What security checks/pen-tests can be done in an Amazon AWS environment?

[Shammikit]

Hello, I hope im asking this question in the correct sub-forum. Our office have deployed a few servers at Amazon AWS and we would like to perform some security checks and document them for it to be reported to our management and customers if requested. My experience in cloud computing is pretty slim and I have never done pentests before. I did a lot of research for the past few days and found out this tool Pacu for pen testing amazon S3 buckets. We make use of S3 buckets as well for backup purposes. As I understood from the videos and guides I read about Pacu, this requires a compromised account and security to be poorly configured for u to elevate the privileges of that account. What other tools exist for pen-testing EC2 instances? If there arent any tools I would like to know atleast a checklist of security related things to ensure that the environment is setup for best practices.    

[jj9987]

First, make sure all the tests you do are in accordance with AWS policies - https://aws.amazon.com/security/penetration-testing/

 

AWS EC2 instances are quite secure out-of-the-box. Generally it's the application that's running on the instance, that will be targeted and exploited. Depends if you are willing to pay for the pen-testing. You can look into Metasploit, it includes a large database of vulnerabilities.

 

As for security checks - look over all the IAM permissions that you have assigned to IAM users (as much as necessary, as minimum as possible). Look at all the services that are running on your instances, which are listening to certain ports. Check your firewall rules - do not expose services that do not need access from the Internet. Check your credentials, ensure no password SSH access (only PKI), renew where necessary. 2FA wherever possible (AWS login, maybe even for SSH access). You can search the Internet for more, there are lot of articles for cloud security.

[Shammikit]

10 hours ago, jj9987 said:

First, make sure all the tests you do are in accordance with AWS policies - https://aws.amazon.com/security/penetration-testing/

 

AWS EC2 instances are quite secure out-of-the-box. Generally it's the application that's running on the instance, that will be targeted and exploited. Depends if you are willing to pay for the pen-testing. You can look into Metasploit, it includes a large database of vulnerabilities.

 

As for security checks - look over all the IAM permissions that you have assigned to IAM users (as much as necessary, as minimum as possible). Look at all the services that are running on your instances, which are listening to certain ports. Check your firewall rules - do not expose services that do not need access from the Internet. Check your credentials, ensure no password SSH access (only PKI), renew where necessary. 2FA wherever possible (AWS login, maybe even for SSH access). You can search the Internet for more, there are lot of articles for cloud security.

thanks for the details. I will go through them.