Paris-based AWS consulting firm specializing in cloud security, architecture, and DevOps.
We build free, open-source tools that help teams secure and optimize their AWS environments.
tocconsulting.fr | AWS Security Cards | LocalEmu Emulator | LinkedIn
Open-source AWS security scanners, built from real client audits. We scan what we secure for clients every day: EC2, S3, IAM, Lambda, RDS, ECS and EKS. Every finding is mapped to the compliance frameworks auditors actually ask about: CIS, PCI DSS, HIPAA, SOC 2, ISO 27001, GDPR and NIST.
We maintain LocalEmu, a free, open-source AWS cloud emulator, continued from the archived LocalStack community edition under the Apache 2.0 license. No account, no auth token, no sign-up. Point your existing AWS CLI, boto3, Terraform, or CDK at localhost:4566 and build against AWS APIs from your laptop. Where it counts, the behavior is real, not stubbed: Lambda runs your code in the official AWS runtime images, EC2 instances are real containers on a real VPC, and RDS is a real PostgreSQL or MySQL you can connect to.
Each scanner is a Python CLI available on PyPI and Docker Hub, with multi-threaded scanning, JSON, CSV and interactive HTML reports, and per-framework compliance mapping (CIS, AWS FSBP, PCI DSS, HIPAA, SOC 2, ISO 27001/27017/27018, GDPR, NIST 800-53).
| Project | What it scans |
|---|---|
| s3-security-scanner | S3 buckets: public access, weak bucket policies, missing encryption, cross-account replication exfiltration, CORS, and subdomain takeover risks |
| ec2-security-scanner | EC2 and its network: IMDSv2, security groups, EBS encryption, public AMIs and snapshots, patch compliance, and UserData secret detection |
| iam-security-scanner | IAM: privilege escalation paths, confused-deputy trust, MFA enforcement, key rotation, password policy, and least-privilege analysis |
| rds-security-scanner | RDS and Aurora: storage encryption, TLS enforcement, public access, IAM auth, backups, deletion protection, and Multi-AZ posture |
| ecs-eks-security-scanner | ECS and EKS: privileged containers, secrets in task definitions, public endpoints, control-plane logging, IAM role separation, and ECR hygiene |
| lambda-security-scanner | Lambda: deprecated runtimes, secrets in environment variables, public function URLs, permissive execution roles, and code signing |
| Project | Description |
|---|---|
| iam-activity-tracker | Serverless auditing of IAM, STS, and Console sign-in activity across all regions: real-time SNS security alerts, S3 + Athena analytics, and event retention beyond CloudTrail's 90-day window |
| aws-security-cards | Security reference cards for major AWS services: attack vectors, misconfigurations, enumeration commands, privilege escalation, persistence techniques, and defense recommendations, in Markdown, HTML and PDF |
| litellm-supply-chain-attack-analysis | Malware analysis of the March 2026 LiteLLM supply chain attack: the real compromised packages detonated in an isolated EC2 lab, the decoded multi-stage payload, captured C2 traffic, and complete IOCs |
| Project | Description |
|---|---|
| localemu | Free, open-source AWS cloud emulator. Run AWS services locally and point your existing AWS CLI, boto3, Terraform, or CDK at localhost:4566. Apache 2.0, no account, no token |
| awsmap | Fast AWS resource mapping and inventory across all services and regions: SQLite-backed scan history, SQL and natural-language queries, drift detection, waste detection, and tag compliance |
| cryptex | CLI password generator with AWS Secrets Manager, HashiCorp Vault, and OS keychain integrations, compliance templates (NIST, PCI DSS, OWASP), and TOTP support |
| aws-helper-scripts | Collection of standalone AWS security, cost-optimization, and inventory scripts, each with a deployable Lambda version |
| Project | Description |
|---|---|
| chaos-on-aws | Companion code for our "Chaos Engineering on AWS" article series on the TOC Consulting blog: deployable Terraform labs using AWS Fault Injection Service, from single-instance failures to full AZ outages and multi-Region DR |
| Project | Description |
|---|---|
| cognito-api | Authentication and user management API built on AWS Cognito: MFA, passkeys, full user lifecycle, one-command Terraform deployment. Full documentation at cognito-api.com |
| enclave | Serverless secure file sharing on AWS: direct-to-S3 uploads, expiring presigned share links, optional per-user KMS encryption, React front end, one-command Terraform |
- Security audits: comprehensive AWS security assessments, IAM audits, and compliance mapping (CIS, PCI DSS, HIPAA, SOC 2, ISO 27001, GDPR)
- Cloud architecture: secure-by-design, scalable AWS infrastructures and multi-account strategies
- Infrastructure as Code: Terraform and CloudFormation automation
- DevOps & CI/CD: pipeline design, containerization, and deployment automation
Paris, France · tocconsulting.fr

