You can perform an AWS Security Audit by reviewing several elements of the cloud, including:
- Identity Access Management (IAM)
- Virtual Private Cloud (VPC)
- Elastic Compute Cloud (EC2) and S3
To do an AWS Security Audit, begin with basic questions, such as:
- Is the user authorized? Are data protected?
- Are the passwords secure enough?
Audit Identity Access Management (IAM)
To audit IAM, make a list of the people who use your system. Then, separate the list into two categories: active and inactive. Active users could be users who’ve logged in within the past three to six months or even weeks. It depends on your criteria. When done, delete the accounts of the inactive users.
You should perform another IAM audit on security credentials. If there are any leaks of passwords, work e-mail addresses, or the security database, delete these data. Frequently change your passwords and make them stronger.
Auditing a Virtual Private Cloud (VPC) involves customizing unique configurations for each cloud environment. For example, configurations for production shouldn’t be the same as the ones for testing.
You can fully configure:
- A unique IP address for each network segment.
- A unique subnet mask for each network segment.
- Unique gateways for each segment.
To audit an elastic compute cloud:
- Run only relevant EC2 instances.
- Terminate irrelevant instances, such as those used for testing and experimentation.
- Check that there are no unused secure groups.
- Whitelist IP addresses and attach a description for each IP.
To audit S3, check the following:
- Only give important HTTP commands, such as DELETE, to authorized users.
- Enable versioning in the S3 bucket.
- Enable logging in the S3 bucket.
Audit Mobile Apps
If you have mobile apps in the cloud, each application will need an audit to ensure it’s safe and secure. Use this checklist to audit mobile apps:
- Ensure there are no access keys in your mobile app. Even with encryption of access keys, they’re still too risky in mobile apps.
- Eliminate all permanent credentials for your mobile app. Replace them with temporary credentials, which allows you to change security keys frequently.
- Ensure your mobile app supports Multi-Factor Authentication with Bing or Google Authenticator.
- Enable multiple ways of logging in for users using popular identity providers, such as Google, Facebook, or Amazon.
AWS has several tools to help perform a security audit. However, each tool will perform its audit independently. For example, AWS CloudTrail can audit AWS processes and assess security risks. nOps, a certified AWS partner, helps companies with security audits. The nOps dashboard syncs with CloudTrail to give more insights on risks and assessments for each audit criteria.
Users can get notifications of audit results from their entire cloud system. In addition to one-time audits, the nOps system has ongoing audits. The dashboard gives insights on change management, unused instances, critical data, and much more. A good CloudTrail interface can help you perform AWS audits faster. Learn how the nOps AWS CloudTrail dashboard can help accelerate your security audit.