Sonrai Security website logo for identity and data governance and cloud security

AWS Checklist: Expert Advice on Security & Risk Priorities

Author: Sonrai Security Marketing | Date: January 26, 2021
Read Time: 4 minutes
Skill Level: Technical
Skill Level: Technical
IAM: A Critical Element of Corporate Risk Literacy

Key takeaways from our recent webinar on AWS security 

As we discussed in a recent webinar on AWS security considerations, AWS’s consistent innovation provides great value, but requires companies to stay up to date on sophisticated and evolving threats.

On one hand, AWS environments are constantly at risk from cybercrime. For example, Trend Micro recently revealed a large-scale operation called TeamTNT which has been installing cryptocurrency-mining malware on misconfigured container platforms. 

The team was breaching container platforms by targeting Docker systems that contained exposed passwordless management API ports — enabling the group to mine for cryptocurrency at their victims’ expense. 

Companies are also encountering internal security issues due to misconfigurations and mismanagement. In a recent high-profile example, Prestige Software — which provides software services for the online travel industry — failed to appropriately configure an AWS S3 bucket, exposing a trove of data on the public internet. 

Making matters worse, research from McKinsey shows that insider threats are present in 50% of cyber breaches — and 44% of root causes can be attributed to negligence. Oftentimes, breaches occur when inexperienced or understaffed IT teams are asked to handle large-scale cloud migrations. 

Suffice it to say that AWS can be incredibly complicated. If you’re new to the platform, it’s very easy to make small mistakes that can lead to catastrophic consequences.

With all this in mind, let’s take a closer look at some of the leading AWS security issues discussed in the webinar to give you a better idea of what you can do to protect your cloud environment.

Top security mistakes to avoid with AWS

While the below isn’t a comprehensive list, here are five of the more common AWS security issues that far too many organizations are guilty of.

1. Enabling root account access

Oftentimes, organizations still use an active root account and allow access to individuals via access keys. The root is the account that has access to all files and commands across the operating environment. In many cases, it might even be linked to the founder’s personal Amazon account.

Using a root access account is extremely dangerous. The best thing to do is to lock the account and prevent anyone in the organization from accessing it. You should also make sure all associated API keys are permanently deleted. 

2. Assigning access keys to a root account

Again, the root account shouldn’t be used for any purpose. 

Assigning an access key to the root account is a recipe for disaster. If your company currently assigns access keys to any root account, put a stop to this immediately. 

3. Losing track of access keys

Businesses often lose track of where AWS access keys are being used and who’s using them, making it impossible to protect their environments. 


To prevent unauthorized users from accessing your AWS environment, make it a point to rotate your keys regularly. This will reduce the risk of a compromised key. Do this even if someone has a “read-only” API key.


TIp: Remove access keys that haven’t been used in the last 90 days. Worst case, you can always create a new one.

4. Improperly storing access keys

Using the AWS Command Line Interface (AWS CLI) will automatically produce a text file on your local system — like your laptop or desktop — containing the access key and access secret key in plain text for anyone to read or use to their advantage. 

Here’s how you can check if you have this file on your local system: 

  1. Go to the /aws directory
  2. Look for a file named “credentials.” 
  3. View the file and look for something that resembles this: 
[<PROFILE 1>]
aws_access_key_id = <Key in the clear>
aws_secret_access_key = <Secret in the clear>

5. Using accounts without active MFA 

Research shows that 81% of security incidents are caused by credential theft. All AWS accounts should be fortified with multi-factor authentication (MFA) to prevent getting hacked.

In addition, temporary credentials should be used in lieu of long-lived access keys — a feature that can be deployed using IAM roles

3 tips for resolving AWS security misconfigurations 

The good news is that it’s easy to resolve AWS security misconfigurations. Follow these tips to protect your cloud environment.

1. Use service control policies (SCPs)

AWS SCPs are guardrails, or rules, that govern what actions your accounts can and can’t do. For example, you can use an SCP to prevent identities from gaining too much power or access. 

Use SCPs to establish clear policies and prevent security issues from occurring. 

Example SCPs

Here are two examples of how you can use SCPs to protect your environments.

Prevent Root User from Taking Actions in an Account Using AWS CLI or the AWS Console
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "*",
            "Resource": "*",
            "Effect": "Deny",
            "Condition": {
                "StringLike": {
                    "aws:PrincipalArn": [
                        "arn:aws:iam::*:root"
                    ]
                }
            }
        }
    ]
}

2. Use the Secure Token Service (STS)

Certain permissions can be very dangerous for an organization. For example, the wildcard function (“*”) can grant an account unlimited access to a resource. 

Use AWS STS to grant temporary permissions instead of allowing long-lived access keys. It’s an easy way to ensure that unauthorized individuals can’t access your environment. 

3. Protect your access keys and CLI

If you need to use access keys and the AWS CLI, protect your account using a multi-factor authentication (MFA) device. This will prevent intruders from accessing and using plain text files to their advantage.

Any questions?

There’s a lot to unpack here, and the truth is these are just a few issues you need to watch out for when using AWS. 

If you have questions about protecting your cloud environment, don’t hesitate to reach out. Sonrai’s team of security experts are standing by to help you succeed in the cloud-first era.

You Might Also Like

AWS IAM Breakdown… and common mistakes!

Let me just start with this statement… EVERYTHING in AWS (Amazon Web Services) is related to an AWS Identity and Acce[...]

Read More

AWS Security Deep Dive

Choosing, developing, managing, and operating your infrastructure in the public cloud requires a lot of considerati[...]

Read More

4 Considerations to Maintain Compliance in a Cloud Native World

Powerful identity and access (IAM) models of public cloud providers like AWS, Azure, and GCP, enable the deployment[...]

Read More
magnifier