Identity & Access Management
- Secure AWS account (AWS organization, MFA).
- Rely on centralized identity provider (SSO).
- Use multiple AWS accounts ot separate workloads and workloads stages such as production and non-production (SCP, Guardrails, Control Tower).
- Store and use secret securely (STS, Secrets Manager).
Detection
- Enable foundation security services (AWS CloudTrail, Amazon GuardDuty, and AWS Security Hub).
- Configure service and application level logging (VPC flow, S3 access log, ELB access log).
- Configure monitoring and alerts, and investigate events (AWS Config).
Infrastructure Protection
- Patch operationg system, applications and code (SSM Patch Manager).
- Implement distributed denial-of-service (DDoS) protection for your internet facing resources (Cloudfront, WAF, AWS Shield).
- Control access using VPC Security Groups and subnet layers (AWS Firewall Manager).
Data Protection
- Protect data at rest (KMS, Enable EBS and S3 default encryption).
- Encrypt data in transit (ACM).
- Use mechanisms to keep people away from data (SSM Document, Run Command).
Incident Response
- Ensure you have an incident reponse (IR) plan.
- Make sure that someone is notified to take action on critial findings (Integrate GuardDuty findings with ticketing system).
- Practice responding to events (Game day).
Reference:
https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Checklist.pdf
https://aws.amazon.com/security/security-bulletins/?card-body.sort-by=item.additionalFields.bulletinDateSort&card-body.sort-order=desc
Jackie Chen's IT Workshop 