1) AWS Account Safety
Last updated
Was this helpful?
Last updated
Was this helpful?
Understanding the safety of your account should be your first priority. Below is a recommended checklist you can follow to improve the security of your AWS account. This is based on the offical AWS Answer () coupled with the latest security features released by AWS. (Guard Duty & Security Hub)
AWS provides a best practices checklist for IAM.
The My Account section in the AWS console is where you can:
Update the contact details which AWS will use to contact you when there are Billing, Operational and Security notices.
Define your secret questions so that AWS can validate your identity when you need to contact customer support for help.
Setup the appropriate AWS support plan to suit the critically of your service.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. This service it will automatically scan the following:
VPC flow logs
Cloud Trail
DNS requests
If you are in an enterprise environment you may also wish to forward these in your SIEM tool (Security Information and Event Management tool).
AWS Security Hub gives you a comprehensive view of your high-priority security alerts and compliance status. It this does by:
Running compliance checks: AWS Security provides customers with prepackaged compliance standards, such as the CIS AWS Foundations Benchmark.
Finding ingestion events: AWS Security Hub ingests findings from various AWS services and from partner products.
By default guard duty does not have any alerting mechanism. InfViz have an cloudformation script which configures cloudwatch events and SNS to alert you when Guard Duty detects a suspicious event. ()
