Scribd
Upload
255 views

WP - AWS Security Checklist PDF

The document is a white paper that provides an AWS security checklist. It lists key security questions to ask about account separation, credential protection, secret management, compliance requirements, availability, auditing and more. It recommends tools like IAM roles, Secrets Manager, and KMS to securely manage resources. The checklist helps users build security in, scale securely, and gain visibility to ensure a secure AWS environment.

Uploaded by

aristidezz
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
255 views

WP - AWS Security Checklist PDF

The document is a white paper that provides an AWS security checklist. It lists key security questions to ask about account separation, credential protection, secret management, compliance requirements, availability, auditing and more. It recommends tools like IAM roles, Secrets Manager, and KMS to securely manage resources. The checklist helps users build security in, scale securely, and gain visibility to ensure a secure AWS environment.

Uploaded by

aristidezz
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

White Paper

AWS Premier Consulting Partner - DevOps | Migration | Security

AWS
Security
Checklist

Flux7, an NTT Data Company | All Rights Reserved | www.flux7.com | [email protected] | 844.FLUX700
White Paper
AWS Security
Checklist AWS Premier Consulting Partner - DevOps | Migration | Security

Cloud providers invest heavily to ensure the security of applications and data hosted in the public cloud as
security is imperative to their business success. Yet, cloud security is a shared responsibility and when cared
for properly can result in highly secure, compliant environments.

When evaluating if a workload is secure, the mnemonic CIA is always useful as it helps you evaluate Confi-
dentiality, Integrity, and Availability. Using CIA to evaluate if you have put in place the necessary controls for
each workload can be a helpful framework, for if any one of the three is neglected, the risk is high.

Start -- and stay -- on the right path with our AWS Security Checklist that helps you ask and answer key
questions that will allow you to build security in, scale securely, and gain visibility that gives you system
confidence.

Have You If not:


Created separation of duties? • Consider using separate AWS accounts for Development,
Production, etc.
• Have clearly defined roles with minimum permissions

Protected your accounts from break-in? • Set strong password policies


• Set MFA authentication
• Enable SSO to simplify management of accounts
• Rotate credentials
• Remove unused credentials
• Remove unused assigned permissions

Protected secrets, such as API keys and pass- • Incorporate “injectors” like AWS IAM Roles, Secrets Manager,
words? Parameter Store, KMS or HashiCorp Vault to manage sensitive
data
• Use tools like Anchore to scan assets for accidental secrets
• Disable SSH keys for EC2 instances altogether and use Session
Manager instead

Implemented automated testing/continuous • Implement basic monitoring and testing with AWS Config Rules;
security monitoring? extend to advanced monitoring and testing with custom rules
configuration
• Enable CloudTrail in all regions to have information available for
audits
• Save CloudTrail audit logs in a different secure account
• Monitor EC2 instances with AWS Inspector
• Enable logging on all assets including EC2 instances

Flux7, an NTT Data Company | All Rights Reserved | www.flux7.com | [email protected] | 844.FLUX700
White Paper
AWS Security
Checklist AWS Premier Consulting Partner - DevOps | Migration | Security

Have You If not:


Met corporate and legal compliance require- • Understand your legal requirements
ments? • Implement encryption at rest using KMS for EBS, S3, RDS, etc
• Follow the principle of least access on security groups
• Restrict access to EC2 instances
• Use CloudFormation to define all resources so resource
creation is done in an automated, repeatable, and auditable
method

Ensured availability of services against mali- • Use AWS WAF and CloudFront to protect against external
cious attackers? actors
• Implement autoscaling to handle increased loads

Enabled CloudTrail and Config to enable au- • Make sure that the buckets which store audit logs are en-
dits? crypted and any write activity on these buckets is monitored
as well

Used KMS keys for encryption? • Ensure all persistent stores including RDS, EBS, S3 are en-
crypted at rest; AWS offers it at no additional cost

Have you implemented an immutable infra- • Using CloudFormation allows you to define the desired state
structure and code? of your infrastructure and check for drift
• Using containers allows you to prevent drift of your application
configuration and code from the desired state

Have you defined clear availability goals? • Defining and measuring metrics such as SLAs, RPOs, RTOs for
each workload is the first step of implementing the A of CIA

Have you implemented networking best prac- • If your workload requires a VPC, implementing secure subnet-
tices? ting and routing configuration is paramount
• Collecting, shipping and analyzing

Using the CIA model, we help you define the technology, process and best practice tools to meet your spe-
cific compliance and governance needs. From security inspectors like monitoring and injectors like secret
management to landing zones and hardened pipelines, we help enterprises assess, design and build solid
cloud security. Ensure your enterprise uses the cloud securely with a Security Assessment. Contact our
Solution Architects today to learn more.

About Flux7
Flux7, an NTT DATA Company, is an IT services firm that helps enterprises reduce the complexities of a new
or evolving cloud automation strategy. Agile and DevOps-native, Flux7’s robust services portfolio prioritizes
a fast path to ROI that meets the immediate needs of technical and innovation teams focused on transfor-
mation while forging a secure and stable pathway for security and operational excellence. Learn how Flux7
helps businesses bring solutions to market faster at https://www.flux7.com

Flux7, an NTT Data Company | All Rights Reserved | www.flux7.com | [email protected] | 844.FLUX700

You might also like