AWS Security Services: IAM, S3, CloudTrail

January 19, 2023

With the advent of cloud computing, individuals, enterprises, and large organizations are migrating towards the cloud. AWS cloud is the most popular cloud service provider, supporting over 100 services. Given its complexity and ubiquity, misconfigurations are common, and AWS is an attractive attack vector. However, the variety of security service can also become quite intimidating for newcomers and leave them unsure of where to start. We capture just a tiny amount of services that are available to use in the AWS security Eco-system.

AWS Identity and Access Management (IAM)

Whether you are a small company with a single account or a massive one with thousands of accounts to have different teams accessing resources simultaneously when working on projects, now the question arises of how we can provide access to the team securely.

With AWS IAM, access can be provided to users within the same account as well as to users from other AWS accounts. Access to resources can be restricted with the help of IAM policies.

IAM risks misconfigurations that result in security vulnerabilities, such as:

  • Creating privileged roles which can be assumed by any AWS user. Anyone knowledgeable about the role can assume the role and perform privileged operations.
  • Providing overly permissive privileges to a role used by a service such as EC2 or Lambda. Upon exploiting a vulnerability/misconfiguration in the application running/using the service, the attacker might get hold of the role’s temporary access credentials, allowing the attacker to perform privileged operations.
  • Providing low-privileged users the ability to perform critical IAM operations such as attaching policy, adding a user to the group, etc.

Here are some defensive implementations that you can perform:

  • Utilize AWS Config that comes with prebuilt rules.
  • For IAM permissions, follow the principles of least-privileged access when creating policies and only assign a minimal set of permissions. You can also limit IAM permissions using service control policies and permissions boundaries.

    AWS S3

    Amazon Simple Storage Service (AWS S3) is a storage service that offers industry-leading scalability, data availability, security, and performance. AWS S3 can be used by all sizes of companies and industries with all kinds of use cases like mobile/web applications, big data, machine learning, and many more.

    AWS storage services have different provisions for highly confidential, frequently accessed, and not-so-frequently accessed data. However, S3 is highly scalable, reliable, and easy to use.

    Here are some security practices for AWS S3 to consider:-

    1. Implement least privilege identity policies to limit access to S3 resources by combining Identity and Access Management (IAM) policies, bucket policies, and S3 Access Points.
    2. Ensure that your S3 buckets are not publicly accessible. Block it at the organizational level.
    3. Encrypt all Amazon S3 data at rest using Server-side Encryption (SSE) or client-side encryption.
    4. Using versioning will help to preserve, retrieve, and restore your objects.
    5. Use Macie to scan for sensitive data outside of designated areas.
    6. Enable logging for S3 using CloudTrail.
    7. Identify and audit all of your Amazon S3 buckets.
    8. Implement monitoring of your S3 environment and bucket policies.

    CloudTrail

    In the Cloud, everything works with an API call, whether using the management console, the CLI, or the AWS SDK. CloudTrail monitors all actions (i.e., API Calls) in AWS. This becomes very useful in incidents and troubleshooting why some security service is not working.

    Do these steps to get started:

    1. Turn on CloudTrail.
    2. Create an IAM user with limited privileges (e.g., can access EC2 but not S3).
    3. Analyze the events in CloudTrail for this user creation.
    4. Try doing something which your IAM policy does not allow (accessing S3 when you can only create EC2).
    5. Look at how the events appear for this failed event.

    Written by Chetan Melhotra

    Cloud Computing Insights and Resources

    Application Modernization: An Essential Step Towards Digital Transformation

    Application Modernization: An Essential Step Towards Digital Transformation

    What is Application Modernization and Why it is Important? The process of modernizing outdated software for newer computer paradigms, such …

    Application Modernization: An Essential Step Towards Digital Transformation Read More »

    Best Practices for Cost Optimization on AZURE Cloud 

    Best Practices for Cost Optimization on Azure Cloud Computing Services

    According to Microsoft, Azure has more than 68,000 partners and is a preferred choice for approximately 95% of Fortune 500 …

    Best Practices for Cost Optimization on Azure Cloud Computing Services Read More »

    AWS Security Group vs NACL

    AWS Security Group vs NACL AWS Cloud provides significant protection natively to build a networking stack. There are two main …

    AWS Security Group vs NACL Read More »