Verify AWS Identity and Access Management (IAM) configurations
Verify that the AWS Identity and Access Management (IAM) configurations are correctly set up. This task ensures that the appropriate permissions are granted to users, groups, and roles and that there are no unnecessary or excessive permissions. It also helps in identifying any misconfigurations or security vulnerabilities in IAM. Have you granted only the necessary permissions to IAM users, groups, and roles? Are there any unused IAM entities that need to be removed?
1
Full access
2
Read only
3
Limited access
4
No access
1
Unused users
2
Unused groups
3
Unused roles
Check for unused security groups
Check for any unused security groups within your AWS environment. Unused security groups could indicate misconfigurations or abandoned resources. Do you have any unused security groups?
1
Yes
2
No
Inspect default security group configurations
Inspect the default security group configurations to ensure that they are properly set up. Default security groups are automatically assigned to new resources and often have overly permissive rules. This task helps in identifying any misconfigurations or security vulnerabilities in default security groups. Are the default security groups configured correctly?
1
Yes
2
No
Review AWS CloudTrail settings
Review the AWS CloudTrail settings to ensure that they are properly configured. AWS CloudTrail provides visibility into account activity by recording actions taken by users and resources. This task helps in verifying that CloudTrail is enabled, capturing the desired events, and storing the logs in the appropriate location. Have you reviewed and verified the AWS CloudTrail settings?
1
Yes
2
No
Ensure encryption is enabled at rest and in transit
Ensure that encryption is enabled at rest and in transit for all relevant AWS services. Encryption helps protect sensitive data from unauthorized access. This task involves checking if encryption is enabled for storage services like Amazon S3 and Amazon EBS, as well as ensuring that SSL/TLS is enabled for communication between services. Have you verified encryption settings for all relevant AWS services?
1
Enabled
2
Disabled
Check for public Amazon S3 buckets
Check for any public Amazon S3 buckets within your AWS environment. Publicly accessible S3 buckets can expose sensitive data to unauthorized users. This task helps in identifying any S3 buckets that are publicly accessible and need to be secured. Do you have any public Amazon S3 buckets?
1
Yes
2
No
Monitor AWS GuardDuty findings
Monitor the AWS GuardDuty findings to identify any suspicious activity or potential security threats within your AWS environment. AWS GuardDuty is a threat detection service that continuously monitors for malicious activity. This task helps in ensuring that GuardDuty is enabled and that findings are regularly reviewed. Have you reviewed the AWS GuardDuty findings?
1
Yes
2
No
Ensure VPC flow logging is enabled
Ensure that VPC flow logging is enabled for all your VPCs. VPC flow logs capture information about the IP traffic going to and from network interfaces within the VPC. This task helps in monitoring network traffic and identifying any suspicious or unauthorized activity. Have you verified VPC flow logging settings for all your VPCs?
1
Enabled
2
Disabled
Verify AWS Config is monitoring all regions
Verify that AWS Config is monitoring all the regions in your AWS account. AWS Config provides a detailed view of the configuration of AWS resources in your account and helps ensure compliance with security best practices. This task helps in verifying that AWS Config is enabled and monitoring all the necessary regions. Have you verified AWS Config settings for all regions?
1
Enabled
2
Disabled
Check for unrestricted inbound access on certain ports
Check for any unrestricted inbound access on certain ports within your security groups. Unrestricted inbound access can leave your resources vulnerable to attacks. This task involves identifying security groups with open ports and recommending necessary changes. Do you have any security groups with unrestricted inbound access on certain ports?
1
Yes
2
No
Ensure AWS CloudWatch is deployed and set up correctly
Ensure that AWS CloudWatch is deployed and set up correctly for monitoring your AWS environment. AWS CloudWatch provides monitoring and observability capabilities for AWS resources. This task helps in verifying that CloudWatch is properly configured and capturing the necessary metrics. Have you verified AWS CloudWatch deployment and setup?
1
Yes
2
No
Approval: Compliance Officer
Will be submitted for approval:
Verify AWS Identity and Access Management (IAM) configurations
Will be submitted
Review AWS CloudTrail settings
Will be submitted
Ensure encryption is enabled at rest and in transit
Will be submitted
Check for public Amazon S3 buckets
Will be submitted
Monitor AWS GuardDuty findings
Will be submitted
Ensure VPC flow logging is enabled
Will be submitted
Verify AWS Config is monitoring all regions
Will be submitted
Check for unrestricted inbound access on certain ports
Will be submitted
Ensure AWS CloudWatch is deployed and set up correctly
Will be submitted
Ensure data integrity with AWS Macie
Ensure data integrity in your AWS environment by using AWS Macie. AWS Macie automatically discovers, classifies, and protects sensitive data like Personally Identifiable Information (PII). This task involves setting up Macie and configuring it to monitor and protect your data. Have you ensured data integrity with AWS Macie?
1
Yes
2
No
Review EC2 instances for public IP assignments
Review the EC2 instances in your AWS account to identify any instances with public IP assignments. EC2 instances with public IPs are directly accessible from the internet and can be potential security risks if not necessary. This task helps in identifying any instances that can be switched to private IP addresses. Have you reviewed EC2 instances for public IP assignments?
Verify that the proper AWS Shield (DDoS protection) configurations are in place for your resources. AWS Shield provides protection against Distributed Denial of Service (DDoS) attacks. This task involves checking if AWS Shield is enabled and configured correctly. Have you verified AWS Shield configurations for your resources?
1
Enabled
2
Disabled
Check AWS Lambda function policies
Check the policies associated with your AWS Lambda functions to ensure that they are properly configured. AWS Lambda function policies control the permissions for invoking and accessing Lambda functions. This task helps in identifying any misconfigurations or excessive permissions. Have you checked AWS Lambda function policies?
1
Yes
2
No
Ensure EBS snapshots are not publicly accessible
Ensure that your EBS snapshots are not publicly accessible. Publicly accessible EBS snapshots can expose sensitive data. This task involves checking if the EBS snapshots have the appropriate permissions and are not publicly accessible. Have you ensured that EBS snapshots are not publicly accessible?
1
Enabled
2
Disabled
Assess RDS instances for public accessibility
Assess your RDS instances to identify any instances that are publicly accessible. Publicly accessible RDS instances can be potential security risks. This task involves reviewing the security groups associated with the RDS instances and making necessary changes. Have you assessed RDS instances for public accessibility?
1
Yes
2
No
Approval: Security Administrator
Will be submitted for approval:
Verify AWS Identity and Access Management (IAM) configurations
Will be submitted
Review AWS CloudTrail settings
Will be submitted
Ensure encryption is enabled at rest and in transit
Will be submitted
Check for public Amazon S3 buckets
Will be submitted
Monitor AWS GuardDuty findings
Will be submitted
Ensure VPC flow logging is enabled
Will be submitted
Verify AWS Config is monitoring all regions
Will be submitted
Check for unrestricted inbound access on certain ports
Will be submitted
Ensure AWS CloudWatch is deployed and set up correctly
Check the AWS WAF (Web Application Firewall) configurations to ensure that they are properly set up. AWS WAF helps protect web applications from common exploits and attacks. This task involves reviewing the AWS WAF rules and configurations. Have you checked AWS WAF configurations?
