aws infosec implementation : best practices checklist · pdf file aws infosec implementation :...

Click here to load reader

Post on 23-Jul-2020




0 download

Embed Size (px)


  • to take away the hassle of vendor assessments from their clients. It is tailored to meet specific needs and quickly identify, track, and measure all integral vendors to ensure the services they provide to your organization are secure.

    ComplyScore manages third party assessment

    This checklist helps you in assessing the best practices implemented by the vendor and evaluate their internal AWS implementations.

    Security of Root Account Disable Root API access

    Delete root Access key (access key ID and secret access key) if one is created

    Do not use root access to manage the AWS environment

    Setup an alert when root access is used

    Setup MFA for root account

    Access Management Rotate access keys once every 90 days

    Enable MFA for all accounts that have console access or have access to system administration functions

    Assign unique IAM user names for each user

    Attach IAM policies only to groups or roles

    Assign permissions to IAM Users strictly using groups

    Run applications EC2 Instances using Roles | 609-256-4579 |

    AWS InfoSec Implementation : Best Practices Checklist

  • Network No security groups should allow ingress from to port 22

    No security groups should allow ingress from to port 3389

    Use security group to control inbound & outbound traffic

    Monitoring, Encryption & Other controls Monitor Activity in Your AWS Account

    Enable logging for all resources

    Integrate CloudTrail with CloudWatch Logs

    Enable AWS Config in all regions

    Encrypt CloudTrail logs at rest using KMS CMKs

    Rotate customer created CMKs

    Enable S3 Bucket access logging

    Enable VPC Flow Logging

    Deny public-access to S3 buckets [Many breaches were reported in this category]

    Enable Server-side encryption (SSE) to encrypt sensitive data

    Encrypt Inbound and outbound S3 traffic

    Conduct a risk assessment of AWS environment

    Maintain a structured asset library for AWS using AWS Config.[We regularly find that vendors do not have formal asset library for AWS]

    Maintain a Cross reference between policies and user counts. This will highlight areas where a sensitive policy has been overused | 609-256-4579 |

    AWS InfoSec Implementation : Best Practices Checklist

  • AWS offers multiple tools to manage security. An assessment of which tools are used gives a good indication of the vendors security posture.

    Enabling alarms on sensitive events are critical to securing the environment. Alarms should be enabled for following eventsAlarms :

    Unauthorized API calls

    Management Console sign-in without MFA

    Usage of 'root' account

    IAM policy changes

    Configuration changes

    Disabling or scheduled deletion of customer created keys

    Storage policy changes

    Configuration changes

    Security group changes

    Changes to Network Access Control Lists

    Changes to network gateways

    Route table changes | 609-256-4579 |

    AWS Config AWS Trusted Advisor

    Cloud Trail CloudWatch

    VPC Flow logs Amazon Inspector GuardDuty

    Resource Configuration User Activities Network Traffic Host Vulnerabilities/Activities

    AWS InfoSec Implementation : Best Practices Checklist

View more