The idea behind AWS Workload Continuous Assessment:
The detailed and elaborate features of AWS makes it faster, easier and cost-effective for each cloud application. AWS provides a wide range of databases and also helps the user to choose the right tool depending upon the application they use and its structure. It is widely used across the world with the majority of the industries adopting AWS technology.
As the adoption of AWS increasing within an organization, it is becoming a hurricane task to monitor various aspects of infrastructure hosted on AWS from a security perspective. Recent breaches have in fact increased the threats and challenges for security professionals within an organization. Centre for Internet Security(CIS) has come with the best security practices for various cloud platforms including AWS.
CloudCodes now provides continuous security assessment of AWS Workload based on CIS benchmarks. It’s a simple and easy way to monitor various aspects of the AWS workload and getting notified.
CloudCodes monitors the AWS resources such as S3 bucket, Cloud Trail, IAM Policies, IAM users and Configurationwith respect to the CIS benchmarks. CloudCodes helps in real-time evaluation of resources and alerts the users in case of data threats and violations.
Why is there a need for AWS monitoring?
- Data threat & Violations: CloudCodes creates an access key for admins to evaluate all the applications stored in AWS and notifies the customer in case of any data threat or policy violation. It sends out email alerts to the customer as soon as it spots a breach in policy.
- CIS benchmark: CloudCodes assesses the Cloud applications on AWS along with the CIS (Centre for Internet Security) benchmark to help identify data faults and report the users about the same. It also helps in reducing the risk of security issues and compliance postures.
CIS Benchmarks for AWS monitored by CloudCodes
- Avoid the use of the "root" account
- Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- Ensure credentials unused for 90 days or greater are disabled
- Ensure access keys are rotated every 90 days or less
- Ensure IAM password policy requires at least one uppercase letter
- Ensure IAM password policy require at least one lowercase letter
- Ensure IAM password policy require at least one symbol
- Ensure IAM password policy require at least one number
- Ensure IAM password policy requires a minimum length of 14 or greater
- Ensure IAM password policy prevents password reuse
- Ensure IAM password policy expires passwords within 90 days or less
- Ensure no root account access key exists
- Ensure MFA is enabled for the "root" account
- Ensure hardware MFA is enabled for the "root" account
- Ensure security questions are registered in the AWS account
- Ensure IAM policies are attached only to groups or roles
- Ensure a support role has been created to manage incidents with AWS Support
- Do not set up access keys during initial user setup for all IAM users that have a console password
- Ensure IAM policies that allow full "*:*" administrative privileges are not created
- Ensure CloudTrail is enabled in all regions
- Ensure CloudTrail log file validation is enabled
- Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
- Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
- Ensure AWS Config is enabled in all regions