SlideShare a Scribd company logo

AWS Monitoring & Logging

Download as PPTX, PDF
Jason Poley
Jason Poley

The document discusses various AWS services for monitoring, logging, and security. It provides examples of AWS CloudTrail logs and best practices for CloudTrail such as enabling in all regions, log file validation, encryption, and integration with CloudWatch Logs. It also summarizes VPC flow logs, CloudWatch metrics and logs, and tools for automating compliance like Config rules, CloudWatch events, and Inspector.

1 of 48
Downloaded 431 times
AWS Monitoring & Logging Jason Poley Barclaycard / Entech jpoley@entech.com https://www.linkedin.com/in/jasonpoley
Different log categories AWS Infrastructure logs  AWS CloudTrail  Amazon VPC Flow Logs AWS service logs  Amazon S3  AWS Elastic Load Balancing  Amazon CloudFront  AWS Lambda  AWS Elastic Beanstalk  … Host based logs  Messages  Security  NGINX/Apache/IIS  Windows Event Logs  Windows Performance Counters  …
Different log categories AWS Infrastructure logs  AWS CloudTrail  Amazon VPC Flow Logs AWS service logs  Amazon S3  AWS Elastic Load Balancing  Amazon CloudFront  AWS Lambda  AWS Elastic Beanstalk  … Host based logs  Messages  Security  NGINX/Apache/IIS  Windows Event Logs  Windows Performance Counters  … Security related events
AWS CloudTrail Records AWS API calls for your account
What can you answer using a CloudTrail event?  Who made the API call?  When was the API call made?  What was the API call?  Which resources were acted up on in the API call?  Where was the API call made from and made to? Supported services: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-services.html
What does an event look like? { "eventVersion": "1.01", "userIdentity": { "type": "IAMUser", // Who? "principalId": "AIDAJDPLRKLG7UEXAMPLE", "arn": "arn:aws:iam::123456789012:user/Alice", //Who? "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "Alice", "sessionContext": { "attributes": { "mfaAuthenticated": "false", "creationDate": "2014-03-18T14:29:23Z" } } }, "eventTime": "2014-03-18T14:30:07Z", //When? "eventSource": "cloudtrail.amazonaws.com", "eventName": "StartLogging", //What? "awsRegion": "us-west-2",//Where to? "sourceIPAddress": "72.21.198.64", // Where from? "userAgent": "AWSConsole, aws-sdk-java/1.4.5 Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx", "requestParameters": { "name": "Default“ // Which resource? }, // more event details }
AWS CloudTrail Best Practices
AWS CloudTrail Best Practices 1. Enable in all regions Benefits  Also tracks unused regions  Can be done in single configuration step
AWS CloudTrail Best Practices 1. Enable in all regions 2. Enable log file validation Benefits  Ensure log file integrity  Validated log files are invaluable in security and forensic investigations  Built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing  AWS CloudTrail will start delivering digest files on an hourly basis  Digest files contain hash values of log files delivered and are signed by AWS CloudTrail
AWS CloudTrail Best Practices 1. Enable in all regions 2. Enable log file validation 3. Encrypted logs Benefits  By default, AWS CloudTrail encrypts log files using Amazon S3 server side encryption (SSE-S3)  You can choose to encrypt using AWS Key Management Service (SSE-KMS)  Amazon S3 will decrypt on your behalf if your credentials have decrypt permissions
AWS CloudTrail Best Practices 1. Enable in all regions 2. Enable log file validation 3. Encrypted logs 4. Integrate with Amazon CloudWatch Logs Benefits  Simple search  Configure alerting on events
AWS CloudTrail Best Practices 1. Enable in all regions 2. Enable log file validation 3. Encrypted logs 4. Integrate with Amazon CloudWatch Logs 5. Centralize logs from all accounts Benefits  Configure all accounts to send logs to a central security account  Reduce risk for log tampering  Can be combined with Amazon S3 CRR
AWS Technology Partner solutions integrated with CloudTrail
Amazon VPC Flow Logs Log network traffic for Amazon VPC, subnet or single interfaces
Amazon VPC Flow Logs  Stores log in AWS CloudWatch Logs  Can be enabled on • Amazon VPC, a subnet, or a network interface • Amazon VPC & Subnet enables logging for all interfaces in the VPC/subnet • Each network interface has a unique log stream  Flow logs do not capture real-time log streams for your network interfaces  Filter desired result based on need • All, Reject, Accept • Troubleshooting or security related with alerting needs? • Think before enabling All on VPC, will you use it?
VPC Flow Logs • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
VPC Flow Logs • Amazon Elasticsearch Service • Amazon CloudWatch Logs subscriptions
Amazon CloudWatch Monitor Logs from Amazon EC2 Instances in Real-time
Ubiquitous logging and monitoring Amazon CloudWatch Logs lets you grab everything and monitor activity  Managed service to collect and keep your logs  CloudWatch Logs Agent for Linux and Windows instances  Integration with Metrics and Alarms  Export data to S3 for analytics  Stream to Amazon ElasticSearch Service or AWS Lambda
CloudWatch Metrics  Supports custom metrics.  Memory is a custom parameter  5 minute interval by default, 1 minute available with detailed.  Can be used as a forensics tool because it keeps instance information for 2 weeks.  Information stored in time series format.  Provides dashboarding capabilities and an API for extraction.  Use as a foundational component of auto-scaling.
Managing, Monitoring & Processing Logs CloudWatch Logs - Near real-time, aggregate, monitor, store, and search Amazon Elasticsearch Service Integration (or ELK stack) - Analytics and Kibana interface AWS Lambda & Amazon Kinesis Integration - Custom processing with your code Export to S3 - SDK & CLI batch export of logs for analytics
Arrow direction indicates general direction of data flow EC2 instances Logstash cluster on EC2 DynamoDB Tables RDS Databases (via JDBC) SQS Queues Kinesis Streams VPC Flow Logs CloudTrail Audit Logs S3 Access Logs ELB Access Logs CloudFront Access Logs SNS Notifications DynamoDB Streams SES Inbound Email Cognito Events Kinesis Streams CloudWatch Events & Alarms Config Rules
Automating your compliance checks
Multiple levels of automation Self managed  AWS CloudTrail -> Amazon CloudWatch Logs -> Amazon CloudWatch Alerts  AWS CloudTrail -> Amazon SNS -> AWS Lambda Compliance validation  AWS Config Rules Host based Compliance validation  AWS Inspector Active Change Remediation  Amazon CloudWatch Events
AWS Config Resource and Configuration Tracking
What Resources exist? Get inventory of AWS resources Discover new and deleted resources Record configuration changes continuously Get notified when configurations change Know resource relationships dependencies
NormalizeRecordChanging Resources AWS Config Deliver Stream Snapshot (ex. 2014-11-05) AWS Config APIs Store History
AWS Monitoring & Logging
Evidence for compliance Many compliance audits require access to the state of your systems at arbitrary times (i.e., PCI, HIPAA). A complete inventory of all resources and their configuration attributes is available for any point in time.
AWS Config Rules Automate Response to Changes
Automated Response to Change Set up rules to check configuration changes recorded Use pre-built rules provided by AWS Author custom rules using AWS Lambda Invoked automatically for continuous assessment Use dashboard for visualizing compliance and identifying changes
NormalizeRecordChanging Resources AWS Config & Config Rules Deliver Stream Snapshot (ex. 2014-11-05) AWS Config APIs Store History Rules
AWS managed rules 1. All EC2 instances must be inside a VPC. 2. All attached EBS volumes must be encrypted, with KMS ID. 3. CloudTrail must be enabled, optionally with S3 bucket, SNS topic and CloudWatch Logs. 4. All security groups in attached state should not have unrestricted access to port 22. 5. All EIPs allocated for use in the VPC are attached to instances. 6. All resources being monitored must be tagged with specified tag keys:values. 7. All security groups in attached state should not have unrestricted access to these specific ports.
AWS Config Rules Repository AWS Community repository of custom Config rules https://github.com/awslabs/aws-config-rules Contains Node and Python samples for Custom Rules for AWS Config
AWS CloudWatch Events The central nervous system for your AWS environment
Tools - Amazon CloudWatch Events Trigger on event  Amazon EC2 instance state change notification  AWS API call (very specific)  AWS console sign-in  Auto Scaling Or Schedule  Cron is in the cloud!  No more Unreliable Town Clock  Min 1 min Single event can have multiple targets
AWS Inspector Automated security assessment service
Why Amazon Inspector? Applications testing key to moving fast but staying safe Security assessment highly manual, resulting in delays or missed security checks Valuable security subject matter experts spending too much time on routine security assessment
Amazon Inspector features Configuration Scanning Engine Built-in content library Run-Time Behavior Analysis Automatable via API Fully auditable
Amazon Inspector rulesets CVE CIS OS Security Config Benchmark Network Security Best Practices Authentication Best Practices Operating System Best Practices Application Security Best Practices
Amazon Inspector benefits Increased agility Embedded expertise Improved security posture Streamlined compliance
AWS Security tools: What to use? AWS Security and Compliance Security of the cloud Services and tools to aid security in the cloud Service Type Use cases Continuous logging Records AWS API calls for your account and delivers log files to you Continuous evaluations Codified internal best practices, misconfigurations, security vulnerabilities, or actions on changes On-demand evaluations Security insights into your application deployments running inside your EC2 instance Periodic evaluations Cost, performance, reliability, and security checks that apply broadly Actions in response to APIs and state change AWS APIs use triggers custom Lambda actions AWS Inspector AWS Config Rules AWS Trusted Advisor AWS CloudTrail CloudWach Events
Don’t forget built-in reporting
AWS Trusted Advisor checks your account
IAM Credential Reports
Rounding up  Leverage built-in tools for monitoring and compliance  Storage is cheap, not knowing can be very expensive – Log if possible  Alerting is good, automating your security response is better  Use managed services and built-in reporting to offload and automate  See the Big Picture, what info do you want and what tool can give it to you
AWS Services  CloudWatch – Events, Logs, Metrics  VPC Flow Logs  CloudTrail  Config & Config Rules  Inspector  Trusted Advisor  IAM – credential report & policy simulator  Indirect tools – Elasticsearch, S3, Kinesis.
AND Move Fast Stay Secure
Ad

Recommended

AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud Watch
zekeLabs Technologies
 
Performance testing presentation
Performance testing presentationPerformance testing presentation
Performance testing presentation
Belatrix Software
 
Presentation on Internet Cookies
Presentation on Internet CookiesPresentation on Internet Cookies
Presentation on Internet Cookies
Ritika Barethia
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
AWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and WorkshopsAWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and Workshops
Tom Laszewski
 
Ip address
Ip addressIp address
Ip address
Amandeep Kaur
 
Azure fundamentals
Azure fundamentalsAzure fundamentals
Azure fundamentals
Raju Kumar
 
Production technology of cauliflower
Production technology of cauliflower Production technology of cauliflower
Production technology of cauliflower
vanisree Padmanabhan
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
zekeLabs Technologies
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Edureka!
 
Aws cloud watch
Aws cloud watchAws cloud watch
Aws cloud watch
Mahesh Raj
 
AWS Storage - S3 Fundamentals
AWS Storage - S3 FundamentalsAWS Storage - S3 Fundamentals
AWS Storage - S3 Fundamentals
Piyush Agrawal
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
Amazon EventBridge
Amazon EventBridgeAmazon EventBridge
Amazon EventBridge
Dhaval Nagar
 
AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3) AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3)
zekeLabs Technologies
 
AWS Lambda
AWS LambdaAWS Lambda
AWS Lambda
Scott Leberknight
 
AWS RDS
AWS RDSAWS RDS
AWS RDS
Mahesh Raj
 
AWS Security
AWS Security AWS Security
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
Amazon Web Services Korea
 
Introduction to Amazon S3
Introduction to Amazon S3Introduction to Amazon S3
Introduction to Amazon S3
Ashay Shirwadkar
 
Cloudwatch: Monitoring your Services with Metrics and Alarms
Cloudwatch: Monitoring your Services with Metrics and AlarmsCloudwatch: Monitoring your Services with Metrics and Alarms
Cloudwatch: Monitoring your Services with Metrics and Alarms
Felipe
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 
AWS EC2
AWS EC2AWS EC2
AWS EC2
Mahesh Raj
 
AWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineAWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipeline
Julien SIMON
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
AZ-900 Azure Fundamentals.pdf
AZ-900 Azure Fundamentals.pdfAZ-900 Azure Fundamentals.pdf
AZ-900 Azure Fundamentals.pdf
ssuser5813861
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
Scott Arveseth
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
Amazon Web Services Korea
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Ad

More Related Content

What's hot (20)

AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
zekeLabs Technologies
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Edureka!
 
Aws cloud watch
Aws cloud watchAws cloud watch
Aws cloud watch
Mahesh Raj
 
AWS Storage - S3 Fundamentals
AWS Storage - S3 FundamentalsAWS Storage - S3 Fundamentals
AWS Storage - S3 Fundamentals
Piyush Agrawal
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
Amazon EventBridge
Amazon EventBridgeAmazon EventBridge
Amazon EventBridge
Dhaval Nagar
 
AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3) AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3)
zekeLabs Technologies
 
AWS Lambda
AWS LambdaAWS Lambda
AWS Lambda
Scott Leberknight
 
AWS RDS
AWS RDSAWS RDS
AWS RDS
Mahesh Raj
 
AWS Security
AWS Security AWS Security
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
Amazon Web Services Korea
 
Introduction to Amazon S3
Introduction to Amazon S3Introduction to Amazon S3
Introduction to Amazon S3
Ashay Shirwadkar
 
Cloudwatch: Monitoring your Services with Metrics and Alarms
Cloudwatch: Monitoring your Services with Metrics and AlarmsCloudwatch: Monitoring your Services with Metrics and Alarms
Cloudwatch: Monitoring your Services with Metrics and Alarms
Felipe
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 
AWS EC2
AWS EC2AWS EC2
AWS EC2
Mahesh Raj
 
AWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineAWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipeline
Julien SIMON
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
AZ-900 Azure Fundamentals.pdf
AZ-900 Azure Fundamentals.pdfAZ-900 Azure Fundamentals.pdf
AZ-900 Azure Fundamentals.pdf
ssuser5813861
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
Scott Arveseth
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
Amazon Web Services Korea
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
zekeLabs Technologies
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Edureka!
 
Aws cloud watch
Aws cloud watchAws cloud watch
Aws cloud watch
Mahesh Raj
 
AWS Storage - S3 Fundamentals
AWS Storage - S3 FundamentalsAWS Storage - S3 Fundamentals
AWS Storage - S3 Fundamentals
Piyush Agrawal
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
Amazon EventBridge
Amazon EventBridgeAmazon EventBridge
Amazon EventBridge
Dhaval Nagar
 
AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3) AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3)
zekeLabs Technologies
 
AWS Lambda
AWS LambdaAWS Lambda
AWS Lambda
Scott Leberknight
 
AWS RDS
AWS RDSAWS RDS
AWS RDS
Mahesh Raj
 
AWS Security
AWS Security AWS Security
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
Amazon Web Services Korea
 
Introduction to Amazon S3
Introduction to Amazon S3Introduction to Amazon S3
Introduction to Amazon S3
Ashay Shirwadkar
 
Cloudwatch: Monitoring your Services with Metrics and Alarms
Cloudwatch: Monitoring your Services with Metrics and AlarmsCloudwatch: Monitoring your Services with Metrics and Alarms
Cloudwatch: Monitoring your Services with Metrics and Alarms
Felipe
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 
AWS EC2
AWS EC2AWS EC2
AWS EC2
Mahesh Raj
 
AWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineAWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipeline
Julien SIMON
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
AZ-900 Azure Fundamentals.pdf
AZ-900 Azure Fundamentals.pdfAZ-900 Azure Fundamentals.pdf
AZ-900 Azure Fundamentals.pdf
ssuser5813861
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
Scott Arveseth
 
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
AWS Control Tower를 통한 클라우드 보안 및 거버넌스 설계 - 김학민 :: AWS 클라우드 마이그레이션 온라인
Amazon Web Services Korea
 

Recently uploaded (20)

Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Ad

AWS Monitoring & Logging

  • 1. AWS Monitoring & Logging Jason Poley Barclaycard / Entech [email protected] https://www.linkedin.com/in/jasonpoley
  • 2. Different log categories AWS Infrastructure logs  AWS CloudTrail  Amazon VPC Flow Logs AWS service logs  Amazon S3  AWS Elastic Load Balancing  Amazon CloudFront  AWS Lambda  AWS Elastic Beanstalk  … Host based logs  Messages  Security  NGINX/Apache/IIS  Windows Event Logs  Windows Performance Counters  …
  • 3. Different log categories AWS Infrastructure logs  AWS CloudTrail  Amazon VPC Flow Logs AWS service logs  Amazon S3  AWS Elastic Load Balancing  Amazon CloudFront  AWS Lambda  AWS Elastic Beanstalk  … Host based logs  Messages  Security  NGINX/Apache/IIS  Windows Event Logs  Windows Performance Counters  … Security related events
  • 4. AWS CloudTrail Records AWS API calls for your account
  • 5. What can you answer using a CloudTrail event?  Who made the API call?  When was the API call made?  What was the API call?  Which resources were acted up on in the API call?  Where was the API call made from and made to? Supported services: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-services.html
  • 6. What does an event look like? { "eventVersion": "1.01", "userIdentity": { "type": "IAMUser", // Who? "principalId": "AIDAJDPLRKLG7UEXAMPLE", "arn": "arn:aws:iam::123456789012:user/Alice", //Who? "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "Alice", "sessionContext": { "attributes": { "mfaAuthenticated": "false", "creationDate": "2014-03-18T14:29:23Z" } } }, "eventTime": "2014-03-18T14:30:07Z", //When? "eventSource": "cloudtrail.amazonaws.com", "eventName": "StartLogging", //What? "awsRegion": "us-west-2",//Where to? "sourceIPAddress": "72.21.198.64", // Where from? "userAgent": "AWSConsole, aws-sdk-java/1.4.5 Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx", "requestParameters": { "name": "Default“ // Which resource? }, // more event details }
  • 8. AWS CloudTrail Best Practices 1. Enable in all regions Benefits  Also tracks unused regions  Can be done in single configuration step
  • 9. AWS CloudTrail Best Practices 1. Enable in all regions 2. Enable log file validation Benefits  Ensure log file integrity  Validated log files are invaluable in security and forensic investigations  Built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing  AWS CloudTrail will start delivering digest files on an hourly basis  Digest files contain hash values of log files delivered and are signed by AWS CloudTrail
  • 10. AWS CloudTrail Best Practices 1. Enable in all regions 2. Enable log file validation 3. Encrypted logs Benefits  By default, AWS CloudTrail encrypts log files using Amazon S3 server side encryption (SSE-S3)  You can choose to encrypt using AWS Key Management Service (SSE-KMS)  Amazon S3 will decrypt on your behalf if your credentials have decrypt permissions
  • 11. AWS CloudTrail Best Practices 1. Enable in all regions 2. Enable log file validation 3. Encrypted logs 4. Integrate with Amazon CloudWatch Logs Benefits  Simple search  Configure alerting on events
  • 12. AWS CloudTrail Best Practices 1. Enable in all regions 2. Enable log file validation 3. Encrypted logs 4. Integrate with Amazon CloudWatch Logs 5. Centralize logs from all accounts Benefits  Configure all accounts to send logs to a central security account  Reduce risk for log tampering  Can be combined with Amazon S3 CRR
  • 13. AWS Technology Partner solutions integrated with CloudTrail
  • 14. Amazon VPC Flow Logs Log network traffic for Amazon VPC, subnet or single interfaces
  • 15. Amazon VPC Flow Logs  Stores log in AWS CloudWatch Logs  Can be enabled on • Amazon VPC, a subnet, or a network interface • Amazon VPC & Subnet enables logging for all interfaces in the VPC/subnet • Each network interface has a unique log stream  Flow logs do not capture real-time log streams for your network interfaces  Filter desired result based on need • All, Reject, Accept • Troubleshooting or security related with alerting needs? • Think before enabling All on VPC, will you use it?
  • 16. VPC Flow Logs • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
  • 17. VPC Flow Logs • Amazon Elasticsearch Service • Amazon CloudWatch Logs subscriptions
  • 18. Amazon CloudWatch Monitor Logs from Amazon EC2 Instances in Real-time
  • 19. Ubiquitous logging and monitoring Amazon CloudWatch Logs lets you grab everything and monitor activity  Managed service to collect and keep your logs  CloudWatch Logs Agent for Linux and Windows instances  Integration with Metrics and Alarms  Export data to S3 for analytics  Stream to Amazon ElasticSearch Service or AWS Lambda
  • 20. CloudWatch Metrics  Supports custom metrics.  Memory is a custom parameter  5 minute interval by default, 1 minute available with detailed.  Can be used as a forensics tool because it keeps instance information for 2 weeks.  Information stored in time series format.  Provides dashboarding capabilities and an API for extraction.  Use as a foundational component of auto-scaling.
  • 21. Managing, Monitoring & Processing Logs CloudWatch Logs - Near real-time, aggregate, monitor, store, and search Amazon Elasticsearch Service Integration (or ELK stack) - Analytics and Kibana interface AWS Lambda & Amazon Kinesis Integration - Custom processing with your code Export to S3 - SDK & CLI batch export of logs for analytics
  • 22. Arrow direction indicates general direction of data flow EC2 instances Logstash cluster on EC2 DynamoDB Tables RDS Databases (via JDBC) SQS Queues Kinesis Streams VPC Flow Logs CloudTrail Audit Logs S3 Access Logs ELB Access Logs CloudFront Access Logs SNS Notifications DynamoDB Streams SES Inbound Email Cognito Events Kinesis Streams CloudWatch Events & Alarms Config Rules
  • 24. Multiple levels of automation Self managed  AWS CloudTrail -> Amazon CloudWatch Logs -> Amazon CloudWatch Alerts  AWS CloudTrail -> Amazon SNS -> AWS Lambda Compliance validation  AWS Config Rules Host based Compliance validation  AWS Inspector Active Change Remediation  Amazon CloudWatch Events
  • 25. AWS Config Resource and Configuration Tracking
  • 26. What Resources exist? Get inventory of AWS resources Discover new and deleted resources Record configuration changes continuously Get notified when configurations change Know resource relationships dependencies
  • 29. Evidence for compliance Many compliance audits require access to the state of your systems at arbitrary times (i.e., PCI, HIPAA). A complete inventory of all resources and their configuration attributes is available for any point in time.
  • 30. AWS Config Rules Automate Response to Changes
  • 31. Automated Response to Change Set up rules to check configuration changes recorded Use pre-built rules provided by AWS Author custom rules using AWS Lambda Invoked automatically for continuous assessment Use dashboard for visualizing compliance and identifying changes
  • 32. NormalizeRecordChanging Resources AWS Config & Config Rules Deliver Stream Snapshot (ex. 2014-11-05) AWS Config APIs Store History Rules
  • 33. AWS managed rules 1. All EC2 instances must be inside a VPC. 2. All attached EBS volumes must be encrypted, with KMS ID. 3. CloudTrail must be enabled, optionally with S3 bucket, SNS topic and CloudWatch Logs. 4. All security groups in attached state should not have unrestricted access to port 22. 5. All EIPs allocated for use in the VPC are attached to instances. 6. All resources being monitored must be tagged with specified tag keys:values. 7. All security groups in attached state should not have unrestricted access to these specific ports.
  • 34. AWS Config Rules Repository AWS Community repository of custom Config rules https://github.com/awslabs/aws-config-rules Contains Node and Python samples for Custom Rules for AWS Config
  • 35. AWS CloudWatch Events The central nervous system for your AWS environment
  • 36. Tools - Amazon CloudWatch Events Trigger on event  Amazon EC2 instance state change notification  AWS API call (very specific)  AWS console sign-in  Auto Scaling Or Schedule  Cron is in the cloud!  No more Unreliable Town Clock  Min 1 min Single event can have multiple targets
  • 37. AWS Inspector Automated security assessment service
  • 38. Why Amazon Inspector? Applications testing key to moving fast but staying safe Security assessment highly manual, resulting in delays or missed security checks Valuable security subject matter experts spending too much time on routine security assessment
  • 39. Amazon Inspector features Configuration Scanning Engine Built-in content library Run-Time Behavior Analysis Automatable via API Fully auditable
  • 40. Amazon Inspector rulesets CVE CIS OS Security Config Benchmark Network Security Best Practices Authentication Best Practices Operating System Best Practices Application Security Best Practices
  • 41. Amazon Inspector benefits Increased agility Embedded expertise Improved security posture Streamlined compliance
  • 42. AWS Security tools: What to use? AWS Security and Compliance Security of the cloud Services and tools to aid security in the cloud Service Type Use cases Continuous logging Records AWS API calls for your account and delivers log files to you Continuous evaluations Codified internal best practices, misconfigurations, security vulnerabilities, or actions on changes On-demand evaluations Security insights into your application deployments running inside your EC2 instance Periodic evaluations Cost, performance, reliability, and security checks that apply broadly Actions in response to APIs and state change AWS APIs use triggers custom Lambda actions AWS Inspector AWS Config Rules AWS Trusted Advisor AWS CloudTrail CloudWach Events
  • 44. AWS Trusted Advisor checks your account
  • 46. Rounding up  Leverage built-in tools for monitoring and compliance  Storage is cheap, not knowing can be very expensive – Log if possible  Alerting is good, automating your security response is better  Use managed services and built-in reporting to offload and automate  See the Big Picture, what info do you want and what tool can give it to you
  • 47. AWS Services  CloudWatch – Events, Logs, Metrics  VPC Flow Logs  CloudTrail  Config & Config Rules  Inspector  Trusted Advisor  IAM – credential report & policy simulator  Indirect tools – Elasticsearch, S3, Kinesis.

Editor's Notes

  • #6: Now that you know what CloudTrail does, lets see what questions you can answer using a CloudTrail event: Five important questions/W’s Turn on CloudTrail for your accounts Monitor and alarm for API activity with high blast radius Use Lookup Events to troubleshoot your operational issues
  • #7: Lets see a sample, Walk through..
  • #17: No Agents! Just Turn it on. No really, Ill wait. Enable per ENI, per Subnet or per VPC All network traffic data is logged to CloudWatch logs so you get durable storage but also all the analysis features such as filter queries and metric creation And then Create Alarms on those metrics Collected, processed and stored in ~10 minute capture windows into Cloudwatch Logs
  • #18: Or roll your own real time network dashboard with the new Amazon Elasticsearch Service Also based on a CloudWatch Logs Subscription filter that tees Flow Log data into a Kinesis stream and a stream reader then takes data and puts it into Elasticsearch See Jeff’s blog post where he details how to setup this VPC Flow Dashboard in a few clicks
  • #27: AWS Config is a fully managed service that provides you with an inventory of your AWS resources, lets you audit the resource configuration history and notifies you of resource configuration changes.
  • #32: Will discuss the awesomeness of AWS Config All EC2 Instances must be inside a VPC. All attached EBS volumes must be encrypted, with KMS ID. CloudTrail must be enabled, optionally with S3 bucket, SNS Topic and CloudWatch Logs. All security groups in attached state should not have unrestricted access to Port 22. All EIPs allocated for use in VPC are attached to instances. All resources being monitored must be tagged with specified tag keys:values. All security groups in attached state should not have unrestricted access to these specific ports.
  • #41: Each Inspector rule is assigned a severity level. This simplifies the decision of prioritizing one rule over another in your assessments and can help you decide what your reaction and corrective steps should be in the event of the rule highlighting a potential problem. The following are the severity levels for the Inspector rules: High – this severity level describes a security issue that can result in a compromise of the information confidentiality, integrity, and availability within your application. It is recommended that you treat this security issue as an emergency and implement an immediate remediation. Medium – this severity level describes a security issue that can result in a compromise of the information confidentiality, integrity, and availability within your application. It is recommended that you fix this issue at the next possible opportunity, for example, during your next service update. Low - this severity level describes a security issue that can result in a compromise of the information confidentiality, integrity, and availability within your application. It is recommended that you fix this issue as part of one of your future service updates. Informational – this severity level describes a particular security configuration detail of your application. Based on your business and organization goals, you can either simply make note of this information or use it to improve the security of your application. https://alpha-docs-aws.amazon.com/inspector/latest/userguide/inspector_rule-packages.html
  • #46: I want evidence that my users are following security best practices, such as requiring MFA for administrative-level users. You can generate a credential report that lists your IAM users and the status of their AWS security credentials and download it as a CSV file. These reports contain details such as whether MFA is activated, when their password was last rotated, and more. You can generate a new report as often as every 4 hours. You can download reports interactively via the console or programmatically using the IAM API. (Support is coming soon for downloading the reports using the AWS CLI.)
  • #49: For a long time, most organizations have had to make a choice between moving fast or maintaining a high degree of security However, one of the fundamental benefits of the cloud is that it let’s you do both.