Paris-based AWS consulting firm — cloud security, architecture, and DevOps.
We build free, open-source tools that help teams secure and optimize their AWS environments.
tocconsulting.fr | AWS Security Cards | LocalEmu Emulator | LinkedIn
8 security scanners · 300+ checks · 10+ compliance frameworks · 100% open source. We scan what we secure for clients every day — EC2, S3, IAM, Lambda, RDS, ECS/EKS — and map every finding to the frameworks auditors actually ask about.
We maintain LocalEmu, a free, open-source AWS cloud emulator. It is a community fork of the LocalStack community edition (archived in March 2026), continued under Apache 2.0 with no account and no auth token required. Run 132 AWS services locally and point your existing AWS CLI, boto3, Terraform, or CDK at localhost:4566.
| Project | Description |
|---|---|
| aws-security-cards | AWS service security reference cards: attack vectors, misconfigurations, enumeration commands, privilege escalation, persistence techniques, and defense recommendations (MD/HTML/PDF) |
| s3-security-scanner | AWS S3 security scanner with CIS, PCI-DSS, HIPAA, SOC 2, ISO & GDPR compliance mapping |
| ec2-security-scanner | AWS EC2 security scanner with 46 checks across 8 categories and FSBP, CIS, PCI-DSS, HIPAA, SOC 2, ISO & GDPR compliance mapping |
| iam-security-scanner | AWS IAM security scanner: privilege escalation, confused-deputy trust, MFA, key rotation and least-privilege checks with compliance mapping for 10 frameworks |
| rds-security-scanner | AWS RDS / Aurora security scanner: encryption, TLS enforcement, public access, IAM auth, backups and Multi-AZ checks with compliance mapping for 10 frameworks |
| ecs-eks-security-scanner | AWS ECS / EKS container security scanner: privileged containers, secrets in task definitions, public endpoints, control-plane logging and IAM checks with compliance mapping for 11 frameworks |
| lambda-security-scanner | AWS Lambda security scanner with 19 checks across 5 categories, secret detection in env vars, and compliance mapping for 10 frameworks (CIS, PCI-DSS, HIPAA, SOC 2, ISO, NIST, GDPR) |
| iam-activity-tracker | Serverless AWS IAM activity monitoring and auditing across all regions with real-time alerts |
| litellm-supply-chain-attack-analysis | Full analysis of the March 2026 LiteLLM supply chain attack: compromised packages, decoded 3-stage malware, an EC2 detonation lab with mitmproxy captures, and complete IOCs |
| Project | Description |
|---|---|
| localemu | Free, open-source AWS cloud emulator. Run 132 AWS services locally, drop-in for the AWS CLI / boto3 / Terraform / CDK. Apache 2.0, no account, no token |
| awsmap | Fast, comprehensive tool for mapping and inventorying AWS resources across all services and regions |
| aws-helper-scripts | AWS Security & Cost Optimization Toolkit |
| cryptex | Enterprise CLI password generator with AWS Secrets Manager, HashiCorp Vault & OS Keychain integrations |
| chaos-on-aws | Hands-on chaos engineering on AWS: 10 deployable Terraform labs using AWS FIS (EC2, Aurora, ECS/Fargate, Lambda, multi-Region DR) |
| Project | Description |
|---|---|
| cognito-api | Secure user authentication API using AWS Cognito + Terraform |
| enclave | Serverless secure file sharing on AWS: direct-to-S3 uploads, expiring presigned share links, optional per-user KMS encryption. One-command Terraform, Python + React |
- Security audits — comprehensive AWS security assessments, IAM audits, and compliance mapping (CIS, PCI-DSS, HIPAA, SOC 2, ISO, GDPR)
- Cloud architecture — secure-by-design, scalable AWS infrastructures and multi-account strategies
- Infrastructure as Code — Terraform and CloudFormation automation
- DevOps & CI/CD — pipeline design, containerization, and deployment automation
Paris, France · tocconsulting.fr

