encryption, TLS enforcement, public access, IAM auth, backups, deletion protection, and Multi-AZ posture
ecs-eks-security-scanner ECS and EKS: privileged containers, secrets in task definitions, public endpoints, control-plane logging, IAM role separation, and ECR hygiene
lambda-security-scanner Lambda: deprecated runtimes, secrets in environment variables, public function URLs, permissive execution roles, and code signing

Security Tools & Research

Project Description
iam-activity-tracker Serverless auditing of IAM, STS, and Console sign-in activity across all regions: real-time SNS security alerts, S3 + Athena analytics, and event retention beyond CloudTrail's 90-day window
aws-security-cards Security reference cards for major AWS services: attack vectors, misconfigurations, enumeration commands, privilege escalation, persistence techniques, and defense recommendations, in Markdown, HTML and PDF
litellm-supply-chain-attack-analysis Malware analysis of the March 2026 LiteLLM supply chain attack: the real compromised packages detonated in an isolated EC2 lab, the decoded multi-stage payload, captured C2 traffic, and complete IOCs

Cloud & Developer Tools

Project Description
localemu Free, open-source AWS cloud emulator. Run AWS services locally and point your existing AWS CLI, boto3, Terraform, or CDK at localhost:4566. Apache 2.0, no account, no token
awsmap Fast AWS resource mapping and inventory across all services and regions: SQLite-backed scan history, SQL and natural-language queries, drift detection, waste detection, and tag compliance
cryptex CLI password generator with AWS Secrets Manager, HashiCorp Vault, and OS keychain integrations, compliance templates (NIST, PCI DSS, OWASP), and TOTP support
aws-helper-scripts Collection of standalone AWS security, cost-optimization, and inventory scripts, each with a deployable Lambda version

Labs & Learning

Project Description
chaos-on-aws Companion code for our "Chaos Engineering on AWS" article series on the TOC Consulting blog: deployable Terraform labs using AWS Fault Injection Service, from single-instance failures to full AZ outages and multi-Region DR

Applications

Project Description
cognito-api Authentication and user management API built on AWS Cognito: MFA, passkeys, full user lifecycle, one-command Terraform deployment. Full documentation at cognito-api.com
enclave Serverless secure file sharing on AWS: direct-to-S3 uploads, expiring presigned share links, optional per-user KMS encryption, React front end, one-command Terraform

What we do

  • Security audits: comprehensive AWS security assessments, IAM audits, and compliance mapping (CIS, PCI DSS, HIPAA, SOC 2, ISO 27001, GDPR)
  • Cloud architecture: secure-by-design, scalable AWS infrastructures and multi-account strategies
  • Infrastructure as Code: Terraform and CloudFormation automation
  • DevOps & CI/CD: pipeline design, containerization, and deployment automation

Website Email LinkedIn

Paris, France · tocconsulting.fr

Popular repositories Loading

  1. awsmap awsmap Public

    A fast, comprehensive tool for mapping and inventorying AWS resources across 150+ services and all regions.

    Python 96 14

  2. cognito-api cognito-api Public

    An authentication API based on AWS Cognito

    Python 20 3

  3. iam-activity-tracker iam-activity-tracker Public

    A comprehensive serverless AWS solution for tracking and auditing IAM, STS, and AWS Console signin activities across all regions

    Python 10

  4. aws-security-cards aws-security-cards Public

    Free, comprehensive security reference guides for every major AWS service. Attack vectors, misconfigurations, CLI commands, and detection indicators

    HTML 6

  5. litellm-supply-chain-attack-analysis litellm-supply-chain-attack-analysis Public

    Full analysis of the LiteLLM supply chain attack (March 24, 2026). Real compromised packages, decoded 3 stage malware, hands-on EC2 detonation lab with mitmproxy captures, and complete IOCs.

    Python 6

  6. s3-security-scanner s3-security-scanner Public

    AWS S3 security scanner: detect public access, weak bucket policies, missing encryption and compliance gaps across your buckets. Python CLI with multi-format reports.

    Python 5 1

Repositories

Showing 10 of 16 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…