|
| Area | Inspection items | Risk level | Security guide |
|
| IAM | Is there a complexity setting for the password for the IAM account that is used to connect to the AWS Console? | High | Complexity setting of the password for the IAM account that is used to connect to the AWS Console-
- At least one alphabetic character must be included
At least one number must be included
Must choose at least one character excluding alphanumeric characters-
- Safe when all 3 settings above are enabled |
| Is there a minimum password length set for the IAM account that is used to connect to the AWS Console? | Medium | Minimum password length setting for the IAM account that is used to connect to the AWS Console
- Safe when it is set to ‘Password must be at least 8 characters’ |
| Is it possible to allow the users to change their own password for the IAM account that is used to connect to the AWS Console? | Low | Allow users to change their own password for the IAM account that is used to connect to the AWS Console
- Allowing the users to change their own password |
| CloudTrail | Is the CloudTrail Tracking Creation enabled? | High | Activate CloudTrail Tracking Creation
- Performs audits on API Call History by enabling CloudTrail Tracking
- Perform monitoring of abnormal behaviors through a routine inspection of VPC Flow Log |
| Are integrity checks performed on the CloudTrail logs stored in S3? | Medium | Integrity Validation of CloudTrail logs stored in S3
- Log File verification is enabled
- Perform regular reviews of log file integrity |
| Are periodic audits performed on the CloudTrail logs? | High | Periodic audit of CloudTrail logs
- Monitor unauthorized activities through a periodic (regular) audit of log files
- Conduct user interviews of unauthorized activities |
| KMS | Are the plans for the periodic change of customer management keys (generated by KMS) properly prepared and implemented? | High | Regularly change customer management keys generated through KMS
- Manually/automatically performing key changes/management |
| Is the permission to use KMS-generated keys reviewed on a regular basis? | High | Regular review of KMS-generated key permission
- Perform periodic audits of unused accounts and roles through a regular review of key permission |
|
