AWS Security Checklist


Identity & Access Management

  • Secure AWS account (AWS organization, MFA).
  • Rely on centralized identity provider (SSO).
  • Use multiple AWS accounts ot separate workloads and workloads stages such as production and non-production (SCP, Guardrails, Control Tower).
  • Store and use secret securely (STS, Secrets Manager).

Detection

  • Enable foundation security services (AWS CloudTrail, Amazon GuardDuty, and AWS Security Hub).
  • Configure service and application level logging (VPC flow, S3 access log, ELB access log).
  • Configure monitoring and alerts, and investigate events (AWS Config).

Infrastructure Protection

  • Patch operationg system, applications and code (SSM Patch Manager).
  • Implement distributed denial-of-service (DDoS) protection for your internet facing resources (Cloudfront, WAF, AWS Shield).
  • Control access using VPC Security Groups and subnet layers (AWS Firewall Manager).

Data Protection

  • Protect data at rest (KMS, Enable EBS and S3 default encryption).
  • Encrypt data in transit (ACM).
  • Use mechanisms to keep people away from data (SSM Document, Run Command).

Incident Response

  • Ensure you have an incident reponse (IR) plan.
  • Make sure that someone is notified to take action on critial findings (Integrate GuardDuty findings with ticketing system).
  • Practice responding to events (Game day).

Reference:
https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Checklist.pdf
https://aws.amazon.com/security/security-bulletins/?card-body.sort-by=item.additionalFields.bulletinDateSort&card-body.sort-order=desc

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s