Amazon Web Services (AWS) has already gained acclaim as one of the top IaaS providers among those currently available on the market. One of its redeeming features is the availability of multiple tools under four main domains – application services, computing and networking, deployment and management, and database. However, using these AWS products automatically makes you responsible for the consistent security auditing and maintenance of configuration of your server virtual machine, including the services provided as well as the functioning of your own app.
So, when AWS is responsible for the security of the data stored on the cloud platform, its functioning and accessibility, it also insists on a ‘shared responsibility model’ for maximum data security with you, the user, being equally accountable for the data stored on the platform. Most companies using the platform allot a specific task team for the regular maintenance of their AWS cloud infrastructure security.
The Audit process
Professionals recommend that audits of your AWS cloud platform should be conducted every half-year as a monitoring check to ensure everything is functioning smoothly, after any major changes within the company’s server with extra attention on access management details, and definitely after security threats are discovered. You can utilize many tools for auditing the security of AWS products, whether they are developed by Amazon themselves or custom-made by independent designers. To make the entire process easier, Amazon provides AWS Security Audit Guidelines in the form of a checklist for a basic examination. You can book you AWS Security audit here: https://www.getastra.com/blog/security-audit/aws-security-audit/
These are some of the services you must test frequently:
Elastic Compute Cloud (EC2)
This service by AWS is used for provisioning and management services offered by virtual machines. It allows one to access the computing services offered and tested by Amazon, facilitating faster scaling and configuration procedures of virtual machines. One recommendation that must be followed is evaluating if all powered instances are required for the procedure, and remember to stop any instances initiated for testing and/or development purposes.
Remember – No security groups (default, unused or otherwise) should be in use during the procedure. Any ports/port ranges opened should have descriptions and only specific ports should be open to everyone. If any IPs are whitelisted, there should be a description and everyone should be aware of it.
Identity and Access Management (IAM)
IAM(Identity and Access Management) allows the governing of users, user groups, and providing permissions for accessing AWS resources. The service provides a ‘credentials report’ feature for listing all users with the current status of their login information such as passwords, access keys, and any MFA (multi-factor authentication) devices.
Remember – The root account shouldn’t function for daily tasks during the process, multi-factor authentication should be enabled and no active keys should be present. Every user able to access the AWS console should undergo multi-factor authentication and enhanced password policies while service users occupied with tasks such as continuous deployment and integration should only be given programmatic access. There should only be one active access key and this should be changed every 180 days or less.
Virtual Private Cloud (VPC)
This part of the AWS infrastructure is more isolated as it is used to deploy AWS resources, further assisting in changing IP address lines, subnets, route tables, and network gateways for each portion of the network. You can use this software for separating different environments, for e.g., the production environment from the staging and testing environments.
Remember – During the security audit, all network access control lists (ACLs) must be configured according to your preferred type of framework and if any unused ACLs, they must be removed. When using any subnets, flow logs should be enabled.
One of the more important services offered by AWS, CloudTrail helps in managing all AWS accounts along with their operational, risk, and compliance audits. Under the AWS system, it logs, saves, and monitors all ongoing activity such as actions performed on SDKs, on the AWS Management Console, and other command-line tools. If you want to study any event within the cloud infrastructure, this is your go-to service as it simplifies the entire security analysis process, tracking changes in resources, and troubleshooting suspicious material.
Remember – CloudTrail service should be opened and configured correctly without choosing the default option. The option for ‘Global Services logging’ should be enabled. ‘Write’ access regarding S3 logs should only be given to the CloudTrail service.
Simple Notification Service (SNS)
This is your solution if you wish to send a large number of messages to multiple subscriber endpoints through emails, SMSs, and push notifications. It works great if, for example, you have a travel service-based app with an AWS backend that needs to notify their customer regarding new deals and promotional offers.
Remember – During the SNS security audit, you should filter out permissions for ‘Add’, ‘DeleteTopic’, ‘Publish’, ‘Receive’, ‘Remove’, ‘SetTopicAttributes’, and ‘Subscribe’ to selected parties only. Grant programmatic access to a separate IAM user only applicable for the SNS service.
There are multiple other services offered by Amazon AWS for security auditing processes, but the above-mentioned are the most common methods used. The variety of such services underlines the importance of the security auditing process on a regular basis.