---
name: pentest-cloud-infrastructure
description: Cloud security posture management and container security assessment for AWS, Azure, GCP, and Kubernetes.
---

# Pentest Cloud Infrastructure

## Purpose
Assess the security configuration of cloud environments and containerized infrastructure to detect misconfigurations, excessive permissions, and vulnerabilities.

## Core Workflow
1. **Cloud Config Audit**: Assess cloud provider configuration (AWS/Azure/GCP) using `prowler` and `scoutsuite`.
2. **IaC Scanning**: Analyze Infrastructure-as-Code (Terraform, CloudFormation) for security flaws using `checkov` and `terrascan`.
3. **Container Security**: Scan container images and runtime environments using `trivy`, `clair`, and `dockle`.
4. **Kubernetes Assessment**: Audit K8s clusters for CIS compliance and vulnerabilities using `kube-bench` and `kube-hunter`.
5. **Runtime Monitoring**: Analyze runtime behavior and rule violations using `falco`.

## References
- `references/tools.md`
- `references/workflows.md`