Category Recommended Security Configuration AWS Service

Security Event Monitoring,

It is recommended to setup the security dashboard to prioritize,
notification & Incident AWS Security Hub
report and notify the security events across AWS services
management
Monitor the traffic reported by VPC flow logs, CloudTrail logs in real
Threat intelligence Amazon GuardDuty
time to identify threats.

Use a centralized key management system for managing the keys

Encryption and Key
and for the rotation of the encryption keys to protect data at rest – AWS KMS
Management
including resources like EC2, RDS, and others.

Continuously monitor and record configuration changes of all AWS

resources across accounts. Setup notifications to notify of any
Compliance, Configuration
misconfigurations that occur such as enabling public S3 buckets by AWS Config
monitoring
accident or allowing all in security group. Enforce the rules to detect
the usage of approved/hardened AMIs, EBS encryption and such.

Periodically monitor the usage of roles and permissions across

Implement principle of various AWS accounts and Remove the unnecessary or unused roles
AWS IAM Access Analyzer
least privilege and permissions from the customers and applications and grant only
the required permissions using the AWS CloudTrail Events.
Tag Policies (Tags helps to adopt a
standardized approach for tagging
Define key-value pair that can added to resources such as AWS EC2.
Resource Inventory and AWS resources. We can create tags
Get visibility of all the AWS resources with tags and gain insights
cost management to specify Environment, Cost center,
such as cost per strategic groups of resources.
project, App, Tier and other
required metadata.)
Vulnerability and patch Automate the vulnerability and patch management process across Amazon Inspector and AWS Systems
management resources. Manager.
When an AWS account is created, an account root user with full
access to all the resources and services in the AWS account will be
created. The account root user owns the AWS account. A regular
IAM user is created by the root user or by an administrator. An
account root user has highest privileges for the given account and as
such should be protected with enhanced security controls. Enable
the below given security controls for the account’s root user:
1.Enable Multi Factor Authentication (MFA): We can configure
virtual devices to provide additional layer of security for the root
user access.
Root user security AWS IAM, AWS CloudTtrail
2.Administrator user: Root user must create a new administrator
user for setting up AWS Control Tower. We can create a new
administrator user with AdministratorAccess managed policy. Only
administrator user should be used to setup the control tower.
3.Delete access key and secret key of root user: Delete access key
and secret key of root user to prevent programmatic access. Root
user can access the AWS services through web console.
4.Root user activities: Root user should not be used for any other
activity apart from setting up administrator user and for bill
payment/view activities.