Cloud services are being adopted by a majority of businesses because of their improved infrastructure and ease of use. Amazon took a great risk in 2006 by launching AWS cloud services, and now, AWS is one of the best choices with its flexible workspace and excellent customer support. There is no doubt that cyber-popularity comes with a side-effect — cyber hacks. And there is nothing better than a thorough AWS security audit to deal with them.
There have been a number of instances where AWS security breaches were reported revealing several AWS vulnerabilities such as misconfiguration, leaky S3 buckets, and compromised network of AWS.
Trust me, you would not want to deal with the aftermath of these vulnerabilities! In this article, we have compiled a list of steps to go through while performing an AWS security audit to bolt your AWS infrastructure beforehand.
When to perform an AWS security audit?
Although we recommend you perform a security audit on a regular basis as it is always the right time to secure your business. But here are some other instances where it is crucial that you perform an audit:
● If there are any changes in the policies or rules in your organization.
● If there is an addition or removal of users. This is important as you might want to add or remove permission related to a particular user.
● Also, perform a security audit when there are new installations or removal of software and applications on AWS CloudFormation templates, AWS OpsWorks Stacks, AWS EC2 instances, etc.
● If you suspect that your account has been compromised.
Steps to take before performing a security audit
A security audit of a cloud service requires expert knowledge and experience. There are certain steps that you should take regardless of the method and plan you are going to follow:
● Define the scope of your audit, including the target systems and AWS environment.
● Run your preliminary tests.
● Decide the type of website pentest you would like on your account, i.e; black box, grey box, white box.
● Highlight the expectations of both the pentesting company and the stakeholder.
● Last but not the least, obtain written approval to conduct the test from the client or any other involved third-party.
5 steps to security audit
1. Review your account credentials
For the first step of the AWS security audit follow these steps to review your AWS account credentials:
● You can go ahead and remove the root access keys if you are not using them. And if you are using them, we strongly recommend against it. Use IAM users instead.
● If you do want to keep them rotate them on a regular basis.
2. Review IAM users
Follow these steps to audit your existing IAM users:
● Remove all the inactive users.
● Remove the users from the groups they are not supposed to be a part of.
● Review the IAM policies of your service.
● Remove unnecessary security credentials that the user doesn’t need.
● Also, keep changing the security credentials in case you share them with an unauthorized person.
3. Review Amazon EC2 security configuration
● Remove all the EC2 key pairs that are inactive and are known to unauthorized people.
● Delete all the security groups that you do not need and remove the rules from the groups that do not meet your security needs.
● Terminate any or all instances that are no longer needed or that can be approved by unauthorized access.
● Cancel spot instance requests.
4. Review AWS policies
Do not forget to remove the permissions for services that support other mechanisms and that use resource-based policies.
5. Monitor activity in your account
Follow these steps to monitor activities in your AWS account:
● Turn on the AWS Cloud trail in each account to continuously monitor activities on your website and check the logs.
● Enable S3 bucket logging to keep a log of requests to each bucket.
● Look for unauthorized and temporary credentials in your account and remove them.
Or hire a professional VAPT team
Conducting a full-fledged IT security audit means an endless list of tests and reviews to perform. If you are not a tech-savvy person, you can outsource this work for a little price.
Astra Security’s expert security team is continuously growing and evolving and so are their techniques of AWS security audit. Their in-depth analysis and a summarizing comprehensive report helps you not only to uncover vulnerabilities but also simplifies the fixing process.
Astra’s VAPT service includes the audit of static and dynamic code, payment security flaws, business logic errors, tests for known CVEs, and protection against 100+ flaws. Here’s Astra’s 5-step VAPT process:
Astra’s VAPT process