AWS Security Checklist

on





Listen to blog instead!
"There is always someone waiting for you to do a mistake."
Security is a major challenge in nowadays. So everyone should focus on it. Now, tell me if you are a thief, whom are you going to steal? Obviously the richest one. 
In our world, the richest person is one who has most of the rights. Yeah, you got it right. The Root account. 

What should you do with your root account?


Everyone knows that you can do anything with root account in AWS. You must be careful by using it. I would suggest some points which you should follow to prevent misuse of your Root account.

Experts say that you should only use Root account to create an admin account, that's it!

  • As you know, other tasks can be done with admin account itself. So whenever you have admin account then try to avoid using root. 


Never ever create access keys for Root. 
  • Yeah, that's true. Because that's too dangerous! If by mistake that access keys got leaked, then the attacker, not only steals your data but can also delete your AWS account! 


Some other :

Image result for best practices

  •     Rotate IAM user passwords and access keys regularly. (You can also automate it. ;) )
  •     Use policy to alert when the user is not using MFA.
  •     Regularly check IAM uses. You may find unknown user then there are chances that some of your credentials are leaked. So its time to perform incident response plan.
  •     Use repository scan. I will explain this point further.

A developer may sometimes commit a code which has some secrets (like password, access keys anything) hardcoded. You can perform some checks that detect any secrets uploaded to your repository. 

You should know, there are some global scanners by the hacker and even Github has some, that scans code uploaded by everyone and checks for any kind of secrets uploaded by anyone.

Just try uploading your access key on a public repository and in some time you will receive mail from Github ;). Also if those keys are still active, in some time a hacker will create resources in your AWS account. Trust me I have seen this scenario. But thanks to AWS for helping.
GitSecrets, GitRob RepoSupervisor ar some scanners that you can try.


  • You can use AWS SSM parameter group to store configuration files if needed.
  • Also, AWS KMS is one of the best solution. You can even manage who can encrypt (only!) and who can decrypt using specified keys.


So Stay Aware, Stay Safe. 
Happy Learning.

Image result for happy learning

We would love to receive a feedback. Let us know if you have some other things, I will update post with that.
Related image

Deval Ganatra

Comments

  1. AnonymousJanuary 23, 2022 at 7:37 AM

    Gambling Sites - Choegocasino Casino
    Gambling sbobet ทางเข้า Online · 카지노사이트 Vegas Casino · SugarHouse Casino · Jackpot Slots 바카라 · Casino Extreme · InterTops · Inter-Bit · Video Poker · Roulette · Texas Holdem Poker · Video

    ReplyDelete
  2. panchozahnowMarch 4, 2022 at 5:11 PM

    Caesars Casino: Employee Directory | DMC
    Caesars has 1,800 employees, 2,300 online and mobile casino in the 의왕 출장마사지 United States. We have an 부산광역 출장안마 amazing 강원도 출장샵 list 바카라 안전 사이트 of 충청남도 출장샵 over 70+ locations,

    ReplyDelete

Post a Comment