Amazon Web Service is a powerful and flexible platform allowing you to do everything from adding documents to your website to managing network automation and security management.This powerful set of services can help your business to grow and adapt to changing conditions, but you need to make sure that it’s secure and optimised. Amazon has its own platform for this called Audit Manager. Audit Manager takes the stress out of AWS auditing by providing tools that make it simple to audit your AWS account.
Prerequisites
Before you begin auditing an AWS account, there are some prerequisites that need to be in place. You will need an AWS account with administrative access. You should have permissions to create new users, modify role assignments and set up security groups and policies within your organisation’s AWS account.You will also need a security group set up in your AWS account. This can include groups like those for web servers or databases if those resources are being used by many different applications or teams within your organisationTo begin, log in to the AWS Organizations console. From the menu bar, click Manage > Audit > Create Assessment Template to open and create a new assessment template. Each of these templates allows you to audit different areas of the account, from media to security services.Set up Audit Manager
To audit your AWS account, you need to create an IAM account with administrative permissions within your AWS account. You also need to install Audit Manager on the same computer as where you’ll be running CloudWatch Logs and CloudTrail.Audit Manager works with AWS CloudTrail, which is a service that records all of your AWS API calls and creates a log file for each one. By default, this log file is stored on Amazon S3 and can be accessed by anyone who has the correct permissions.Anyone with access will be able to see every action taken within your account—from creating virtual private clouds to launching instances and adding users. The log needs to be regularly cleared to protect your personal security and the wider organisation from hackers.Create an assessment template
Creating an assessment template will give AWS something to compare the current state of the account to what you would ideally like, before making recommendations on how to improve.When deciding what parameters to set for your AWS audit, consider the following:- The scope of the assessment. What is being audited? Are all regions within your account being audited or just one? Are all accounts in your account set being audited, or just a few? Are only specific services being audited on this run?
- Criteria for completion. What must be documented in order for this assessment to be considered “complete”? How many examples of each category of data need to be collected before an assessment can end with no issues found?