Performing Audit of AWS Environment
1.Examine the inbound and outbound networking rules for Amazon EC2 Security Groups.
Review the running Amazon EC2 instance. In the Navigation pane on left, click on Instances.
In the left-hand navigation pane, under Network & Security, select Security Groups.
In the details pane at the bottom of the page, select the Inbound Rules tab and first review Inbound rules for WebServer.
An EC2 instance in the same subnet as the Web Server can only connect to the Web Server instance via RDP if the BastionSG security group is associated with it.
Next, we need to review the inbound and outbound rules of Bastion host. To review the inbound and outbound rules, choose the Inbound rules and Outbound rules tabs respectively
Next, we can select the SQL Server SG and see the inbound and outbound rules set up for SQL server.
From an audit viewpoint, these findings illustrate the successful separation of resource access and the safeguarding of data against both internal and external risks. Access to the SQL Server instance is tightly regulated through a Bastion Host (jump box), preventing any direct access by internal users. Externally, the SQL Server can only communicate with the web service through the WebServerSG and SQLSG security groups.
2. Examine the current VPCs, subnets, and NACLs.
In the search bar at the top of the AWS Management Console, type "VPC" and select it from the results.
In the left navigation pane, under "Virtual Private Cloud," select "Your VPCs."
The Details pane will appear below the VPC list, displaying the configuration details for the selected VPC.
In the Details section, click the "Main network ACL" link.
On the Network ACLs page, select the Network ACL that has "Default" set to Yes.
To check the inbound and outbound rules, navigate to the Details pane at the bottom of the page and click on the "Inbound rules" and "Outbound rules" tabs.
As audit evidence, this shows us way to examine how the VPC uses ACLs to communicate with an external network via designated protocols.
3.Audit CloudWatch metrics and alarms
At the top of the AWS Management Console, in the search bar, search for and choose CloudWatch
In the left navigation pane, under the Metrics section, select All metrics.
Select EC2 on the Browse tab.
Select Per-Instance Metrics.
Type CPUUtilization in the Search box.
Select SQL Server and then click the Graphed Metrics tab to see the CPUUtilization.
We have successfully reviewed where to locate CloudWatch metrics and alarms related to an EC2 instance
4.Audit using AWS Cloud Trail
We can leverage AWS CloudTrail to inspect configuration details and S3 storage locations.
In the AWS Management Console, use the search bar at the top to find and select CloudTrail. In the left-hand navigation pane, select Trails.
Choose one of the CloudTrail link to view its details
Review the CloudTrail configuration details by clicking on the link in Trail log location.
Keep selecting the links for the different folders corresponding to today’s date until you find a log file.
Select the link for a log file with a filename ending in json.gz and then select Open.
We have successfully reviewed the CloudTrail logs for an EC2 instance.
About me: I am an independent Cloud Architect and technical writer. If you are an organization that want to hire me then I can be contacted at techonlinewriter@gmail.com