CloudShot¶

Capture your cloud configuration before you need it.

CloudShot is a lightweight Bash script that takes point-in-time configuration snapshots of AWS, GCP, and Azure using their native CLIs. It collects IAM, storage, and firewall data and saves everything into organized, timestamped directories, ready for auditing, diffing, or incident response.

View on GitHub

Why¶

Knowing what your cloud environment looked like before an incident is often the difference between a fast resolution and a long investigation. CloudShot gives you a repeatable, CLI-native way to capture that baseline: no agents, no SaaS, no credentials leaving your machine.

Read-only by design. CloudShot never modifies resources.

Features¶

Multi-cloud in one script: AWS, GCP, and Azure covered with a single tool
IAM, storage, and firewall: the three configuration surfaces that matter most for security posture
Timestamped output: every run writes to its own snapshots/<timestamp>/ directory, so snapshots never overwrite each other
Optional compression: --zip bundles results into a .tar.gz for easy transfer or archival
Partial success: if a command fails due to missing permissions, the rest of the snapshot still completes
No dependencies beyond the cloud CLIs: nothing to install beyond what you already have

Requirements¶

CLI	Install	Authenticate
AWS CLI (`aws`)	docs.aws.amazon.com/cli	`aws configure`
GCP CLI (`gcloud`)	cloud.google.com/sdk	`gcloud auth login`
Azure CLI (`az`)	learn.microsoft.com/cli/azure	`az login`

Only the CLIs you intend to use need to be installed. Snapshots for unconfigured clouds will simply fail gracefully.

Installation¶

git clone https://github.com/Skellman-io/CloudShot.git
cd CloudShot
chmod +x cloudshot.sh

Usage¶

# Snapshot AWS only
./cloudshot.sh aws

# Snapshot GCP only
./cloudshot.sh gcp

# Snapshot Azure only
./cloudshot.sh azure

# Snapshot all three clouds
./cloudshot.sh all

# Snapshot all clouds and compress results
./cloudshot.sh all --zip

Arguments¶

Argument	Description
`aws`	Collect AWS IAM, S3, and security group config
`gcp`	Collect GCP IAM, storage, and firewall config
`azure`	Collect Azure role assignments, storage, and NSG config
`all`	Run all three cloud snapshots sequentially
`--zip`	Compress the output directory into a `.tar.gz` archive after collection

What it Collects¶

AWS¶

File	What it captures
`iam_users.json`	All IAM users in the account
`iam_groups.json`	All IAM groups
`iam_policies.json`	All locally managed IAM policies
`s3_buckets.json`	All S3 buckets
`security_groups.json`	All EC2 security groups and their rules

GCP¶

File	What it captures
`iam.json`	IAM policy bindings for the active project
`buckets.json`	All Cloud Storage buckets
`firewall.json`	All VPC firewall rules

Azure¶

File	What it captures
`iam.json`	All role assignments across the subscription
`storage.json`	All storage accounts
`nsg.json`	All network security groups

Output¶

Results are written to snapshots/<timestamp>/ in the working directory. Each run gets its own directory; snapshots are never overwritten.

snapshots/2025-08-21_10-15-00/
├── aws/
│   ├── iam_users.json
│   ├── iam_groups.json
│   ├── iam_policies.json
│   ├── s3_buckets.json
│   └── security_groups.json
├── gcp/
│   ├── iam.json
│   ├── buckets.json
│   └── firewall.json
└── azure/
    ├── iam.json
    ├── storage.json
    └── nsg.json

With --zip, the directory is additionally archived as snapshots/<timestamp>.tar.gz.

CI/CD Integration¶

CloudShot works well as a scheduled pipeline job for automated baseline snapshots.

GitHub Actions¶

name: Cloud Config Snapshot
on:
  schedule:
    - cron: '0 6 * * *'   # Daily at 06:00 UTC

jobs:
  snapshot:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
      - name: Run CloudShot
        run: |
          chmod +x cloudshot.sh
          ./cloudshot.sh aws --zip
      - uses: actions/upload-artifact@v4
        with:
          name: cloud-snapshot
          path: snapshots/

GitLab CI¶

cloud-snapshot:
  image: amazon/aws-cli
  script:
    - chmod +x cloudshot.sh
    - ./cloudshot.sh aws --zip
  artifacts:
    paths:
      - snapshots/
  rules:
    - if: '$CI_PIPELINE_SOURCE == "schedule"'

Exit Codes¶

Code	Meaning
`0`	Snapshot completed successfully
Non-zero	Script error — missing CLI binary, filesystem failure, or bad arguments

Individual cloud CLI commands that fail due to missing permissions are silenced with || true and do not cause a non-zero exit; the rest of the snapshot continues. Only unrecoverable errors (missing argument, unwritable output directory) will fail the script.

Notes¶

CloudShot is read-only: it calls only list, describe, and get operations. No resources are created, modified, or deleted.
Scope is limited to the authenticated account, project, or subscription at the time of the run.
If a command fails due to missing permissions, that output file is skipped and the rest of the snapshot continues.
Snapshots reflect a point-in-time view. For change detection, diff consecutive snapshot directories.

Pair with CloudLens¶

CloudShot captures the data. CloudLens makes it useful over time.

Upload CloudShot JSON exports into CloudLens to visualize IAM, storage, and firewall trends across providers, compare snapshots side by side, and track whether your cloud exposure is growing or shrinking. The two tools are designed to be run together: CloudShot on a schedule, CloudLens as the review layer.