forked from aquasecurity/cloud-security-remediation-guides
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from rtkwlf/nshawahna/S3Remediations/AWN-107597
[AWN-107597] Add missing remediation guides for S3 plugins
- Loading branch information
Showing
4 changed files
with
96 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AWS / S3 / S3 Bucket Lifecycle Configuration | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | S3 Bucket Lifecycle Configuration | | ||
| | **Cloud** | AWS | | ||
| | **Category** | S3 | | ||
| | **Description** | Ensures that S3 buckets have lifecycle configuration enabled to automatically transition S3 bucket objects. | | ||
| | **More Info** | S3 bucket should have lifecycle configuration enabled to automatically downgrade the storage class for your objects. | | ||
| | **AWS Link** | https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-set-lifecycle-configuration-intro.html | | ||
| | **Recommended Action** | Update S3 bucket and create lifecycle rule configuration. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Log into the AWS Management Console. </br> | ||
| 2. Select the "Services" option and search for S3. </br> | ||
| 3. Scroll down the left navigation pane and choose "Buckets".</br> | ||
| 4. Select the "Bucket" that needs to add policy to and click on its identifier(name) from the "Bucket name" column.</br> | ||
| 5. Click on the "Management" tab on the top menu. </br> | ||
| 6. Click on Create Lifecycle rule. </br> | ||
| 7. Choose the rule scope (all bucket objects OR limit scope to specific objects using filters/ tags prefix) . </br> | ||
| 8. Check Lifecycle rule actions you need to apply. </br> | ||
| 9. Click on the "Save" button to make the necessary changes. </br> | ||
| 10. Repeat steps number 4 - 9 to enable lifecycle configurations in other S3 buckets.</br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AWS / S3 / S3 DNS Compliant Bucket Names | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | S3 DNS Compliant Bucket Names | | ||
| | **Cloud** | AWS | | ||
| | **Category** | S3 | | ||
| | **Description** | Ensures that S3 buckets have DNS complaint bucket names. | | ||
| | **More Info** | S3 bucket names must be DNS-compliant and not contain period "." to enable S3 Transfer Acceleration and to use buckets over SSL. | | ||
| | **AWS Link** | https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html | | ||
| | **Recommended Action** | Recreate S3 bucket to use "-" instead of "." in S3 bucket names. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AWS / S3 / S3 Transfer Acceleration Enabled | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | S3 Transfer Acceleration Enabled | | ||
| | **Cloud** | AWS | | ||
| | **Category** | S3 | | ||
| | **Description** | Ensures that S3 buckets have transfer acceleration enabled to increase the speed of data transfers. | | ||
| | **More Info** | S3 buckets should have transfer acceleration enabled to increase the speed of data transfers in and out of Amazon S3 using AWS edge network. | | ||
| | **AWS Link** | https://docs.aws.amazon.com/AmazonS3/latest/userguide/transfer-acceleration-examples.html | | ||
| | **Recommended Action** | Modify S3 bucket to enable transfer acceleration. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Log into the AWS Management Console. </br> | ||
| 2. Select the "Services" option and search for S3. </br> | ||
| 3. Scroll down the left navigation pane and Click on "Buckets".</br> | ||
| 4. Select the "Bucket" that needs to add policy to and click on its identifier(name) from the "Bucket name" column.</br> | ||
| 5. Click on the "Properties" tab on the top menu. </br> | ||
| 6. Click Edit Transfer acceleration. </br> | ||
| 7. Select Enable. </br> | ||
| 8. Click on the "Save" button to make the necessary changes. </br> | ||
| 9. Repeat steps 4 - 8 to enable transfer accelaration for other S3 buckets in the region. </br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AWS / S3 / S3 Versioned Buckets Lifecycle Configuration | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | S3 Versioned Buckets Lifecycle Configuration | | ||
| | **Cloud** | AWS | | ||
| | **Category** | S3 | | ||
| | **Description** | Ensure that S3 buckets having versioning enabled also have lifecycle policy configured for non-current objects. | | ||
| | **More Info** | When object versioning is enabled on a bucket, every modification/update to an object results in a new version of the object that will be stored indefinitely. Enable a lifecycle policy, so that non-current object versions are removed or transitioned in a predictable manner. | | ||
| | **AWS Link** | https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html | | ||
| | **Recommended Action** | Configure lifecycle rules for buckets which have versioning enabled. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Log into the AWS Management Console. </br> | ||
| 2. Select the "Services" option and search for S3. </br> | ||
| 3. Scroll down the left navigation pane and choose "Buckets".</br> | ||
| 4. Select the "Bucket" that needs to create lifecycle rule for by clicking on its identifier(name) from the "Bucket name" column.</br> | ||
| 5. Click on the "Management" tab on the top menu. </br> | ||
| 6. Click on Create Lifecycle rule. </br> | ||
| 7. Choose the rule scope (all bucket objects OR limit scope to specific objects using filters/ tags prefix) . </br> | ||
| 8. Check Lifecycle rule actions you need to apply. </br> | ||
| 9. Make sure to specify a rule for Move noncurrent versions of objects between storage classes. </br> | ||
| 10. Click on the "Save" button to make the necessary changes. </br> | ||
| 11. Repeat steps 4 - 10 to enable lifecycle configurations in other S3 buckets.</br> |