Other Security Rules

Other important rules for remediating security issues.

Rule Name

Description

Ensure that GuardDuty enabled for required region

It is recommended that GuardDuty is enabled to receive a threat detection service.

Ensure there no stale roles with Attached Policies for S3 access

It is recommended to avoid stale roles as these could cause access leakage and uncontrolled manipulation with S3 bucket data, which can lead to ransomware violations.

Ensure all EC2 EBS Volumes has snapshots

It is recommended to create snapshots for EC2 EBS Volumes to prevent data loss and simplify data recovery in the case of data encryption.

Ensure all EC2 instances are managed by SSM

It is recommended to configure EC2 instances for use with SMM to maintain security and compliance.

Ensure that SecurityHub enabled for required region

It is recommended that SecurityHub is enabled for required region.

AWS security group allows access to known command and control destinations

It is recommended that access to known command and control destinations is gained with the minimum required connectivity in the event of a ransomware or botnet attack.

Ensure that S3 Bucket has MFA option enabled for changing Bucket Versioning settings and permanently deleting object versions

It is recommended that S3 bucket versioning and MFA Delete are enabled.

Ensure S3 bucket deny overriding of default KMS Key encryption

It is recommended that a policy to allow object modification using only the defined default KMS Key is defined, which attackers are unlikely to have permissions to change or modify.

Ensure that S3 Bucket restrict public access by ACL and policy

It is recommended that public access to S3 Buckets is restricted.

Ensure S3 bucket has no server-side encryption being enabled by another account

It is recommended that cross-account KMS Key on S3 is cleared.