After securing infrastructure at healthcare companies, defense contractors, and energy firms, I've distilled my cloud security review into 27 checks across 6 domains. Here's the checklist I run on Day 1 of every engagement.
1. Identity & Access (6 checks)
# Check root account MFA
aws iam get-account-summary | grep AccountMFAEnabled
# Find users without MFA
aws iam generate-credential-report
aws iam get-credential-report --output text | awk -F, '$4=="false" {print $1}'
# Find overprivileged roles
aws iam list-policies --only-attached --query 'Policies[?PolicyName==`AdministratorAccess`]'
# Check for access keys older than 90 days
aws iam list-access-keys --query 'AccessKeyMetadata[?CreateDate<`2026-01-18`]'
2. Network Security (5 checks)
# Security groups with 0.0.0.0/0 on SSH
aws ec2 describe-security-groups --filters Name=ip-permission.from-port,Values=22 Name=ip-permission.cidr,Values=0.0.0.0/0
# Check for public subnets without NAT
aws ec2 describe-route-tables --query 'RouteTables[*].Routes[?GatewayId!=`local`]'
# VPC Flow Logs enabled?
aws ec2 describe-flow-logs --query 'FlowLogs[*].{VPC:ResourceId,Status:FlowLogStatus}'
3. Data Protection (5 checks)
# S3 buckets without encryption
aws s3api list-buckets --query Buckets[].Name --output text | xargs -I {} aws s3api get-bucket-encryption --bucket {} 2>&1
# Public S3 buckets
aws s3api list-buckets --query Buckets[].Name --output text | xargs -I {} aws s3api get-public-access-block --bucket {}
# EBS volumes without encryption
aws ec2 describe-volumes --query 'Volumes[?!Encrypted].VolumeId'
4. Detection & Monitoring (4 checks)
- CloudTrail enabled in all regions
- GuardDuty active
- Config rules recording
- CloudWatch alarms on root login
5. Incident Response (4 checks)
- Runbooks documented
- Automated containment playbooks
- Contact escalation matrix
- Regular tabletop exercises
6. Supply Chain Security (3 checks)
- Container image scanning (Trivy/Snyk)
- Dependency vulnerability scanning
- SBOM generation
Full Security Framework
I maintain a complete collection of cybersecurity frameworks with implementation checklists, compliance templates, and detection rule sets at Citadel Cloud Management.
17 free cloud courses including Cloud Security: Free Courses
What does your Day 1 security checklist look like?
Top comments (0)