Profile Applicability:
Level 1
Description:
Security contact information must be registered in your AWS account to ensure that the appropriate individuals or teams are notified regarding security incidents and potential breaches. It is crucial for AWS to have up-to-date and correct contact details to promptly inform the security team about any security events that may require immediate attention or remediation.
Rationale:
Maintaining accurate and accessible security contact information ensures that the right personnel are promptly alerted in the event of security-related incidents. This helps mitigate potential risks and enables quick incident response, minimizing downtime and reducing the impact of security issues.
Impact:
Positive Impact: Enables the security team to be quickly notified and act on any security-related alerts from AWS.
Negative Impact: Minimal effort required for configuration but ensures timely communication for critical security issues.
Default Value:
By default, AWS requires a general account email for notifications but does not differentiate between security, billing, and operations. Security-specific contacts must be manually set for efficient handling of security alerts.
Pre-Requisite:
AWS Account Access: IAM permissions with access to modify contact details.
Organizational Approval: Coordination with the security team to provide their contact details.
Remediation:
Test Plan
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to the AWS Billing and Cost Management Console at AWS Billing Console.
In the left navigation panel, choose Account under AWS Account Settings.
Scroll down to the Alternate Contacts section and click Edit.
Add or update the Security contact details with the relevant person's name, title, email address, and phone number.
Click Save to update the contact details.
Using AWS CLI:
Use the update-account-settings command to update the security contact details:
aws aws-portal update-account-settings --contact-email security@yourcompany.com --contact-phone <security-phone> --category security
Validate the update by describing the account settings:
aws aws-portal describe-account-settings --account-name <Your Account Name>
Implementation Steps:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to the AWS Billing and Cost Management Console at AWS Billing Console.
Under Account Settings, locate the Alternate Contacts section.
Click Edit and enter the appropriate Security contact information (email and phone).
Save the updated information.
Using AWS CLI:
Update the Security contact email:
aws aws-portal update-account-settings --contact-email security@yourcompany.com --contact-phone <security-phone> --category security
Confirm the updates using the following command:
aws aws-portal describe-account-settings --account-name <Your Account Name>
Backout Plan:
Using AWS Management Console:
Sign in to the AWS Management Console.
Navigate to the AWS Billing Dashboard > Account Settings.
Locate the Security Contact Information section.
If you need to revert recently registered security contact information:
Replace the current security contact details (email and phone) with the original or preferred contact information.
Save the changes to apply the updates.
Using AWS CLI:
Retrieve the current contact information to verify the update:
aws organizations describe-account --account-id <account-id> Revert the security contact information to the original: aws organizations update-account \ --account-id <account-id> \ --security-contact-email <original-email> \ --security-contact-phone <original-phone-number>
Verify the reverted information:
aws organizations describe-account --account-id <account-id>