Professional Documents
Culture Documents
AWS Account Security Onboarding
AWS Account Security Onboarding
Alert based on DDoSDetected metric Use strictly AWS VPC DNS resolver
Shield R53 DNS Resolver Firewall
Adopt incident response guide and prepared battle card Ban outbound DNS calls from all VPCs to ports 53
Alert on blocked DNS query R53 DNS Resolver Apply custom threat list for GuardDuty to alert on
access to DoH servers
Alert on critical vulnerabilities in AMIs/Images Vulnerability Scanning
Enable Shield Advanced subscription for public
Create Cost Anomaly Detection monitors to alert facing account
Prod
spending anomalies
Shield Advanced Export metrics in centralized collector
Create Cost Anomaly Detection monitors to alert Budget Alarms
spending anomalies Create DDoS battle card with main info about
QA protected services
Configure Budgets Actions to stop services in cases of
big unexpected spendings CFD + ALB + secret rotation architecture
Scan images for vulnerability on upload to ECR Vulnerability Scanning Enable Shield Advanced automatic application For first 2 weeks - in COUNT mode
WAFv2
layer DDoS mitigation After that - switch into BLOCK mode
Deploy solution to periodically rescan currently used
ECR used as docker images hub
images and report found vulnerabilities Configure R53 health checks for all protected
Export scan results as metrics in centralized collector resources
Configure sensitive fields redaction and send WAF
logs to SIEM
Export metrics in centralized collector