| Inventory |
- Obtain complete inventory (see "Enum" section in Resources page)
- Further resource enumeration (
pacu) - Get count of resources in the AWS environment, across all regions (
resource_counter - Counts number of resources in categories across regions) - Obtain Public IPs
- obtain list of all regions used from pacu (alldata)
- loop through the regions with
aws_public_ips (Fetch all public IP addresses tied to your AWS account)
|
| Obtain overall overview of the security posture |
- Evaluate the AWS account against CIS (
aws-security-benchmark) - Check for misconfigurations and security risks (
cloudsploit) - Audit the security posture of the AWS infrastructure (
cs-suite)
|
| Manually review the services |
Especially: - Identity (IAM, KMS)
- Computing (EC2, Lambda)
- Storage (S3, EBS)
- DB (Elasticache, RDS)
- Networking (ELB, Security Groups, CloudFront)
- Verify the public CloudFronts are not susceptible to subdomain hijacking (cloudjack.py)
- Management (Cloudwatch, Cloudtrail, Config)
- Messaging (SNS, SQS)
|
| Additional Items |
- Run portscan on public IPs
- OS hardening (lynis)
- Check for credentials
- UserData:
ReadOnlyAccess gives access to the DescribeInstanceAttribute API which can be used to download the Userdata for the instance - Lambda code:
aws lambda get-function --function-name FUNCTION_NAME --query Code.Location - PN:
DescribeVpnConnections call will return an XML document in CustomerGatewayConfiguration that contains the on-prem VPN IP address and shared secrets
|