云安全配置指南：AWS、Azure、GCP安全最佳实践与合规性实现

cloud-security-configuration by aj-geddes/useful-ai-prompts

154 周安装量

161 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill cloud-security-configuration

云服务开发运维安全

🇨🇳中文介绍

云安全配置

概述

云安全需要涵盖身份管理、加密、网络控制、合规性和威胁检测的综合策略。通过实施多层保护和持续监控来实现纵深防御。

使用场景

保护云中的敏感数据
遵守法规（GDPR、HIPAA、PCI-DSS）
实施零信任安全
保护多云环境
威胁检测与响应
身份和访问管理
网络隔离与分段
加密与密钥管理

快速开始

最小工作示例：

# Enable GuardDuty (threat detection)
aws guardduty create-detector \
  --enable \
  --finding-publishing-frequency FIFTEEN_MINUTES

# Enable CloudTrail (audit logging)
aws cloudtrail create-trail \
  --name organization-trail \
  --s3-bucket-name audit-bucket \
  --is-multi-region-trail

# Enable S3 bucket encryption by default
aws s3api put-bucket-encryption \
  --bucket my-bucket \
  --server-side-encryption-configuration '{
    "Rules": [{
      "ApplyServerSideEncryptionByDefault": {
        "SSEAlgorithm": "aws:kms",
        "KMSMasterKeyID": "arn:aws:kms:region:account:key/key-id"
      },
      "BucketKeyEnabled": true
    }]
  }'

# Enable VPC Flow Logs
// ... (see reference guides for full implementation)

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

指南	内容
AWS Security Configuration	AWS 安全配置
Terraform Security Configuration	Terraform 安全配置
Azure Security Configuration	Azure 安全配置
GCP Security Configuration	GCP 安全配置

🇺🇸English

Cloud Security Configuration

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Cloud security requires comprehensive strategies spanning identity management, encryption, network controls, compliance, and threat detection. Implement defense-in-depth with multiple layers of protection and continuous monitoring.

When to Use

Protecting sensitive data in cloud
Compliance with regulations (GDPR, HIPAA, PCI-DSS)
Implementing zero-trust security
Securing multi-cloud environments
Threat detection and response
Identity and access management
Network isolation and segmentation
Encryption and key management

Quick Start

Minimal working example:

# Enable GuardDuty (threat detection)
aws guardduty create-detector \
  --enable \
  --finding-publishing-frequency FIFTEEN_MINUTES

# Enable CloudTrail (audit logging)
aws cloudtrail create-trail \
  --name organization-trail \
  --s3-bucket-name audit-bucket \
  --is-multi-region-trail

# Enable S3 bucket encryption by default
aws s3api put-bucket-encryption \
  --bucket my-bucket \
  --server-side-encryption-configuration '{
    "Rules": [{
      "ApplyServerSideEncryptionByDefault": {
        "SSEAlgorithm": "aws:kms",
        "KMSMasterKeyID": "arn:aws:kms:region:account:key/key-id"
      },
      "BucketKeyEnabled": true
    }]
  }'

# Enable VPC Flow Logs
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
AWS Security Configuration	AWS Security Configuration
Terraform Security Configuration	Terraform Security Configuration
Azure Security Configuration	Azure Security Configuration
GCP Security Configuration	GCP Security Configuration

Best Practices

✅ DO

Implement least privilege access
Enable MFA everywhere
Use service accounts for applications
Encrypt data at rest and in transit
Enable comprehensive logging
Implement network segmentation
Use secrets management
Enable threat detection
Regular security assessments
Keep systems patched

❌ DON'T

Use root/default credentials
Store secrets in code
Over-permissive security groups
Disable encryption
Ignore logs and monitoring
Share credentials
Skip compliance requirements
Trust unverified data sources

Weekly Installs

115

Repository

aj-geddes/usefu…-prompts

GitHub Stars

126

First Seen

Jan 21, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode97

gemini-cli94

codex93

claude-code92

cursor86

github-copilot76

云安全配置指南：AWS、Azure、GCP安全最佳实践与合规性实现

🇨🇳中文介绍

云安全配置

目录

概述

使用场景

快速开始

相关 Skills

参考指南

最佳实践

✅ 推荐做法

❌ 避免做法