Security Monkey
Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. It can also watch and monitor your GitHub organizations, teams, and repositories.
It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when.
It can be extended with custom account types, custom watchers, custom auditors, and custom alerters. It works on CPython 2.7. It is known to work on Ubuntu Linux and OS X.

Security Monkey Instance Diagram

The components that make up Security Monkey are as follows (not AWS specific):

Access Diagram

It can accesses accounts to scan via credentials it is provided (“Role Assumption” where available).