September 15, 2024

Secure your AWS Account

Following on from getting your account setup, let’s have a look at how we can secure it and continue to secure it.

Security Hub

AWS Security Hub is a cloud security service that provides a comprehensive view of your security posture across AWS accounts. It aggregates, organizes, and prioritizes security findings from multiple AWS services (such as Amazon GuardDuty, AWS Config, and Amazon Inspector) and third-party security tools. Key features include:

  • Centralized Security Management: It consolidates security alerts, called findings, into a single dashboard for easy management.
  • Automated Security Checks: It runs continuous compliance checks based on AWS security best practices and industry standards, such as CIS AWS Foundations Benchmark.
  • Integration with AWS and Third-Party Tools: Security Hub integrates with a range of AWS and external security services, providing a unified view.
  • Insights and Recommendations: It generates insights that help you prioritize security risks and provides recommendations for remediation.
  • Compliance: It helps monitor compliance with regulatory standards by checking against policies.

Enabling Security Hub

Here is the documentation to follow to setup Security Hub, or follow the instructions below.

Setup Security Hub

AWS Config

Firstly you need to setup AWS Config.

The first page of Security Hub has a really helpful link to a Cloudformation Script.

AWS Config Cloudformation

Download this script and deploy it as a stackset or as a stack depending on whether you are setting up an Organisation or a single account.

I used the following parameters, many of them were defaults:

Deployment Parameters Deployment Parameters 2

Wait for the Cloudformation to finish.

Enable Security Standards

Depending on what Standards you need to meet for your organisation will depend on what Standards you need to enable. At the time of wrting AWS Security Hub suppoerts:

  • AWS Foundational Best Practices v1.0.0
  • CIS AWS Foundations Benchmark v1.2.0, v1.4.0, v3.0.0
  • NIST Special Publication 800-53 Revision 5
  • PCI DSS v3.2.1

AWS also has a tagging Standard:

  • AWS Resource Tagging Standard v1.0.0

You can more information about the standars from either the respective vendors sites or a roll up of their implentation in Security Hub documentation.

I just went with the default enabled standards for this demonstration:

Security Hub Standards

You should get a confirmation as below:

Standard Enabled

And hopefully you can see that things are starting to populate. It will take about 30 minutes to start to see real detail.

Security Hub Running

Security Hub can now also manage multiple regions, and accounts across an organisation and aggregate findings into one account. It’s recommended that you don’t run Security Hub in the management account, but instead in a designated security or audit account, and you delegate permissions to this account.

Reviewing Insights

Hopefully after about 30 minutes, you should start to see results.

On the Dashboard or Security Standards page, you can see a roll up the findings with a view against the specific standards:

Security Hub Running

In the Controls page, you can see all the individual findings and can then filter as required, by control, or rating, or status, or any other potential filter value. You can also download these to be able to track remediation in your favourite project management tool.

Security Hub Running

Automating Remediation

If you wish to go one step further you can also deploy automated remediation. This is beyond the scope of this particular blog post, but I may cover it in a future blog post.

https://docs.aws.amazon.com/solutions/latest/automated-security-response-on-aws/solution-overview.html

Conclusion

Overall, AWS Security Hub is a valuable tool for keeping your AWS environment secure. By bringing together security findings from various AWS services and third-party tools into one place, it offers a clear, comprehensive view of your security posture. With automated compliance checks and real-time alerts, it helps you stay on top of potential risks and meet industry standards easily. Plus, the insights and recommendations it provides make it easier to prioritize and tackle any issues. If you’re looking to simplify your cloud security and boost your defenses, AWS Security Hub is definitely worth considering.

© Greg Cockburn

Powered by Hugo & Kiss.