SBN

AWS Security Monitoring Checklist [Updated 2019]

Since every organization is moving towards cloud, the roles and responsibilities of in-house security teams have increased a lot. Due to lack of complete ownership, security teams do not have visibility and control of the underlying/leased infrastructure. In this article, we will examine the security checklist for AWS which every security team should keep an eye on. Companies which are onboarding to cloud need to understand that it is their job to maintain the security of the leased infrastructure(logically).We will discuss various AWS objects, their purpose, their associated risks, and checklist to monitor for their attributes.

AWS S3

The S3 is a cloud-based offering from AWS. It allows one to store and retrieve an unlimited amount of data from any location at any given point in time. The architecture of S3 is kept simple to provide robustness and efficiency to its end users. The S3 is made of up of 2 main elements: Buckets and Objects.

S3 ACLs

The S3 provides Access Control Lists (aka ACLs) at both the bucket level and the object level. By default, the owner of a bucket or object has the “FULL_CONTROL” permission. The AWS S3 also has predefined groups which are as follows:

  • All Users group: When this group is assigned to a bucket, permissions are assigned to anyone in the world to access that bucket.
  • Authenticated group: This group authenticates users to access an AWS account. However, they do not have to be specific users that fall under the bucket owner account

Security Monitoring Checklist

Below is the security monitoring checklist for AWS S3:

  • Monitoring of S3 Buckets which have FULL CONTROL for Authenticated Group.
  • Monitoring of S3 buckets which have FULL CONTROL for ALL Users group.
  • Monitoring of S3 buckets which have default encryption disabled
  • Monitoring of S3 buckets (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/xchULmUbbLA/