Open in app

Sign in

Write

Sign in

[AWS security]Monitor Non-compliant and Unsecure Resources with AWS Config

Takahiro Oda
4 min readJan 8, 2022

--

overview

First, I will explain what is AWS config, then practice the usage of AWS Config. When it is finished with this lab, you’ll have a thorough understanding of the usage of AWS Config Rules to monitor non-compliant and unsecure resources.

AWS Config

  • Tracks configuration changes and maintains a history (up to 7 years)
  • Evaluate configuration changes against compliance policies
  • Integrate with ITSM such as JIRA, Service NOW

common use cases

  • audit and compliance
  • operational govenance
  • security intelligence
  • integration with ITSM/CMDB

DEMO

scenario

Your organization wants to set up a mechanism to identify all non-compliant and unsecured EC2 instances and S3 buckets. You have been asked to use AWS Config and setup rules:

To identify EC2 instances which have unrestricted SSH access.

To identify S3 buckets which do not have server side encryption enabled.

So there are two EC2 instances and one S3 bucket

Enable AWS Config and Setup Config Rules

  • go to config> get started
  • leave all the settings as default and click on the Next button.
  • search and select following two rules:
  • restricted-ssh
  • s3-bucket-server-side-encryption-enabled
  • review the two selected rules and then click on the Confirm button. This step creates an additional S3 bucket in your account.
  • Wait and refresh the screen a couple of times to see the Compliance status in red, against both the rules.

Remediate the Non-compliant Resources

  • From the left side of the Config menu, select Rules. You need to remediate the S3 bucket now. Click on the rule s3-bucket-server-side-encryption-enabled.
  • In the Choose resources in scope section, note down each ID under the Resource ID column. These are the IDs of the non-compliant S3 buckets.
  • Navigate to S3 from the Services menu in the top navigation. Click on the bucket with one of the names noted in the above step. Click on the Properties tab.
  • Scroll to the Default encryption section and click Edit. Select Enable and then click on the Save button.
  • Navigate to EC2 from the Services menu in the top navigation. From the left side of the EC2 menu, select Security Groups. Click on the Security Group with the ID noted in the above step. In the Inbound Rules tab, click the Edit inbound rules button.
  • Provide a restricted CIDR block as 10.0.0.0/16 Click on the Save Rules button.

Re-evaluate the Config Rules

  • From the left side of the Config menu, select Rules. Select the name of the restricted-ssh and s3-bucket-server-side-encryption-enabled rule, and select Re-evaluate.

You should now see the Compliance column as Compliant now for both the rules.

Aws Config
Compliance
Evaluate
S3 Bucket
Ec2 Instance

--

--

Takahiro Oda
Takahiro Oda

Written by Takahiro Oda

439 Followers
1 Following

Cloud security engineer https://www.linkedin.com/in/takahiro-oda-881423197/

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams