Security
Security
What do I do if I notice unauthorized activity in my AWS account? - https://repost.aws/knowledge-center/potential-account-compromise
AWS Vault - https://github.com/99designs/aws-vault - Stores IAM credentials in your operating system's secure keystore
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. - https://github.com/toniblyx/my-arsenal-of-aws-security-tools
AWS security tool to perform security best practices assessments, audits, etc - https://github.com/prowler-cloud/prowler - https://prowler.pro
Analyze your Amazon Web Services (AWS) environments - https://github.com/duo-labs/cloudmapper
flAWS challenge (discover AWS-specific vulnerabilities) - http://flaws.cloud - http://flaws2.cloud
Hot take: Security Hub controls are becoming more of a sales tool for AWS than effective security best practices. AWS recently announced the following controls.
- [GuardDuty.5] GuardDuty EKS Audit Log Monitoring should be enabled
- [GuardDuty.6] GuardDuty Lambda Protection should be enabled
- [GuardDuty.8] GuardDuty Malware Protection for EC2 should be enabled
- [GuardDuty.9] GuardDuty RDS Protection should be enabled
- [GuardDuty.10] GuardDuty S3 Protection should be enabled
- [Inspector.1] Amazon Inspector EC2 scanning should be enabled
- [Inspector.2] Amazon Inspector ECR scanning should be enabled
- [Inspector.3] Amazon Inspector Lambda code scanning should be enabled
- [Inspector.4] Amazon Inspector Lambda standard scanning should be enabled
Most of these features are not worth the money, in my opinion.