Accend Networks San Francisco Bay Area Full Service IT Consulting Company

Tag: AWS Security

Categories
Blogs

What is AWS artifact

What is AWS Artifact.

Amazon Web services has become a bedrock of cloud computing offering a plethora of services to cater for diverse business needs. Among its offerings are the AWS artifacts, a collection of compliance and security reports that provides valuable insights into the security and regulatory compliance of AWS services.

What is AWS Artifact?

AWS Artifact is a centralized resource for accessing documentation related to AWS services’ security and compliance. Additionally, it offers a collection of reports and certifications that can be used by customers, auditors, and regulators to understand AWS’s adherence to industry standards and best practices.

AWS Artifact is not a service you can use to build a resource like an EC2 instance, or an RDS database, in contrast to other AWS services. Instead, you use it to access and download AWS security and compliance data as well as any online agreements.

AWS Artifact provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI) reports, and Service Organization Control (SOC) reports. You can submit the security and compliance documents (also known as audit artifacts) to your auditors or regulators to demonstrate the security and compliance of the AWS infrastructure and services that you use.

The primary categories of artifacts available in AWS Artifacts.

Compliance Reports: These reports detail how AWS aligns with various compliance frameworks such as SOC (Service Organization Control) reports, PCI DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), and more. These reports are invaluable for organizations that need to demonstrate compliance with specific regulations.

Agreements: AWS Artifacts also provides access to agreements such as the AWS Customer Agreement, AWS Data Processing Addendum and others. These agreements outline the terms and conditions governing the use of AWS services and data protection responsibilities.

Third-Party Attestations: AWS Artifacts includes attestations from third-party auditors and assessors. These attestations validate AWS’s security and compliance controls, providing an additional layer of assurance to customers.

Certifications: AWS holds various certifications for its services, including ISO (International Organization for Standardization) certifications, and more. These certifications demonstrate AWS’s commitment to meeting stringent security and compliance requirements.

Benefits of AWS Artifacts

AWS enables you to keep tabs on the resources used by your applications, accessibility, and stored data. Additionally, it offers identification and access control together with ongoing real-time security information monitoring.

Key Features and Benefits

Transparency and Assurance: AWS Artifacts promotes transparency by providing customers with detailed information about AWS’s security and compliance posture.

Simplified Compliance Reporting: For complex organizations instead of conducting extensive audits and assessments, customers can leverage AWS’s compliance reports and certifications to auditors and regulators.

Streamlined Audits: Auditors and regulators can access AWS Artifacts to gain insights into AWS’s security controls and compliance which streamlines the audit process.

Improved Manageability: Allows you to manage agreements with AWS at scale.

Updated and Accessible Documentation: AWS Artifacts ensures that documentation is kept up to date, reflecting the latest security measures and compliance.

How to Access AWS Artifacts

AWS Artifacts can be accessed through the AWS Management Console and AWS CLI. Users with appropriate permissions can navigate to the AWS Artifacts section to view and download the available reports, agreements, attestations, and certifications. I will show a demo on how we can use the AWS management console to download accounts agreement. Proceed as follows.

Log into the AWS management console and type AWS artifacts in the search box, then select AWS Artifacts under services select.

As we can see in the Artifacts console, we can subscribe to notifications for the availability of new reports and agreements or updates to existing reports and agreements.

We can view reports and also view agreements.

To download a report, make sure you have enough permissions then click view report as shown.

In the reports console, we can see we have third party reports and AWS reports. Let’s move with AWS reports. Here there are a range of reports. Select the first one, Accessibility and conformance report then click download.

Download successful, go ahead and access it in your download’s directory. Thats it. This brings us to the end of this blog.

Conclusion

AWS artifacts play a crucial role in enhancing transparency, simplifying compliance reporting and providing a guarantee to customers, auditors and regulators regarding AWS security and compliance practices.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com

Thank you!

Categories
Blogs

Amazon Macie Overview

How Amazon Macie Works

Introduction

As organizations grow, so do the volumes of sensitive data that need to be stored securely. Organizations must comply with the growing data privacy regulations and evolving guidance on protecting their sensitive data. This makes identifying and protecting sensitive data at scale complex, expensive and time consuming. Amazon Macie is a data security service to help you address these challenges. It discovers sensitive data using machine learning and pattern matching and provide visibility into data security risks and enables automated protection against those risks.

What is Amazon Macie?

Amazon Macie is a data security service that discovers sensitive data by using machine learning and pattern matching to automatically discover, classify, and protect sensitive data in Amazon Simple Storage Service (Amazon S3).

When you enable Macie, the service automatically provides an inventory of Amazon S3 buckets and identifies security risks, including buckets that are unencrypted, publicly accessible or shared outside your organization.

Macie automatically samples and analyzes objects in your s3 buckets, inspecting them for sensitive data such us personally identifiable information like names and credit card numbers.

Macie continually adds to its list of sensitive data types. You can also define your own data types to customize it to your unique business needs.

With multi account support using AWS organizations, you can view your data security posture across your s3 environment from a single Macie administrator account.

How does Macie work?

Within a few minutes after enabling Macie for your AWS account, Macie will generate your S3 bucket list in the region where you enabled it. It means Macie works at the region level. Macie will also begin to monitor the security and access control of the buckets. When it detects the risk of unauthorized access or any accidental data leakage, it generates detailed findings.

Macie provides this information to you directly. Macie also uses the information to calculate statistics and provide assessments about the security and privacy of your bucket inventory overall and individual buckets in your inventory. For example, you can find the total storage size and number of buckets in your inventory, the total storage size and number of objects in those buckets, and the total storage size and number of objects that Macie can analyse to detect sensitive data in the buckets.

Types of Amazon Macie findings

Policy Findings: Discover violations of security policies such us access Control, unauthorized access attempts, data not encrypted per policy and many more.

Sensitive Data Findings: Identify types of sensitive data such us PII (Personally Identifiable Information (e.g., SSN)), Financial Data (Financial information (e.g., credit card numbers)).

Use Cases of Amazon Macie

Data Discovery and Classification: Amazon Macie automatically scans the cloud storage, such as Amazon S3 buckets, to identify sensitive data.

Continuous Monitoring and Alerts: Amazon Macie continuously monitors data access and usage patterns, raising alerts for suspicious activities or potential data breaches.

Compliance and Governance: With Amazon Macie’s comprehensive audit trail and reporting capabilities, organizations can demonstrate compliance with data protection regulations, such as GDPR, CCPA, or HIPAA. simplifying compliance audits and ensuring adherence to data governance policies.

Integration with Security Hub and AWS Services: Amazon Macie seamlessly integrates with AWS Security Hub, allowing organizations to consolidate security findings from various services into a unified dashboard.

Custom Data Identifiers: Organizations can use custom data identifiers in Amazon Macie to create specific data patterns tailored to its unique business requirements.

Monitoring and processing Amazon Macie findings

Amazon Event Bridge

With Event Bridge, you can automate monitoring and processing of certain types of events, including events that Macie publishes for findings. To learn more about Event Bridge, see the Amazon Event Bridge User Guide.

AWS Security Hub

AWS Security Hub is a security service that provides you with a comprehensive view of your security state across your AWS environment. With Security Hub, you can review Macie findings as part of a broader analysis of your organization’s security posture. To learn more about Security Hub, see the AWS Security Hub User Guide.

Conclusion

Amazon Macie empowers organisations with unparalleled data security capabilities by automating data discovery, classification and monitoring. For organizations handling vast volumes of sensitive data in the cloud, Amazon Macie stands as a cornerstone, providing the cutting-edge tools needed to safeguard the foundation of their security.

This brings us to the end of this blog, thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com

Thank you!

Categories
Blogs

How to use AWS EventBridge

How to use AWS EventBridge.

What is AWS EventBridge?

AWS EventBridge is a serverless event bus service provided by Amazon Web Services (AWS) that allows you to route events between AWS services, your applications, and third-party SaaS applications. It provides a central location for your applications to publish and receive events, making it easier to build event-driven architectures.

It can react to state changes in resources including AWS and non-AWS resources.

How does AWS Event Bridge work?

AWS EventBridge works by routing events between different AWS services, applications, and third-party SaaS applications. The event bus is the central component of Event Bridge, which provides a way to route events from different sources to different targets.

An event source is a service or application that generates events, and an event target is a service or application that receives events. You can set up rules in Event Bridge to route events from an event source to one or more event targets.

From the above architectural diagram, with AWS EventBridge we have event sources, and state change to those resources gets sent as events to what we call an event bridge event bus. Information is then processed by rules and those rules can then send information through to various destinations.

Let’s take a gain look at another example, let’s say we have an EC2 instance as an event source and an event happens. That event is a termination event of an EC2 instance that gets forwarded to the event bridge Event Bus. A rule gets processed, and that rule then gets sent through to a destination, in this case, an SNS topic after which an SNS notification gets sent through to an email address

Terms associated with EventBridge

Events: An event indicates a change in an environment. For. e.g. Change of an EC2 instance from pending to running.

Rules: Incoming events route to targets only if they match the rule that is specified.

Targets: A target can be Lambda functions, Amazon EC2 instances, Amazon Kinesis Data Streams, SNS, SQS, Pipelines in CICD, Step Functions, etc that receive events in JSON format.

Event Buses: The Event Bus receives an event. When you create a rule, you associate it with a specific event bus, and the rule is matched only to events received by that event bus.

When an event is generated by an event source, it is sent to the Event Bridge event bus. If the event matches one or more rules that you’ve defined, EventBridge forwards the event to the corresponding event targets.

Now let’s make our hands dirty.

Log into the AWS management console, launch an instance, and copy the instance ID.

Then in the search box, type EventBridge and select EventBridge under services. In the EventBridge dashboard click Create rule.

In the Create Rule dashboard, give your rule a name. call it EC2 state change. For the event bus, choose default, then toggle the enable rule on the selected event bus. Click next.

For event sources, select AWS events. Scroll down, under creation method select use pattern form.

Under event pattern for event source select the dropdown button and select AWS service. then for AWS service, select EC2.

For Event-type select EC2 instance state-change notification. For event type specification 1, select a specific state. Then select the drop-down button and select terminated.

For event type specification 2 select specific instance Id. Then copy and paste the instance ID you copied then click next.

Next, scroll down, and let’s specify a target. Choose SNS. For topic go ahead and create your SNS topic. I already have my SNS topic called Email notification.

These are the only settings we need to click Create rule.

So that rule is enabled, let’s go and terminate our EC2 instance. And see what happens.

So back in EC2, click instance state and terminate your instance.

Go to your email and confirm if you’ve received a notification. Here is the notification have received.

This brings us to the end of this demo. Stay tuned for more.

Make sure to clean your resources to avoid surprise bills.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com.

Thank you

Categories
Blogs

Amazon Inspector: Automated and continual vulnerability management at scale

How To Use Amazon Inspector: an automated and continual vulnerability management at scale.

What is Amazon Inspector?

Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure.

How it works.

Amazon Inspector is an automated vulnerability management service that scans AWS workloads for software vulnerabilities and unintended network exposure. At a high level, AWS Inspector is dependent on an SSM agent to be installed in the EC2 instance that will be used to scan and report the security findings. Additionally, the EC2 will need a role that grants SSM to the EC2 instance. AWS Inspector uses the SSM agent to connect to the instance. Note that as of November of 2023, there is a new agentless scan option that is in preview.

AWS Inspector can be supported at the organizational level and scan all accounts in the organization; however, the scope of this blog will be a single account.

In this use case, we will see how Amazon Inspector helps to identify the network vulnerability by performing an accessibility check.

Let’s proceed as follows.

Login to your AWS account using your admin account or an account with admin privileges.

Creation of a new IAM role for the EC2 use case

Remember, the AWS Inspector is dependent on an SSM role or a role with SSM permissions to be able to communicate with the SSM agent inside the EC2. Let’s create this role.

Navigate to IAM, click on Roles then click on the Create role button. You will be prompted to select an entity type, in our case select “AWS service”, and for service select EC2. This will create a trust policy that will allow EC2 to assume it. Click Next.

Now we must add permissions to the role that the EC2 will assume. Under the Add permissions config screen, search for AmazonSSMManagedInstanceCore, select it, and click Next.

In the next window, give the role a name (SSMRoleForInspector) and click Create role.

Creation of EC2 Instance

Go to the AWS Management Console, select instances in the EC2 console, then click Launch instances in the instances dashboard shown below.

Add the Name as nameEC2Demo, and under instance type, select t2. Micro which is free tier eligible. Scroll down.

Under application and OS, select the QuickStart tab then select Amazon Linux. Under AMI select Linux 2 AMI this is also free tier eligible.

Scroll down to the firewall and security section, Select the existing security group then choose the default security group. Click on the launch instance.

Attach the SSM agent role to the EC2 instance.

Select your instance, click on Actions, then click Security, and then click on Modify IAM role.

Within the Modify IAM role screen, select the role you created earlier. In my case, I am selecting SSMRoleForInspector Click on Update IAM role.

Select your instance then move to the security tab, Select the default security group. Then click edit the inbound rule.

Click Add a new rule and open the port21 to anywhere from the internet then click Save rule.

Note: Port 21 is not recommended to keep open on our instances. We are inducing a security thread here.

Running an Amazon Inspector -To Discover the security vulnerabilities.

Go to the management console under services and select Amazon Inspector. Then click Get Started.

Activate Inspector and view your permissions.

Once Inspector is activated, we will get a green banner as our first scan is underway.

Go to Account Management, then move to the Instances tab and select unmanaged instances. You will see the below message.

This means this instance is not managed by SSM. Please click on the instructions hyperlink to remediate the issue.

Eventually, it will redirect to AWS Systems Manager, in input parameters, choose the instance ID and Click Execute.

Once execution is completed, Go to Amazon Inspector and select the instance findings.

Go to findings, where you will see the induced security thread as high.

Go to EC2 Instances, Inbound security group, and delete the induced port21. Click Save rules.

To review the findings again, Go to Account Management, Instances, and select unmanaged instances. Follow the instructions like giving out instance ID etc. Click execute.

With this, we have seen now how Amazon Inspector helps to find the Network Reachability vulnerability.

To avoid billing, terminate the instances that you had created and make sure you deactivate the Amazon inspector for all instances.

This brings us to the end of this demo. Stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com.

Thank you!

Categories
Blogs

How To Monitor AWS API Activity with AWS CloudTrail

How To Monitor AWS API Activity with AWS CloudTrail

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. AWS CloudTrail is a service that you can use to capture information about the API actions happening in your AWS account, AWS SDKs, command line tools, and other AWS services.

What is CloudTrail?

CloudTrail continuously monitors and logs account activity across all AWS services, including actions taken by a user, role, or AWS service. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.

Why Use CloudTrail?

Here are some key reasons to use CloudTrail:

Audit Compliance: CloudTrail logs provide detailed records of all API calls, which can be used to audit compliance.
Security Analysis: The API call logs can be analyzed to detect anomalous activity and unauthorized access to determine security issues.
Operational Issues: The activity history can help troubleshoot operational issues by pinpointing when an issue began and what actions were taken.
Resource Changes: You can identify what changes were made to AWS resources by viewing CloudTrail events.

CloudTrail Log Files

CloudTrail log files contain the history of API calls made on your account. These log files are stored in Amazon S3 buckets that you specify. You can define S3 buckets per region or use the same bucket for all regions.

The log files capture API activity from all Regions and are delivered every 5 minutes. You can easily search and analyze the logs using Amazon Athena, Amazon Elasticsearch, and other tools.

CloudTrail Events

CloudTrail categorizes events into two types:

Management events

Provides information about management operations performed on resources in your AWS account. These include operations like creating, modifying, and deleting resources.

Data events

Provides information about resource operations performed on or in a resource. These include operations like Amazon S3 object-level API activity.

By default, AWS logs and retains management events for a period of 90 days. but this timeframe might need to be revised for your requirements. To overcome this, you can create a CloudTrail trail, enabling you to log events in S3 for indefinite retention. Each trail you create can be region-specific or it can be applied to all regions. Furthermore, you can leverage CloudWatch events to trigger actions based on API calls that are made and logged in CloudTrail.

Using information generated by CloudTrail.

In the above architecture, we have AWS CloudTrail that will log API actions for 90 days. We can then choose to create a trail and log our events to Amazon S3 indefinitely. Furthermore, we can also enable log file integrity validation. This checks whether the events that are being logged have been tampered with or not, hence ensuring the accuracy of logged events for auditing and compliance since we need to ensure that the information is accurate and has not been modified. Additionally, we can also trigger notifications through SNS topics upon log file publication. We can also forward data to CloudWatch logs, enabling actions like setting alarms or using subscription filters. Alarms triggered by CloudWatch logs can execute Lambda functions or notify through SNS topics. Again, forwarding information to CloudWatch Events can trigger Lambda functions based on API actions. So, we see there are lots of ways we can use the information generated by CloudTrail.

Hands-on creation of CloudTrail trail.

Log into the management console then in the search box under services, type CloudTrail, then select CloudTrail under services.
In the CloudTrail dashboard click Create a Trail.
Under trail name, give it a name and call it management events. We will create this trail only for this account so we will not tick the box for enable for all accounts in my organization.

It’s going to need a storage location, and by default, it will create an S3 bucket. And give it a unique name. So, we will leave that as the default.
To encrypt the information in your bucket select the new key and call it CloudTrail.

Logfile validation is enabled by default Scroll down.
Under CloudWatch, enable it. CloudTrail will need a role to send a trail to CloudWatch so select a new role and give it a name then scroll down and click next.
Under the type of event, we will move with the management events.
API activity will be read and write then click next, review and click create a trail.
We have successfully created a trail and we can see its status is logging.

This brings us to the end of this blog. Cleanup.


Stay tuned for more.


If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com.


Thank you!