Profile Applicability:

  • Level 1

Description:
 Regular review of security configurations is vital to maintaining a secure environment and ensuring that no misconfigurations or gaps in security controls are overlooked. This includes reviewing IAM policies, security group settings, encryption configurations, and backup procedures for the Aurora database instances.

Rationale:
 As AWS services and security best practices evolve, regular reviews of security configurations ensure that the system remains protected against emerging threats. These reviews also help ensure compliance with regulatory standards like SOC 2, HIPAA, and GDPR. Failing to regularly review security settings may result in security gaps, compliance issues, or unnoticed vulnerabilities.

Impact:
 Without regular security reviews, organizations may miss security misconfigurations, unauthorized changes, or outdated security practices that could expose the database to risks. Routine reviews improve the security posture by maintaining adherence to best practices and standards.

Default Value:
 By default, AWS does not perform automatic, periodic reviews of security configurations. Reviews must be scheduled and executed manually or through automation.

Pre-requisites:

  • An AWS account with access to security-related configurations.

  • Knowledge of security best practices for database, IAM roles, encryption, and access controls.

  • A defined security review process, such as quarterly or bi-annual reviews.

Remediation:

Test Plan:

Using AWS Console:

  1. Navigate to IAM > Roles and review all IAM roles, permissions, and policies attached to Aurora instances.

  2. In RDS > Databases, check the security configurations for Aurora instances, including encryption settings, security groups, and backup settings.

  3. Review CloudTrail logs to identify changes to security configurations.

  4. Ensure that CloudWatch Logs are being used to track Aurora instance activity, including error and audit logs.

Using AWS CLI:

  1. List all IAM roles and policies:

     aws iam list-roles
 aws iam list-policies

  2. Check for any recent changes to Aurora instance configurations:

    aws rds describe-db-instances --query "DBInstances[].{DBInstanceIdentifier:DBInstanceIdentifier, DBInstanceStatus:DBInstanceStatus}"

  3. Verify the current security group configurations:

     aws ec2 describe-security-groups --query "SecurityGroups[].{GroupName:GroupName, GroupId:GroupId}"

  4. Check CloudTrail for any relevant security configuration changes:

     aws cloudtrail describe-events --lookup-attributes AttributeKey=EventName,AttributeValue=ModifyDBInstance

Implementation Plan

Using AWS Console:

  1. Define a schedule for security reviews (e.g., quarterly or bi-annually) and assign responsible personnel.

  2. Review all security settings within the RDS console, including IAM roles, encryption, and security group configurations.

  3. Check CloudTrail for changes to the Aurora configuration and document any modifications.

  4. Ensure CloudWatch Logs are enabled to monitor database activity and errors.

  5. Document the findings and take corrective actions if necessary.

Using AWS CLI:

  1. Schedule regular reviews using an automation tool like AWS Lambda or AWS Step Functions to trigger configuration checks.

  2. Automate the retrieval of IAM roles, policies, and security group settings:

  3. Use AWS Config to monitor and track any changes to the Aurora instance's security settings automatically.

  4. Generate reports based on CloudTrail logs to verify compliance with security standards.

  5. Use CloudWatch to automate the monitoring of logs and alert for any unexpected changes or issues.

Backout Plan

Using AWS Console:

  1. If a security review uncovers critical misconfigurations, take immediate action to correct them by modifying the affected settings in the RDS console.

  2. If any configurations need to be reverted, use the Modify DB Instance option to revert to the previous settings.

  3. Review the changes in CloudTrail and CloudWatch Logs to ensure that the correct configuration has been restored.

Using AWS CLI:

  1. If changes are found during the security review, revert to the previous settings using the command.

    aws rds modify-db-instance


  2. Modify the IAM roles and policies to correct any permissions or access control issues.

  3. Review CloudTrail and CloudWatch Logs to verify the restoration of the correct settings:

     aws rds modify-db-instance --db-instance-identifier <db-instance-id> --<configuration> --apply-immediately

References: