Profile Applicability:

  • Level 1

Description:

To ensure efficient and prompt responses to specific AWS account issues, it is important to maintain separate contact details for Security, Billing, and Operations categories. This setup ensures that relevant teams are notified promptly when specific events occur in each category. The contact details should include:

  • Security: A person or third-party service to handle security-related notifications.

  • Billing: A person or team to handle billing-related issues.

  • Operations: A person or team to handle operational issues related to AWS services and resources.

Each contact should include the name, title, email address, and phone number to ensure effective communication.

Rationale:

Maintaining distinct contacts for security, billing, and operations helps direct notifications to the right individuals or teams. This minimizes response delays, improves organizational communication, and ensures that urgent security issues are handled by the appropriate personnel. It also helps with the prompt handling of billing discrepancies and operational concerns.

Impact:

  • Positive Impact: Faster response times, better issue resolution, and clear communication for security incidents, billing issues, and operational matters.

  • Negative Impact: Minimal administrative overhead for maintaining contact details, but it ensures the proper handling of critical issues.

Default Value:

By default, AWS accounts include only general contact details which may not be segmented into security, billing, and operations categories. These categories need to be manually configured for better organization.

Pre-Requisite:

  • AWS Account Access: IAM permissions with access to modify contact details.

  • Organizational Approval: Coordination with the Security, Billing, and Operations teams to confirm the appropriate contact details.

Remediation:

Test Plan

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to the AWS Billing and Cost Management Console at AWS Billing Console.

                                 

  1. In the left navigation pane, choose Account under AWS Account Settings.

                               

  1. Scroll down to the Alternate Contacts section and click Edit.

                                 

  1. Add the relevant contact information for each category:

    • Security: Provide the name, title, email address, and phone number of the person or third-party service that will handle security-related notifications.

                                           

  • Billing: Provide the contact information for the person or team responsible for billing issues.

                                   

  • Operations: Add the contact details for the team handling operational matters.

                                 

  1. Click Save to update the contact details.

Using AWS CLI:

Update the alternate contact information using the AWS CLI. The following command can be used to modify alternate contact details:

aws aws-portal update-account-settings --account-name <Your Account Name> --contact-email <email> --contact-phone <phone> --category <security/billing/operations>

  1. Repeat this process for each category (security, billing, operations) to ensure that the correct contact details are in place.

Implementation Steps:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to the AWS Billing and Cost Management Console at AWS Billing Console.

  3. Under Account Settings, locate Alternate Contacts.

                                   

  1. Click Edit and update the contact details for each category:

                                 

                               

                                     

  1. Save the changes.

Using AWS CLI:

Update the contact information for Security:

aws aws-portal update-account-settings --contact-email security@yourcompany.com --contact-phone <security-phone> --category security

Update the contact information for Billing:

aws aws-portal update-account-settings --contact-email billing@yourcompany.com --contact-phone <billing-phone> --category billing

Update the contact information for Operations:

aws aws-portal update-account-settings --contact-email ops@yourcompany.com --contact-phone <operations-phone> --category operations

Confirm the changes by using the describe-account-settings command:

aws aws-portal describe-account-settings --account-name <Your Account Name>

Backout Plan:

Using AWS Management Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to AWS Billing Dashboard > Account Settings.

  3. Review the sections for Security, Billing, and Operations Contacts.

  4. If separate contact details were previously configured and need to be reverted:

    • Consolidate the contact details by editing each section and providing a single, shared contact email or phone number.

    • Save the changes to ensure the contact information is updated across all sections.

Using AWS CLI:

Retrieve the current contact details:

aws organizations describe-account --account-id <account-id>
Update the contact details to consolidate them:
aws organizations update-account \
--account-id <account-id> \
--email <consolidated-email> \
--phone <consolidated-phone-number>

  1. Verify the updated contact details:

    aws organizations describe-account --account-id <account-id>

References:

CIS Controls Mapping:

Control Version

Control ID

Control Description

v8

17.2

Establish and maintain contact information for reporting security incidents.

v7

19.3

Designate management personnel and backups to support incident handling.