CloudCustodian runs a series of scripts designed to audit the security of cloud environments. It uses YAML files with policies to define what it looks for and produces reports of likely issues found with permissions and other cloud configurations based on the policy used to run it.

It is an open-source tool that uses YAML policy files for auditing and enforcing cloud configuration policies in multiple cloud environments, including Azure, AWS, and Google Cloud Platform. Good for getting started and for comparison with found configurations.