AWS Inspector is used to list down all the Vulnerability as per the center of Internet security.
Amazon Cloudwatch is a real-time monitoring service for AWS Cloud resources and application on AWS. It enables you to do things like Resource Utilization, Operational Performance Monitoring, Log aggregation and basic analysis. You can monitor things like CPU utilization, disk space, network throughput. Monitoring anything that you can program in Python. It provides real time monitoring within AWS for resources and applications. It can hook into event trigger. Cloud watch can do many things like Realtime monitoring, metrics, alarms, notification, custom metrics.
-- CloudWatch can work with on-prem service as well.
-- Ensure that the Associated IAM policy has cloudwatch:putMetricData
-- If an application outputs a logs into a text file and needs to be monitored for security events. Install and enable a CloudWatch agent of the EC2 - Create a CloudWatch Metric Filter to monitor the logs and set up alerts accordingly.
Use AWS Config and Lambda to Ensure that S3 Bucket Remains Private
- AWS Config will trigger the Lambda Function to invoke SNS for any changes in the AWS.
Create a Lambda function to monitor the Bucket ACL and Bucket Policy Changes. If the bucket ACL found public - Lambda function can over write it to make it private.
if the Bucket Policy found public - it can trigger a SNS Notification to the Security Team.
-- Cross region replication for the bucket ensures that the S3 Bucket is available in another region as well.
-- Use "AWS Encryption CLI" to encrypt the data first before sending the data across the wire.