AWS Cloud Infrastructure Security Audit
Is your AWS account secure? Have you exposed some of your machines to public? With a variety and volume of resources being launched and modified on your AWS cloud infrastructure on a daily basis, it is inevitable that you would have missed some security best practices. Botmetric’s comprehensive AWS cloud infrastructure security audit feature helps you enforce those best practices. Botmetric scans your AWS infrastructure and provides a comprehensive list of potential security threats.
Here is the list of all the security checks that Botmetric Security Audit performs, which helps in making your AWS cloud infrastructure more secure:
This is for the AWS security groups (firewall rules) that are open to range of IP or public access. In order to avoid exposure to known security vulnerabilities, we recommend that only ports associated with relevant IP and security groups are kept open.
If you have not enabled the Multi Factor Authentication for IAM users, it might pose a security threat. As the user name, password could be compromised and having MFA enabled adds up an extra layer of protection to your AWS account access making it more secure.
For the AWS RDS instances which have DB port opened to public or a range of IPs, we recommend to open the port for only the required IPs and security groups.
ELB Access Log
If your AWS ELB Access log is not enabled for the Elastic load balancers, it may cause threats. We recommend you to enable the ELB Access log for better security.
If the AWS EC2 instances don’t have API termination protection enabled, it may lead to accidental termination of machines through an automated process.
Botmetric’s AWS cloud infrastructure security audit
AWS CloudTrail is a web service that records API calls made on your account and delivers log files to your Amazon S3 bucket. Customers who wants to track changes to resources, answers simple questions about user activity, demonstrate compliance, troubleshoot, or perform security analysis should enable CloudTrail.
It is recommended to enable Cloudtrail logs even in regions that don’t have instances so that you can know about the unauthorized access in those regions as well.
IAM Users with complete access being granted, there is a possibility of getting security threat as the user can take any action on any resource. Botmetric lists such IAM users for your AWS account and you can validate if full access is required for that user or not. You can even exclude a user from coming in this list for future audits if you feel that user can have full access.
Admin Accounts Count
Total number of admin accounts. If there are too many IAM admin accounts, this may lead to security issues. It is recommended not to have many IAM users with admin rights.
If you have uploaded SSL certificates to Amazon Web Services for ELB (Elastic Load Balancing) or CloudFront (CDN), then you would want to keep an eye on the expiration dates and renew the certificates on time to ensure uninterrupted service.
Botmetric SSL Expiry audit will get a list of all SSL certificates, sorted by expiration date.
Botmetric provides a list of domain names which are going to expire in near future and are listed in AWS Route53.
Root Account MFA
MFA is not enabled for the root account. It is highly recommended that MFA should be enabled for the root account of your AWS Cloud.
Unused Security Groups
If you have AWS security groups that are not being used, you can get rid of those unused security groups.
Take control of your AWS cloud infrastructure security now! Try Botmetric for free.