workstreet-compliance/cloud-collector
Overview
This skill automates collection of compliance evidence across AWS, GCP, and Azure and maps findings to SOC 2, ISO 27001, NIST 800-53, and CIS benchmarks. It produces structured JSON and human-readable Markdown evidence packages suitable for audits and GRC integrations. Use it to gather IAM, logging, encryption, storage, security, and network artifacts with minimal setup.
How this skill works
The collectors use provider SDKs to enumerate resources, retrieve configurations, and capture artifacts such as IAM policies, CloudTrail/Stackdriver logs, storage ACLs, security findings, KMS keys, and network rules. Each evidence item is timestamped, annotated with control mappings, and formatted into a JSON schema or a Markdown report. The tooling implements exponential backoff, permission-aware behavior, and clear error notes for missing regions or denied APIs.
When to use it
- Preparing audit packages for SOC 2, ISO 27001, NIST 800-53, or CIS assessments
- Collecting cross-cloud evidence for an external auditor or security review
- Verifying IAM, logging, encryption, storage, or network configurations
- Automating recurring evidence collection for continuous compliance
- Troubleshooting gaps reported by GRC or security scanning tools
Best practices
- Use read-only, least-privilege credentials scoped to required resources
- Limit collection scope to relevant accounts, projects, or subscriptions
- Ensure provider SDK credentials and roles are configured before running
- Review collected evidence and redact sensitive items before sharing
- Store versioned evidence packages and retain timestamps for audit trails
Example use cases
- Run a full AWS evidence collection and export JSON to a GRC system
- Pull only IAM artifacts to validate access controls before an audit
- Generate Markdown reports for auditors showing control mappings and status
- Collect evidence across AWS, GCP, and Azure for a multi-cloud compliance review
- Automate weekly evidence snapshots to detect configuration drift
FAQ
Provide standard provider auth: AWS via env or role, GCP via ADC or service account key, Azure via az login or service principal. Use read-only permissions described by the collectors.
How are findings mapped to control frameworks?
Evidence items are annotated with preconfigured mappings to SOC 2 (CC), ISO 27001 Annex A, NIST 800-53, and CIS benchmarks so auditors can see control coverage and gaps.