AWS Security Audit
Also read – Google Cloud Security Audit
Amazon Web Services is leading the public cloud space with an ever increasing list of service offerings. AWS EC2, S3 and RDS are known leaders – but with AWS Workspaces, Lambda, Kinesis, EKS and ElasticSearch – are also staking their claim within a crowded cloud computing space. As you leverage some of these PaaS services, as well as the traditional compute (IaaS) services, there are several items that need to be part of your AWS security audit checklist. For example:
AWS Risk Factor – Exposed Root Accounts and Not Rotating IAM Access Keys
- Administrators often forget to disable root API access.
- IAM access keys are often not rotated (Access Keys provide API based access to all AWS resources, include account logins)
Solution
- Never share root access credentials across users and applications.
- Root accounts absolutely must be protected by multi-factor authentication and used as sparingly as possible.
- Rotate or change your access keys at least once every 90 days
- One of the best ways to protect your account is to not have an access key for your AWS account root user.
- Use Temporary Security Credentials (IAM Roles) Instead of Long-Term Access Keys
AWS Risk Factor – Outbound traffic is unrestricted
- 85% of resources associated with security groups don’t restrict outbound traffic at all (RedLock survey).
Solution
- Limit the IP ranges that you assign to each security group in such a way that everything networks properly
AWS Risk Factor – Unpatched Hosts
Problem
- Organizations need oversight into user activities which can reveal account compromises, insider threats, and other risks.
- Traditional network vulnerability scanners are most effective for on-premises networks, but miss an awful lot of crucial vulnerabilities when they’re used to test cloud networks.
Solution
- AWS CloudTrail is a web service that provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
- Enabling CloudTrail simplifies security analysis, resource change tracking, and troubleshooting.
Summary – AWS Security Audit and Checklist
This is a partial list of the 60 plus checks that Anuj Varma and team perform as part of their AWS Security Audit.
Is your AWS Deployment Secure? Start the conversation sooner rather than later. Security cannot be an afterthought (™)
Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Strategy? Set up a time with Anuj Varma.
Leave a Reply