accounts - Very large - Many tenants - Biggest tenant is Digital Delivery Centre - Some tenants are inexperienced with AWS l Automated Infrastructure, so extendable to other accounts
specific environment l Auto-remediation l AWS services do the heavy lifting l Pipeline • - Separate Security Pipeline - biggest piece of work - Also needed for account baselining
eg./ ports open to 0.0.0.0/0 except 80 or 443 l CloudTrail changes to trail l Network ACL changes l S3 buckets being made public l Internet Gateway changes l Route Table changes l Customer Gateway changes l Config changes to resource tracking l Log Analysis for PII
Begin with Unauthorized ports open to unapproved IP range l Discovery of open ports l Talk to responsible teams - Any legitimate use cases? - Education - Consulting help l Whack-a-mole l Biggest causes - Packer used for AMI generation - ElasticBeanstalk
Event we want to receive • Analyse the API Call instead of the outcome • AWS API Call via CloudTrail contains following: • API Call result • API Call Request Parameters • Error Code and Error Message • Api Caller • API Caller IP Address
API Documentation. • Make use of “Dead Letter Queue” Concept. • Focus on Lambda Run Time and Context Reuse • Build a sustainable, serverless, secured Deployment pipeline