AI Checklist Generator

From the makers of Manifestly Checklists

Home > AWS cloud secur0ity review

AWS cloud secur0ity review

Identity and Access Management (IAM)

  • List all IAM users, groups, and roles.
  • Assess permissions assigned to each entity.
  • Remove unnecessary permissions.
  • Ensure users have only required access.
  • Document changes made for compliance.
  • Identify IAM users and roles not accessed in the last 90 days.
  • Evaluate the necessity of each unused entity.
  • Deactivate users and roles initially.
  • Delete after a grace period if still unused.
  • Notify stakeholders before deletion.
  • Identify privileged IAM accounts.
  • Access the IAM console.
  • Select each account and enable MFA.
  • Guide users to configure their MFA devices.
  • Verify MFA is functioning correctly.
  • Audit all IAM policies for permission breadth.
  • Identify policies granting access beyond necessity.
  • Modify or restrict permissions as needed.
  • Implement policy conditions for tighter control.
  • Regularly review policies for compliance.
  • Identify applications requiring AWS service access.
  • Create IAM roles with necessary permissions.
  • Assign roles to applications via instance profiles.
  • Eliminate hard-coded access keys from applications.
  • Monitor role usage and adjust as needed.

Data Protection

  • Use HTTPS for all web applications.
  • Configure load balancers to enforce TLS.
  • Regularly review and update TLS certificates.
  • Test for vulnerabilities using tools like SSL Labs.
  • Ensure secure cipher suites are enabled.
  • Verify encryption settings on S3 buckets.
  • Use AWS KMS for managing encryption keys.
  • Check IAM policies for KMS access permissions.
  • Enable default encryption on new S3 buckets.
  • Review encryption status of existing data.
  • Audit bucket policies for public access settings.
  • Use AWS Trusted Advisor to identify risks.
  • Restrict access to specific IAM roles/users.
  • Enable Block Public Access settings on buckets.
  • Regularly monitor bucket access logs.
  • Turn on versioning for each sensitive S3 bucket.
  • Configure server access logging for tracking access.
  • Store logs in a separate, secure bucket.
  • Regularly review logs for unusual access patterns.
  • Implement lifecycle policies for old versions.
  • Use AWS Backup to automate backups.
  • Schedule regular backups for RDS and EBS volumes.
  • Store backups in a different AWS region.
  • Test backup restoration processes periodically.
  • Ensure backups are encrypted and compliant.

Network Security

  • List all security groups and network ACLs.
  • Identify rules allowing unrestricted access (0.0.0.0/0).
  • Check for unnecessary inbound and outbound rules.
  • Remove or restrict overly permissive rules.
  • Document changes and review regularly.
  • Verify VPC cidr blocks to avoid overlaps.
  • Ensure subnets are private or public as required.
  • Check route tables for appropriate traffic flow.
  • Confirm network segregation between environments.
  • Implement proper NAT gateways for private subnets.
  • Verify AWS Shield is enabled for critical resources.
  • Review AWS WAF rules for web application protection.
  • Check for rate limiting and IP blocking rules.
  • Ensure logging is enabled for WAF metrics.
  • Regularly update WAF rules based on threat intelligence.
  • Check VPN configurations for strong encryption protocols.
  • Review Direct Connect settings for proper access control.
  • Verify redundancy and failover settings.
  • Ensure logging is enabled for connection monitoring.
  • Regularly test the connections for reliability.
  • Enable flow logs for each VPC.
  • Choose appropriate log format (e.g., Apache or JSON).
  • Set up S3 bucket or CloudWatch Logs for storage.
  • Define retention policies for log data.
  • Review logs regularly for suspicious activity.

Monitoring and Logging

  • Navigate to the CloudTrail console.
  • Select 'Create trail' and provide a name.
  • Choose 'All Regions' for coverage.
  • Configure S3 bucket for log storage.
  • Enable CloudWatch Logs if desired.
  • Review and complete the trail setup.
  • Access the CloudWatch console.
  • Go to 'Logs' and select relevant log groups.
  • Set filters for specific error codes or anomalies.
  • Review metrics for unexpected spikes or changes.
  • Establish a routine for regular log reviews.
  • Open the AWS Config console.
  • Select 'Get started' and configure resource types.
  • Set up rules for compliance checks.
  • Enable recording of configuration changes.
  • Review resource history and compliance status regularly.
  • Use CloudWatch Alarms for monitoring thresholds.
  • Create SNS topics for alert notifications.
  • Set up rules in AWS Config for non-compliance.
  • Integrate with Lambda for automated responses.
  • Test alerts to ensure proper functioning.
  • Determine retention period based on compliance needs.
  • Configure S3 bucket lifecycle policies for logs.
  • Regularly review retention settings for updates.
  • Ensure logs are securely stored and encrypted.
  • Establish a process for log retrieval during incidents.

Incident Response

  • Identify critical assets and data in AWS.
  • Define roles and responsibilities for incident response team.
  • Establish procedures for detection, reporting, and escalation.
  • Document response workflows for various incident types.
  • Regularly test and refine the plan based on new threats.
  • Schedule exercises quarterly with all relevant team members.
  • Simulate various incident scenarios relevant to AWS.
  • Evaluate team responses and decision-making processes.
  • Gather feedback and identify areas for improvement.
  • Update the incident response plan based on exercise outcomes.
  • Create a clear role assignment document.
  • Distribute the document to all team members.
  • Conduct training sessions on incident response roles.
  • Reinforce role awareness during regular meetings.
  • Encourage questions to clarify responsibilities.
  • Assess current tools for effectiveness and compatibility.
  • Stay informed about new security tools and technologies.
  • Update procedures based on recent incidents and findings.
  • Incorporate feedback from incident response exercises.
  • Document all changes and communicate updates to the team.
  • Identify key stakeholders and their contact information.
  • Define communication protocols and channels for incidents.
  • Develop templates for incident notifications.
  • Test communication plan during tabletop exercises.
  • Ensure timely updates and follow-ups during real incidents.

Compliance and Governance

  • Identify applicable regulations for your industry.
  • Assess current AWS configurations against compliance requirements.
  • Document compliance status for each regulation.
  • Engage legal and compliance teams for insights.
  • Implement necessary changes to meet compliance.
  • Create an AWS Organization if not already set up.
  • Organize accounts into appropriate Organizational Units (OUs).
  • Apply Service Control Policies (SCPs) to enforce governance.
  • Regularly review account structure for efficiency.
  • Train staff on using AWS Organizations effectively.
  • Schedule assessments at regular intervals (quarterly or bi-annually).
  • Use AWS Tools like Inspector and Config for automation.
  • Review findings and prioritize vulnerabilities.
  • Engage third-party auditors if necessary.
  • Document all findings and remediation actions.
  • Draft clear, concise security policies relevant to your AWS usage.
  • Update documentation regularly to reflect changes.
  • Ensure accessibility of documentation for all stakeholders.
  • Conduct training sessions on policies for staff.
  • Store documentation securely in a version-controlled environment.
  • Establish a feedback loop from audits and incidents.
  • Review and analyze findings to identify trends.
  • Update policies and procedures based on insights.
  • Communicate changes to all relevant stakeholders.
  • Monitor implementation of improvements for effectiveness.
Download CSV Download JSON Download Markdown Use in Manifestly