3 major AWS Security Issues You Should Watch Out For

Why should you understand AWS and AWS Security Issues?  

When developing or hosting with AWS, there are some significant security concerns that should be avoided or addressed. Understanding the AWS Shared Responsibility Model and doing your bit to protect your AWS Network can help you prevent security risks that could harm your enterprise architecture and give hackers and cyber criminals unwanted access.  

There are multiple aspects that need to be considered when dealing with security measures. For simplicity, I have divided it into 3 major sections.  

1. Authentication  
2. Authorization  
3. Logging & Tracking Mechanism  

Authentication 

One should use MFA authentication wherever required.   

Multi-factor authentication (MFA) in AWS is a simple best practice that adds an extra layer of protection on top of your username and password. With MFA enabled, when a user signs in to an AWS Management Console they will be asked to enter their username and password and then they will be asked to enter an authentication code from their MFA device. Using MFA enabled on S3 buckets for deletion will secure you from accidentally deleting objects.  

Rotate Keys and Password 

Rotating access keys and password every 90 days is the best security practice you can set up for every user.   

Avoid Hard-Coding secrets 

You can use AWS IAM roles to provide temporary, transient credentials for accessing AWS services when developing apps on the platform. Some applications, however, need credentials that last longer, like API keys or database passwords. If so, you shouldn’t save these secrets in source code or hardcode them into the application. Alternatively, you can use Aws service Secret Manager to control information in the application. Database credentials, API keys, and other secrets may all be rotated, managed, and retrieved using Secrets Manager throughout their lifetime. Instead of hard-coding confidential information in plain text, users and apps can retrieve secrets by calling the Secrets Manager APIs.  

Authorization 

A server uses authorization to decide whether a client is allowed to access a file or use a resource. 

In order to give the server some idea of the identity of the client requesting access, authorization is frequently combined with authentication. 

Limiting Access for Identity and Access Management (IAM) Users 

• Providing access only to what is required for a user is a must and best practice to follow while working in an AWS environment which will ensure limiting access to a user and avoid giving too much control which is not needed for the user. Ensure the right users have the right permission and always provide limited access to the users.  

Limiting Traffic to Only where it is Needed 

• Allowing traffic inbound and outbound should be monitored and controlled to a destination where it is required. Try to avoid Anywhere access or open public access wherever it is required. Manage port control from the Security Groups and Traffic Controlling via NACL.  

Access Control on S3 Buckets 

• A thorough understanding of the S3 bucket access policy is crucial for every enterprise organization. By default, all public access is disabled; it should only be turned on when necessary or when there are no sensitive S3 objects to access. Enable logging on your S3 buckets and try to restrict access to S3 data as much as you can. By using S3 bucket access policies, you can restrict access so that users can only access buckets that contain the objects they need to access.  

Logging & Tracking Mechanism  

In contrast to logging, which offers a high-level view of a discrete, event-triggered log, tracing offers a considerably more comprehensive, ongoing picture of an application.  

Enable CloudTrail Logging 

With the use of the service Amazon CloudTrail, you can monitor your Amazon Web Services account’s governance, compliance, operational efficiency, and risk exposure. You may keep track of account activity connected to operations throughout your Amazon Web Services infrastructure using CloudTrail by logging, continually monitoring, and archiving it. The activities made using the Amazon Management Console, Amazon SDKs, command-line tools, and other Amazon Web services are included in the event history of your Amazon Web Services account activity provided by CloudTrail. The tracking of resource changes, security analysis, and troubleshooting are all made easier by this event history. Audit logging should always be enabled to keep track of all your account activities.  

Enable S3 Logs 

Enabling S3 logs will give you good security control, allowing you to monitor information about requests made to S3 buckets, which is helpful for access and security audits. Server access logs are not often collected by Amazon S3 by default. When logging is enabled, Amazon S3 sends access logs for a source bucket to a designated destination bucket. The target bucket must not be configured with a default retention period and must be in the same AWS Region and AWS Account as the source bucket.  

Why do these AWS security concerns happen so frequently? 

AWS is a platform that may do a lot for clients but is also complicated for businesses of all kinds. Even the largest information security teams and the best-trained cloud techs need to be aware of the security flaws that can be caused by incorrect AWS setups and permissions.  

Ashish Christian 15 Sep 2022

TABLE OF CONTENT

Authentication

Authorization

Logging & Tracking Mechanism