Three easy steps to secure your AWS platform
The beginning of the year tends to be a busy time for information security professionals, and this year is turning out no different: the CircleCI breach over the holiday period is making waves among companies using the platform, and anecdotal evidence suggests that phishing attackers are expectedly taking advantage of staff members returning from the extended break. Therefore this is a great time to consider implementing the three easiest security controls for your AWS platform.
1. Establish secrets management
One of the most common security vulnerabilities we come across is the lack of secrets management. Many times secrets management is left as an afterthought, or as something that can be fixed later while hardcoding of secrets is used as an interim solution. The problem with this approach is that it rarely gets fixed in a timely manner - if it works, it may be difficult to justify prioritising the fix.
The core principle for secrets management is easy: store secrets separately from your application code, enable your application to fetch secrets from wherever you store them, and finally create processes to enable you to rotate secrets periodically - and when required by security events such as the CircleCI breach mentioned above.
In AWS, our default recommendation is to use AWS Secrets Manager for managing application secrets. In some cases and depending on your application, HashiCorp Vault can be a great alternative.
2. Get visibility to potential security incidents
To respond to potential security threats rapidly, you first need to know about them. Therefore it makes sense to set up systems to monitor your AWS estate, and alert your team of any suspicious activity.
Fortunately AWS makes this easy - setup AWS GuardDuty to monitor your AWS accounts 24/7. It is good practice to set up alerting of any GuardDuty findings via email and Slack (or another messaging tool of your choice).
3. Review the access permissions of your team
The final step to secure your AWS platform is to review the access permissions of your team in AWS Identity & Access Management (IAM). It is best practice to ensure that everyone in your team has a personal user account, and no accounts are shared under any circumstances.
Even if you have a robust Joiners/Leavers and Privileged Access Management process in place, we recommend reviewing the list of users in your AWS accounts periodically. Remove any users who do not actively need access - the less user accounts you have, the less chance there is of unauthorised access due to eg. leaked credentials or phishing attacks.
We also recommend reviewing the list of administrators often, and defining access policies using the Principle of Least Privilege: only provide access to the services and functions that are required for fulfilling one’s duties, and nothing else.
Following the three steps above should be reasonably straightforward for your team, but should you need extra help or reassurance, book an appointment with a Releaseworks engineer today.
