AWS security audit guide

by Elmir Iskanderov

Auditing AWS security configuration is essential for timely identifying and addressing security vulnerabilities in your cloud infrastructure and services. Sounds simple, though there are milestones to cover and security pitfalls to avoid on the way to a secure cloud environment. This is actually what we are going to briefly discuss in this post.

Cloud customers are responsible for the configurations of security controls, access management, security of their applications, and data. Read more about Gaps in the Shared Responsibility Model.

When conducting an audit of AWS resources, ensuring proper access is vital, as access levels vary depending on the infrastructure being assessed.

Key policies to consider: SecurityAudit and ReadOnlyAccess, each offering different permissions for services and metadata. The ReadOnlyAccess policy is essential when utilising automated audit tools. Attach the ReadOnlyAccess and SecurityAudit policies to the user, group, or role involved in the audit. If you run into a "403 Access Denied" when trying to use an API, it means that you don't have permission. So contact your administrator to get it.

Pay close attention to the following cloud testing components. These are important for AWS security assessments to identify vulnerabilities and risks and ensure compliance.

1. Identity and Access Management: Verifying that users are assigned the appropriate roles and permissions.
2. Compute and Container Security: Potential risks to container components, including infrastructure, applications, and other elements, are identified and assessed.
3. Data Protection in Transit and at Rest: Data security is evaluated when it is transmitted between systems or stored.
4. Secure Remote and Administrative Access: Ensuring that resource access systems are secure and effectively guard against unauthorised access.
5. Audit Log and Real-time Security Monitoring: During this phase, it is verified that security events are being recorded and tracked, the Ops team has access to the logs, and monitoring systems are operating effectively.
6. Attack Detection and Response Mechanisms: Checking if there are effective systems for detecting potential attacks and responding to them.
7. Security Backups and Disaster Recovery Plan: Ensuring that backups are created and stored securely, disaster recovery plans are adequate and ready for use.
8. Compliance with Regulatory Requirements: Checking regulatory compliance for confidentiality and other regulatory demands.

CIS Benchmarks

💡 CIS Benchmarks, created by the Center for Internet Security — globally recognized best practices for cybersecurity. CIS Benchmarks meet NIST, HIPAA, PCI CSS, and CIS standards, with three levels of protection: Basic, higher security for sensitive data, and specifically for US government requirements.

CIS Benchmarks consist of four documents for auditing AWS security:

1. Amazon Web Services Foundations;
2. Amazon Web Services Three-tier Web;
3. AWS End User Compute Services;
4. AWS Compute Services.

Each of the documents listed above has audit checklists → CIS Benchmark AWS.

Cloud Conformity Knowledge Base

To ensure the security of your AWS services, follow the best practices at Cloud Conformity Knowledge Base.

The Cloud Conformity Knowledge Base for AWS contains curated rules and recommendations for optimising AWS security, reliability, performance, compliance, and cost-efficiency.

Tools

To save your time and perform the check effectively, use the following tools to automate the process:

1. Awsenum / aws_recon: Tools for reconnaissance/inventory of AWS services and resources.
2. Pacu: An AWS exploitation framework for offensive security testing in cloud environments.
3. Cloudsploit: An automated tool for monitoring and auditing AWS configuration security.
4. Prowler: A security auditing tool for AWS used to check existing configurations against security standards such as the CIS Amazon Web Services Foundations Benchmark.
5. Scoutsuite: A security auditing tool that provides visual reports on the security state of your AWS environment, identifying incorrect configurations and potential risks.

AWS security is about ensuring that users can safely take full advantage of the cloud and that their data is protected from unauthorised access, loss, and theft. “Reliability” and “security” are the keywords here. A comprehensive audit of your AWS infrastructure, as well as timely identification of potential vulnerabilities, are vital to creating a secure cloud environment and protecting sensitive data.

Comments

[Roman Burdiuzha]

Regular audits are crucial; the frequency depends on factors like regulatory requirements, changes in the environment, and the organization's risk tolerance. Quarterly or annually is common.