How to use an Event Architecture to solve compliance and security issues.
Lv300
Lv300
In this session, we will talk about how to use the events of cloudtrail to create an events architecture that can solve security and compliance issues in seconds.
The main idea of the session is to demonstrate how to add a new layer of security to respond to any event on our platform.
We can use EventBridge to catch some events of cloudtrail and trigger Lambdas to check if the actions comply with our our rules; it is beneficial to forbid some ports on our EC2, launch automatizations when we create any resource on AWS, add some configurations like WAF to our resources by default, add encryption for our resources or delete some resources that can be exposure to bad actors.
We commonly use Security policies based on IAM, SCP, and Permission Boundaries on AWS to permit only minimal access, which is usually our first layer of security.
Also, it is common to add another layer of security with IaC policies, Terraform modules or CDK constructs, and security libraries on CI/CD pipelines to permit only some configurations that are approved by the security team.
It is a good approach but can only succeed if someone can break these layers or if the use of IaC or best practices is low. This extra layer is good for preventing wrong configurations or actions when they happen and is cheaper to implement than using other services like AWS Config or third-party tools.
©JAWS-UG (AWS User Group - Japan). All rights reserved.