Detections
Analytics
Revision 1.27Dec 12, 2018
Informational Update
- Bootstrapping
- Building Threat Protection Layers
- CLOUDTRAIL: CloudTrail logs are not publicly accessible - 'Review S3 Buckets
- Conclusion
- Controlling Security for Public AMIs
- Creating Custom AMIs
- Cross-Account Access
- Decommission Data and Media Securely
- Define and Categorize Assets on AWS
- Design Your ISMS to Protect Your Assets on AWS
- EC2: DescribeAccountAttributes - 'supported platforms'
- EC2: DescribeAddresses - 'Review list of interface assignments and private IPs'
- EC2: DescribeAddresses - 'Review list of public IPs'
- EC2: DescribeAvailabilityZones: 'Avalable availability zones list'
- EC2: DescribeCustomerGateways - 'Review list of customer gateways'
- EC2: DescribeDhcpOptions - 'DHCP DNS Servers'
- EC2: DescribeDhcpOptions - 'DHCP domains'
- EC2: DescribeInstanceStatus - 'Review instances with impaired system status'
- EC2: DescribeInstanceStatus - 'Review instances with impared instance status'
- EC2: DescribeInstanceStatus - 'Review instances with insufficient-data instance status'
- EC2: DescribeInstanceStatus - 'Review instances with insufficient-data system status'
- EC2: DescribeInstanceStatus - 'Review pending instances'
- EC2: DescribeInstanceStatus - 'Review shutting down instances'
- EC2: DescribeInstanceStatus - 'Review status of instances'
- EC2: DescribeInstanceStatus - 'Review stopped instances'
- EC2: DescribeInstanceStatus - 'Review terminated instances'
- EC2: DescribeInstances - 'Review list of current VPCs and their platforms'
- EC2: DescribeInstances - 'Review list of current VPCs and their status'
- EC2: DescribeInstances - 'Verify the architecture of instances'
- EC2: DescribeInstances - 'Verify the private IP addresses of instances'
- EC2: DescribeInstances - 'Verify the public IP addresses of instances'
- EC2: DescribeInstances - 'Verify the root device of instances'
- EC2: DescribeInstances - 'Verify the security group of instances in the VPC'
- EC2: DescribeInternetGateways - 'Review list of internet gateways'
- EC2: DescribeKeyPairs - 'Key names currently in use'
- EC2: DescribeNetworkAcls - 'Review list of network ACLs'
- EC2: DescribePlacementGroups - 'Placement groups currently in use'
- EC2: DescribePlacementGroups - 'Placement groups deleted or deleting'
- EC2: DescribePlacementGroups - 'Placement groups pending'
- EC2: DescribeRegions - 'Regions that are currently available'
- EC2: DescribeRouteTables - 'Review manually added routes'
- EC2: DescribeRouteTables - 'Review routes defined for VPCs'
- EC2: DescribeSecurityGroups - 'Review security groups'
- EC2: DescribeSubnets - 'Available IP Addresses'
- EC2: DescribeSubnets - 'Current subnet list'
- EC2: DescribeSubnets - 'Default subnets'
- EC2: DescribeSubnets - 'Pending subnets'
- EC2: DescribeSubnets - 'Subnets which map public IP'
- EC2: DescribeSubnets - 'Subnets with no available IP addresses'
- EC2: DescribeVolumes - 'Attached volumes'
- EC2: DescribeVolumes - 'Current available volume list'
- EC2: DescribeVolumes - 'Current in-use volume list'
- EC2: DescribeVolumes - 'Current volume sizes'
- EC2: DescribeVpcs - 'Review the current VPC list'
- EC2: DescribeVpnConnections - 'Review deleted VPN connections'
- EC2: DescribeVpnConnections - 'Review existing VPN connections'
- EC2: DescribeVpnConnections - 'Review pending VPN connections'
- EC2: DescribeVpnGateways - 'Review list of VPN Gateway attachments'
- EC2: DescribeVpnGateways - 'Review list of VPN Gateways'
- IAM Roles for Amazon EC2
- IAM: GetAccountSummary - 'Groups'
- IAM: GetAccountSummary - 'MFADevicesInUse'
- IAM: GetAccountSummary - 'Roles'
- IAM: GetAccountSummary - 'RolesQuota'
- IAM: GetAccountSummary - 'ServerCertificates'
- IAM: GetAccountSummary - 'ServerCertificatesQuota'
- IAM: GetAccountSummary - 'SigningCertificatesPerUserQuota'
- IAM: GetAccountSummary - 'Unused MFA devices'
- IAM: GetAccountSummary - 'Users'
- IAM: GetAccountSummary - 'UsersQuota'
- IAM: GetGroup - 'Admin group membership should be reviewed'
- IAM: GetGroup - 'Group membership should be reviewed'
- IAM: ListGroupPolicies - 'Review policies assigned to groups'
- IAM: ListGroups - 'Review current group list'
- IAM: ListRoles - 'Review roles'
- IAM: ListServerCertificates - 'Verify certificate names and upload dates'
- IAM: ListUsers - 'Review current user list'
- IAM: ListUsers - 'Review user paths'
- IAM: User Accounts - 'Access Key 1'
- IAM: User Accounts - 'Access Key 2'
- IAM: root account - 'Root Account - Access Key 1'
- IAM: root account - 'Root Account - Access Key 2'
- Identity Federation
- Logging Faults
- MFA for API calls
- MONITORING: Verify subscribers to each SNS topic
- Managing Application and Administrative Access to AWS Public Cloud Services
- Managing Logs for Critical Transactions
- Managing Metrics and Improvement
- Managing OS-level Access to Amazon EC2 Instances
- Managing Patches
- Mitigating Compromise and Abuse
- Mitigating and Protecting Against DoS & DDoS Attacks
- Protecting Data at Rest on Amazon DynamoDB
- Protecting Data at Rest on Amazon EMR
- Protecting Data at Rest on Amazon Glacier
- Protecting Data at Rest on Amazon RDS
- Protecting Data at Rest on Amazon S3
- Protecting Data in Transit to Amazon DynamoDB
- Protecting Data in Transit to Amazon EMR
- Protecting Data in Transit to Amazon RDS
- Protecting Data in Transit to Amazon S3
- Protecting Data in Transit when Managing AWS Services
- Protecting Log Information
- Protecting Your System from Malware
- Resource Access Authorization
- Secure Your Operating Systems and Applications
- Shared Responsibility Model for Abstracted Services
- Shared Responsibility Model for Container Services
- Shared Responsibility Model for Infrastructure Services
- Test Security
- Understanding the AWS Secure Global Infrastructure
- Using Additional Application Security Practices
- Using Change Management Logs
- Using the AWS Trusted Advisor Tool
Miscellaneous
- Metadata updated.
- References updated.