AWS Pentest

Analyzer

The AWS PenTest Analyzer is a critical tool for ensuring the security, compliance, and operational observability of AWS cloud environments. From a security perspective, it identifies and addresses vulnerabilities, reducing the risk of breaches and unauthorized access. Compliance-wise, it ensures that AWS configurations adhere to industry standards and benchmarks, such as the AWS CIS Foundations Benchmark. Operationally, it provides comprehensive visibility into AWS resources, facilitating proactive monitoring and management. For IT Operations and Security Operations engineers, this analyzer delivers actionable insights through various charts and visualizations, streamlining their workflows and enhancing the efficiency of their security and compliance efforts.

Sightlines

AWS IAM Roles

The AWS IAM Roles sightline focuses on the management and security of IAM roles within the AWS environment. It provides insights into role configurations, cross-account access, and policy attachments, ensuring that roles are appropriately secured and managed. This sightline is invaluable for Security Operations engineers to detect and mitigate potential access risks, and for IT Operations engineers to maintain proper role configurations and permissions.

Widgets

• IAM Roles

• Cross Account Assume Role without External ID and MFA

• All IAM Roles

• Cross Account Assume Role without External ID and MFA Table

IAM Users

The IAM Users sightline provides visibility into user accounts and their security configurations. It highlights users lacking multi-factor authentication (MFA), those with enabled passwords and access keys, and overall user distribution. This sightline assists Security Operations in enforcing strong authentication practices and helps IT Operations manage user access effectively.

Widgets

• IAM Users

• Users without MFA

• Users with password and keys enabled

• All IAM Users

IAM Inline Policies

The IAM Inline Policies sightline examines the inline policies attached to IAM roles and users. It identifies policies that do not meet the AWS CIS Foundations Benchmark standards and highlights pass-through role policies with broad resource access. This sightline is essential for Security Operations to ensure policy compliance and for IT Operations to manage and refine policy assignments.

Widgets

• IAM Inline Policies

• Password policies that do not meet or exceed the AWS CIS Foundations Benchmark standard

• PassRole Inline policies with all resources

• All IAM Inline Policies

S3 Buckets

The S3 Buckets sightline monitors the configuration and security of Amazon S3 buckets. It identifies buckets without versioning, lacking server access logging, with access logging disabled, and those that are publicly accessible. Additionally, it highlights buckets without MFA delete and those allowing cleartext HTTP communication. This sightline is crucial for Security Operations to prevent data leaks and unauthorized access, while IT Operations can ensure proper bucket configurations and logging practices.

Widgets

• Buckets without Versioning

• Buckets without server access logging

• Buckets with Access Logging Disabled

• All Public Buckets

• Buckets without MFA Delete

• Accounts Not Blocking Public Bucket

• Buckets Allow ClearText Http

• Buckets that Allow ClearText HTTP

• All Buckets

• S3 Buckets without MFA Delete

• S3 Bucket without Versioning

• S3 Buckets which are public

• Accounts Not Blocking Public Bucket Table

EBS

The EBS sightline focuses on the security of Elastic Block Store (EBS) volumes and snapshots. It identifies unencrypted snapshots and volumes, provides visualizations of snapshot volume sizes, and presents detailed tables of unencrypted resources. This sightline aids Security Operations in safeguarding data at rest and assists IT Operations in managing storage configurations effectively.

Widgets

• Unencrypted EBS snapshots

• Unencrypted Volumes

• EBS Snapshot Volume Size Chart

• Unencrypted EBS Snapshots Table

• Unencrypted Volumes Table

SES

The SES (Simple Email Service) sightline analyzes the configuration of SES identities and their DKIM settings. It identifies identities without DKIM enabled or verified, provides comparisons of DKIM-enabled versus disabled identities, and highlights SES accounts with DKIM verification issues. This sightline is vital for Security Operations to ensure email authenticity and for IT Operations to maintain proper email configurations.

Widgets

• All SES Identities

• Identities With DKIM Not Enabled And Verified

• Identities With DKIM Enabled But Not Verified

• DKIM Enabled VS Disabled

• DKIM Not Verified SES

CloudTrail

The CloudTrail sightline examines the configuration of CloudTrail trails, focusing on encryption and data logging settings. It identifies trails not encrypted with KMS or customer-managed KMS, incomplete data logging configurations, and unconfigured data events logging. This sightline is essential for Security Operations to ensure audit trails are secure and comprehensive, and for IT Operations to maintain proper logging configurations.

Widgets

• CloudTrail Trails Not Encrypted with KMS

• CloudTrail Trails Not Encrypted with Customer KMS

• Incomplete Data Logging Configuration in CloudTrail Trails

• Unconfigured Data Events Logging in CloudTrail Trails

• CloudTrail Trails KMS Encryption Distribution

• Table for Incomplete Data Logging Configuration in CloudTrail Trails

• Table for Unconfigured Data Events Logging in CloudTrail Trails

• Table for CloudTrail Trails Not Encrypted with Customer KMS

ELBs

The ELBs (Elastic Load Balancers) sightline monitors the security and configuration of load balancers. It identifies ELBs without deletion protection, access logs enabled, and those that drop invalid header fields. Additionally, it highlights load balancers allowing cleartext HTTP communication. This sightline is crucial for Security Operations to secure traffic handling and for IT Operations to manage load balancer configurations effectively.

Widgets

• ELB With Deletion Protection Not Enabled

• ELB With Access Logs Not Enabled

• ELBs with drop invalid header fields disabled

• Load Balancer Allows Clear Text (HTTP) Communication

• ELBs With Lack of Deletion Protection

• ELBs Allow Clear Text(HTTP) Communication

• ELBs with Access Logs Disabled

RDS Instances

The RDS Instances sightline assesses the configuration of Amazon RDS databases. It identifies instances running in a single availability zone, those with short backup retention periods (7 days), and provides insights into database instance distribution. This sightline assists Security Operations in ensuring database resilience and backup adequacy, and helps IT Operations in managing database configurations and availability.

Widgets

• Single Availability Zone Database Instances

• Short Backup Retention Period (7 Days) Database Instance

• RDS Instances with Single Availability Zone

• RDS Instances with Short Backup Retention Period (7 Days)

Security Groups

The Security Groups sightline reviews the default security groups within the AWS environment. It distinguishes between empty and non-empty default security groups, helping identify overly permissive or misconfigured groups. This sightline is essential for Security Operations to enforce network security policies and for IT Operations to manage and secure network access effectively.

Widgets

• Empty Default Security Groups

• Non-Empty Default Security Groups

EC2

The EC2 sightline provides insights into the distribution and types of EC2 instances running within the AWS environment. It highlights the instance family types, aiding in optimizing resource allocation and cost management. This sightline supports IT Operations in managing compute resources efficiently and ensures that instances are appropriately provisioned.

Widgets

• EC2 Instance Family Type Distribution

AWS ECR

The AWS ECR sightline analyzes the security posture of container images stored in Amazon Elastic Container Registry (ECR). It categorizes images based on vulnerability severity levels (low, medium, high, and critical), providing a comprehensive overview of container security risks. This sightline is crucial for Security Operations to identify and prioritize remediation efforts for vulnerable container images, and for IT Operations to maintain secure container deployments and ensure compliance with security standards.

Widgets

• Low Severity Vulnerabilities From ECR Image Scan

• Medium Severity Vulnerabilities From ECR Image Scan

• High Severity Vulnerabilities From ECR Image Scan

• Critical Severity Vulnerabilities From ECR Image Scan

• Distribution of ECR Image Findings Severity