The highlight of Amazon Web Services (AWS) lies in its services that include cloud computing tools combined with resources for virtual machines, storing it in databases, customer communication, managing access, and doing everything in a cheaper, faster, and simpler way. A unique point of AWS is that the responsibility of data protection is divided between the user and the cloud vendor – therefore, it falls on the user to fulfill their responsibilities for complete security. This is where the AWS security audit process steps in.
Amazon Web Services (AWS) is considered one of the best IaaS (infrastructure as a service) providers on the market providing a wide range of selection of tools under four main domains – application services, computing and networking, databases, deployment, and management.
AWS as an IaaS provides you with the best configuration options and the ability to create server virtual machines (VMs) from the beginning. It also provides optimized separation of the responsibility for maintaining security – while the server is responsible for the infrastructure, while the user shares the responsibility for the operating system and the applications.
Why should you conduct security audit processes?
Till 2017, the three top causes of data breaches – database misconfigurations, code injections, and cross-site scripting (XSS) attacks – remain steady. This data is not reassuring as it implies that despite adopting the best and latest practices on cybersecurity, writing safe code, and cleaning up as much as possible, security issues and vulnerabilities still exist. To prevent such data leaks, regular check-ups on your cloud security infrastructure is vital. Check out The Online Web Application Security Project (OWASP) Top 10 to stay updated on the yearly security threats and web security vulnerabilities.
The AWS security audit process
Before stepping into the actual procedure, it is important to note that this auditing process should be a regular task conducted by the organization to avoid any unwanted surprises. The testing team should conduct security audit processes after every security threat is identified, significant changes have been made to the system (especially access management), and at least once every 6 months to confirm the smooth operation.
This is especially important because of the AWS policy of ‘shared responsibility’ on data security matters. The implication is that the user is responsible for the AWS security configurations of the server virtual machines, the services provided, and the app as well. Many tools are available for the AWS security audit process – some developed by Amazon, others customized.
So, what are the popular AWS services that must undergo the security audit process for ensuring cloud security?
Elastic Compute Cloud (EC2) service
Used for virtual machine provisioning and management, this service provides access to Amazon’s highly efficient computing environment with proven high speeds on scaling and configuration of virtual machines.
A couple of pointers when auditing EC2 – no unused security groups, no default security groups in use, only allowed ports accessible to everyone with descriptions and all whitelisted IPs should be known.
Identity and Access Management (IAM)
This is useful for keeping control of users, user groups, and the respective permissions for accessing AWS resources. For listing all the users, access keys, MFA devices, and their password status, you can use the ‘credentials report’ feature.
A couple of pointers when auditing IAM – root account shouldn’t be used for daily tasks, its keys shouldn’t be active, enable multi-factor authentication for root and for users with access to the AWS console, all users should have only one access key, access keys should be changed every 180 days, and password policies enhanced for each user with access to the AWS Console.
The S3 bucket is, simply put, a cloud folder that provides a variety of settings such as access logging, encryption, region exceptions, etc.
A couple of pointers when auditing the S3 bucket – enable bucket versioning and bucket access logging, and granted permissions only for specific users.
Virtual Private Cloud (VPC)
This is an isolated part of the network architecture which utilizes AWS resources for full configuration of the IP address line, route tables, network gateways for each network segment, etc. The importance of this service comes from its ability to separate the production environment from the staging and testing environments. This part will cover under the Penetration testing in AWS.
A couple of pointers when auditing VPC – network access control lists (ACLs) should be configured according to the required framework, unused ACLs should be removed, and flow logs enabled for all subnets being used.
CloudTrail provides assistance in managing Amazon accounts while running operational, compliance, and risk security audits. All account activity is noted, monitored and kept for further analysis within the AWS infrastructure, providing the option for observing events in the cloud environment. In this manner, CloudTrail simplifies security analysis troubleshooting and tracking changes in resources.
A couple of pointers when auditing CloudTrail – CloudTrail should be turned on and correctly configured and not put on default, and enable Global Services logging.
This list covers some of the services that require the AWS security audit process. Make sure to entrust a trusted professional with the conduct of this security audit, like Astra Security, today.