Profile Applicability:

Level 1

Description:

Ensure that the contact email and telephone details for AWS accounts are up-to-date and mapped to more than one individual in the organization.
AWS will use these contact details to notify the account owner if the AWS Abuse team detects a breach of the Acceptable Use Policy or a security compromise. Contact details should not belong to a single individual, as they may become unavailable. Instead, contact details should be configured as follows:

  • Email Address: Use a mail alias that forwards notifications to multiple individuals.

  • Phone Contact: Use a PABX hunt group or call-forwarding system for redundancy.

Rationale:

If an AWS account is exhibiting prohibited or suspicious behavior, AWS will attempt to contact the account owner via the listed email and phone number. If AWS cannot establish contact and urgent mitigation is required, AWS may:

  • Throttle traffic between the account and AWS API endpoints.

  • Restrict Internet access to mitigate potential threats.

This could result in service disruptions.
Ensuring that multiple responsible individuals can be contacted promptly prevents downtime and security escalations.

Impact:

  • Failure to maintain current contact details can result in AWS taking proactive security measures, including throttling or blocking network traffic.

  • Delays in security incident response due to unmonitored or outdated contact details.

  • Non-compliance with security policies, leading to increased business risks.


Default Value:

By default, AWS requires contact details during account creation. However, these details may become outdated over time unless periodically reviewed and updated.

Pre-Requisites:

  1. AWS Account Access:

    • IAM user with Billing permissions (aws-portal:*Billing).

  2. List of Contact Details:

    • Ensure an updated email alias is available.

    • Ensure a functional phone contact (PABX or forwarding enabled).

  3. Organization Approval:

    • Verify who should receive AWS notifications.

Remediation:
Test Plan:
Using AWS Console

  1. Sign in to the AWS Management Console.

                

  1. Open the Billing and Cost Management console: AWS Billing Console

                    

  1. In the navigation bar, select your account name, then click Account.

                  

  1. On the Account Settings page, review the current details:

    • Email address (ensure it is an alias).

                      

  • Phone number (ensure it is not linked to a single individual).

                         

Implementation Steps:

Using AWS Console

  1. Sign in to the AWS Management Console.

  2. Open the Billing and Cost Management console: AWS Billing Console.

                   

  1. Select your account name, then choose Account.

                     

  1. On the Account Settings page, locate Account Settings.

                 

  1. Click Edit next to the required field.

            

  1. Update the following fields:

    • Email address (use an alias, e.g., aws-security@yourcompany.com).

    • Phone number (use a PABX hunt group if possible).

  2. Click Save Changes.

             

  1. Click Done.

Backout Plan:

  • If the updated information is incorrect:

  1. Return to Account Settings in the Billing and Cost Management console.

        

  1. Re-enter the previous contact details.

              

  1. Save changes and validate email and phone responses.

              

References:

CIS Controls Mapping:

CIS Control Version

Control ID

Control Description

CIS v8

17.2

Establish and maintain contact information for reporting security incidents. Verify contacts annually to ensure accuracy.

CIS v7

19.3

Designate management personnel and backups to support incident handling.