5 Security Tips for your AWS Account cardingcvvru, sellvccpaycom
Implement Force MFAThe theme of the annual RSA conference this year was Human Element . Humans will always be an integral aspect of a cybersecurity program, despite the advancements we have made in technology. However, humans oftentimes make mistakes. Configuring MFA on AWS is simple for each user however, disabling MFA is also fairly simple for each user. This human aspect of removing MFA has caused significant findings in compliance assessments I have performed forsome of the largest companies in the world. Implementing a “Force MFA” IAM policy will help eliminate this risk of humans being human, this IAM policy requires users to set up and maintain their own MFA devices and prevents them from accessing any AWS resources until they authenticate with MFA. Essentially, users can only enable MFA when their account is created and cannot access any other resources within AWS until MFA is enabled and utilized.
CloudTrail AWS CloudTrail allows you to audit, continuously monitor, and assess account activity taken through the AWS Management Console, AWS SDKs, command-line tools, and other services. This tool is valuable for audits but also for ongoing event-driven security. Enabling AWS CloudTrail is a minimum security requirement but these additional recommendations should also be considered:
ConclusionThese recommendations listed above describe how you can utilize native services within your AWS account to secure your resources and reduce audit fatigue during an SOC 2 examination. Leveraging these strategies is table stakes when operating a production environment on AWS. AWS makes it easy for administrators to implement these strategies and utilize to provide auditors with less evidence that is technically accurate and provides deeper assurances regarding the compliance of your account and resources.