|
Area | Inspection items | Risk level | Security guide |
|
IAM | Is there a complexity setting for the password for the IAM account that is used to connect to the AWS Console? | High | Complexity setting of the password for the IAM account that is used to connect to the AWS Console- - At least one alphabetic character must be included At least one number must be included Must choose at least one character excluding alphanumeric characters- - Safe when all 3 settings above are enabled |
Is there a minimum password length set for the IAM account that is used to connect to the AWS Console? | Medium | Minimum password length setting for the IAM account that is used to connect to the AWS Console - Safe when it is set to ‘Password must be at least 8 characters’ |
Is it possible to allow the users to change their own password for the IAM account that is used to connect to the AWS Console? | Low | Allow users to change their own password for the IAM account that is used to connect to the AWS Console - Allowing the users to change their own password |
CloudTrail | Is the CloudTrail Tracking Creation enabled? | High | Activate CloudTrail Tracking Creation - Performs audits on API Call History by enabling CloudTrail Tracking - Perform monitoring of abnormal behaviors through a routine inspection of VPC Flow Log |
Are integrity checks performed on the CloudTrail logs stored in S3? | Medium | Integrity Validation of CloudTrail logs stored in S3 - Log File verification is enabled - Perform regular reviews of log file integrity |
Are periodic audits performed on the CloudTrail logs? | High | Periodic audit of CloudTrail logs - Monitor unauthorized activities through a periodic (regular) audit of log files - Conduct user interviews of unauthorized activities |
KMS | Are the plans for the periodic change of customer management keys (generated by KMS) properly prepared and implemented? | High | Regularly change customer management keys generated through KMS - Manually/automatically performing key changes/management |
Is the permission to use KMS-generated keys reviewed on a regular basis? | High | Regular review of KMS-generated key permission - Perform periodic audits of unused accounts and roles through a regular review of key permission |
|