{"id":28483,"date":"2023-02-27T09:58:47","date_gmt":"2023-02-27T09:58:47","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=28483"},"modified":"2023-02-27T09:58:50","modified_gmt":"2023-02-27T09:58:50","slug":"aws-security-assessment-solution","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/aws-security-assessment-solution\/","title":{"rendered":"Aws-Security-Assessment-Solution – An AWS Tool To Help You Create A Point In Time Assessment Of Your AWS Account"},"content":{"rendered":"\n

Aws-Security-Assessment-Solution<\/strong> is an AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks.<\/p>\n\n\n\n

Self-Service Security Assessment tool<\/h2>\n\n\n\n

Cybersecurity remains a very important topic and point of concern for many CIOs, CISOs, and their customers. To meet these important concerns, AWS has developed a primary set of services customers should use to aid in protecting their accounts. Amazon GuardDuty, AWS Security Hub, AWS Config, and AWS Well-Architected reviews help customers maintain a strong security posture over their AWS accounts. As more organizations deploy to the cloud, especially if they are doing so quickly, and they have not yet implemented the recommended AWS Services, there may be a need to conduct a rapid security assessment of the cloud environment.<\/p>\n\n\n\n

With that in mind, we have worked to develop an inexpensive, easy to deploy, secure, and fast solution to provide our customers two (2) security assessment reports. These security assessments are from the open source projects \u201cProwler<\/a>\u201d. Prowler can help with a point in time assessment based on AWS best practices and can help quickly identify any potential risk areas in a customer\u2019s deployed environment. If you are interested in conducting these assessments on a continuous basis, AWS recommends enabling Security Hub\u2019s Foundational Security Best Practices standard<\/a>. If you are interested in integrating your Prowler assessment results with Security Hub, you can also do that from Prowler natively following instructions here<\/a>.<\/p>\n\n\n\n

In addition, we have developed custom modules that speak to customer concerns around threats and misconfigurations of those issues, currently this includes checks for ransomware specific findings.<\/p>\n\n\n\n

<\/a><\/h1>\n\n\n\n

ARCHITECTURE OVERVIEW<\/h2>\n\n\n\n

<\/a><\/h2>\n\n\n\n

Overview – Open Source project checks<\/h2>\n\n\n\n

The architecture we deploy is a very simple VPC with two (2) subnets, one (1) NAT Gateway, one (1) EC2 instance, and one (1) S3 Bucket. The EC2 instance is using Amazon Linux 2 (the latest published AMI), that is patched on boot, pulls down the two projects (Prowler), runs the assessments and then delivers the reports to the S3 Bucket. The EC2 instances does not deploy with any EC2 Key Pair, does not have any open ingress rules on its Security Group, and is placed in the Private Subnet so it does not have direct internet access. After completion of the assessment and the delivery of the reports the system can be terminated.<\/p>\n\n\n\n

The deployment is accomplished through the use of CloudFormation. A single CloudFormation template is used to launch a few other templates (in a modular approach). No parameters (user input) is required and the automated build out of the environment will take on average less than 10 minutes to complete. These templates are provided for review in this Github repository.<\/p>\n\n\n\n

Once the EC2 Instance has been created and begins, the two assessments it will take somewhere around 40 minutes to complete. At the end of the assessments and after the two reports are delivered to the S3 Bucket the Instance will automatically shutdown, You may at this time safely terminate the Instance.<\/p>\n\n\n\n

<\/a><\/h2>\n\n\n\n

How to deploy this tool<\/h2>\n\n\n\n