site-logo

JAWS PANKRATION 2024

site-logo
HomeNewsTimetableCfPCommitteePromotionFollow UpPrivacy Policy

How to use an Event Architecture to solve compliance and security issues.

Lv300

Lv300

8/24/2024 11:20 (UTC)

Session Info

In this session, we will talk about how to use the events of cloudtrail to create an events architecture that can solve security and compliance issues in seconds.

 

The main idea of the session is to demonstrate how to add a new layer of security to respond to any event on our platform.

We can use EventBridge to catch some events of cloudtrail and trigger Lambdas to check if the actions comply with our our rules; it is beneficial to forbid some ports on our EC2, launch automatizations when we create any resource on AWS, add some configurations like WAF to our resources by default, add encryption for our resources or delete some resources that can be exposure to bad actors.

 

We commonly use Security policies based on IAM, SCP, and Permission Boundaries on AWS to permit only minimal access, which is usually our first layer of security.

Also, it is common to add another layer of security with IaC policies, Terraform modules or CDK constructs, and security libraries on CI/CD pipelines to permit only some configurations that are approved by the security team.

It is a good approach but can only succeed if someone can break these layers or if the use of IaC or best practices is low. This extra layer is good for preventing wrong configurations or actions when they happen and is cheaper to implement than using other services like AWS Config or third-party tools.

Miguel Angel   Muñoz Sanchez

Miguel Angel Muñoz Sanchez

- AWS Community Builders -

- AWS Ambassadors(APN) -

- AWS New Voices -



Session Category
Security
Identity and compliance


AWS Services
Cloudtrail
EventBridge
Lambda
Step Functions
SNS

Session Materials


    Session Summary (by Amazon Bedrock)
      Miguel Ángel Muñoz, a Digital Community Builder and AWS Ambassador, discusses using event architecture to solve compliance and security issues in AWS. He highlights the security stack in AWS, which includes various services and policies to protect resources and prevent insecure actions. Muñoz demonstrates how to use AWS Lambda to evaluate and automatically remove insecure security group rules, such as those that open port 22 (SSH) to public IPs. He shows this in action by creating and modifying rules, which Lambda then evaluates and removes if they don't meet security criteria. The speaker emphasizes that this approach is more effective than using IAM policies or custom resources, as it can handle complex scenarios and catch actions performed through the AWS console. Muñoz explains that this event-driven architecture can be applied to various AWS services and security scenarios, including: 1. Ensuring encryption for newly created resources 2. Using Amazon Inspector to patch vulnerabilities 3. Utilizing AWS Systems Manager for remediation 4. Isolating compromised instances with GuardDuty 5. Masking personally identifiable information detected by Macie 6. Integrating with AWS Config for automated remediation He concludes by highlighting the flexibility of this approach, allowing for the capture of any AWS service event and creation of custom rules using patterns. While it doesn't replace other security measures like IAM policies or custom resources, it adds an additional layer of security to workloads.

    ©JAWS-UG (AWS User Group - Japan). All rights reserved.