Select Location:

Securing Your Cloud Infrastructure by Conducting Cloud Configuration Reviews

Cloud Infrastructures have become an essential part of many companies around the world, regardless of their size, and many more users are dependent on them without realizing it.

As cloud computing grows and many organizations and users become dependent on their services, from software, infrastructure, and platform, it makes it a must to ensure that your cloud services are configured based on the best security practices to ensure that threat actors don’t have any chances in compromising your cloud infrastructure.

What are the prerequisites for a cloud review?

To conduct a cloud infrastructure review, the first prerequisite you need is the credentials for a specific account that has access to specific resources on the infrastructure. In general, you will need access to an account that is part of the Security Audit group (AWS) or has Global Reader privileges (Azure).  In this post, we will focus on the AWS Cloud Configuration reviews.

The next prerequisite is a Linux virtual machine. Anything based on Debian will do.

Ensure that you have installed at least Python version 3.9 on your Linux VM.

The next prerequisite is AWS-CLI, which can be installed using the following commands:

				
					# Download the awscli archive
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

# unzip the archive
unzip awscliv2.zip

# Check if the directory was extracted
ls -lh
total 32M
drwxr-xr-x 3 user user 4.0K Apr  3 22:59 aws
-rw-r--r-- 1 user user  32M Apr  1 14:13 awscliv2.zip

# Run the installation utility
sudo ./aws/install

# Check if aws was installed successfully on your system
aws --version
aws-cli/[TRUNCATED] Python/[TRUNCATED]

				
			

Now it’s time to configure the CLI. The AWS Access Key ID and Secret Access Key are needed, which can be found or created in the AWS Management Console under the IAM service.

				
					# Run the awscli configuration option
aws configure

# Use your user’s Access Key and Secret Key, also adding the region and the format the output #will be displayed as
AWS Access Key ID [None]: AKIA2AI4TQ2FZ77WOWXJ
AWS Secret Access Key [None]: ****************************************
Default region name [None]: us-east-1
Default output format [None]: json

# Check if the credentials have been created
ls -l ~/.aws
total 8
-rw------- 1 user user 43 Apr 4 13:24 config
-rw------- 1 user user 116 Apr 4 13:24 credentials

# Check if you can access the resources on the AWS environment
aws s3 ls
2019-06-16 21:08:55 app.example.com
2019-12-08 19:40:51 www.example.com
2020-03-02 08:17:51 com.example.backups

				
			

Another prerequisite needed is an automated tool called Prowler. Prowler has built-in checks based on the industry’s best security practices, which can reduce the time needed for performing the review.

Prowler can be installed through Python pip:

				
					pip install prowler
prowler -v

				
			

or through Github:

				
					git clone https://github.com/prowler-cloud/prowler
cd prowler
poetry shell
poetry install
python prowler.py -v

				
			

Conducting the configuration review

After setting all prerequisites, you simply run the below command and let prowler do the heavy work for you:

				
					prowler aws
				
			

Prowler will automatically detect the user credentials for the AWS environment if they were set correctly.

Once the scans are complete, you should see an output similar the the one below:

By opening the HTML file, it should show us a similar page to the one below:

After identifying the misconfigurations present in the AWS environment, you can start conducting the remediation process by following the AWS best practices which can be found here.

Conclusion:

Prowler is an effective solution used to enhance your cloud infrastructure, being able to also assess AWS, Azure, and Google Cloud environments. Even though a comprehensive manual examination cannot be replaced, using an automated solution helps reduce the workload significantly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Certifications

Get your systems tested by our certified engineers

All our engineers hold prestigious industry certifications, bringing you top-tier expertise and insights.

93% of data breaches occur in less than one minute, yet it takes companies an average of 207 days to identify a breach.

Protect your business now. Contact us to fortify your defenses and stay ahead.