Matt | 03 October 2022

Guide To Auditing An AWS Account

Amazon Web Service is a powerful and flexible platform allowing you to do everything from adding documents to your website to managing network automation and security management.

This powerful set of services can help your business to grow and adapt to changing conditions, but you need to make sure that it’s secure and optimised. Amazon has its own platform for this called Audit Manager. Audit Manager takes the stress out of AWS auditing by providing tools that make it simple to audit your AWS account.

Prerequisites

Before you begin auditing an AWS account, there are some prerequisites that need to be in place.  You will need an AWS account with administrative access. You should have permissions to create new users, modify role assignments and set up security groups and policies within your organisation’s AWS account.

You will also need a security group set up in your AWS account. This can include groups like those for web servers or databases if those resources are being used by many different applications or teams within your organisation

To begin, log in to the AWS Organizations console. From the menu bar, click Manage > Audit > Create Assessment Template to open and create a new assessment template. Each of these templates allows you to audit different areas of the account, from media to security services.

Set up Audit Manager

To audit your AWS account, you need to create an IAM account with administrative permissions within your AWS account. You also need to install Audit Manager on the same computer as where you’ll be running CloudWatch Logs and CloudTrail.

Audit Manager works with AWS CloudTrail, which is a service that records all of your AWS API calls and creates a log file for each one. By default, this log file is stored on Amazon S3 and can be accessed by anyone who has the correct permissions.

Anyone with access will be able to see every action taken within your account—from creating virtual private clouds to launching instances and adding users. The log needs to be regularly cleared to protect your personal security and the wider organisation from hackers.

Create an assessment template

Creating an assessment template will give AWS something to compare the current state of the account to what you would ideally like, before making recommendations on how to improve.

When deciding what parameters to set for your AWS audit, consider the following:

  • The scope of the assessment. What is being audited? Are all regions within your account being audited or just one? Are all accounts in your account set being audited, or just a few? Are only specific services being audited on this run?
  • Criteria for completion. What must be documented in order for this assessment to be considered “complete”? How many examples of each category of data need to be collected before an assessment can end with no issues found?

Create a complete list of assets

As you conduct the audit, you should create a complete list of all your assets. This includes servers, databases, and third-party services such as S3 buckets or RDS instances.

It would help to take note of every asset, the asset location, what its purpose is and who is responsible for maintaining it. It’s impossible to monitor and audit all of your assets if you don’t know what assets you have.

Map the account and schedule assessments

Map the AWS account by running a scanner. This will help you to identify which services are being used, as well as their related resource usage, such as CPU and memory. This can help you to remove any obsolete or unnecessary articles to save on storage costs.

Schedule assessments

Schedule assessments for all detected risks by selecting one or more assessment types from the drop-down menu that appears when you click Schedule Assessment. You can choose to audit an entire region or just specific accounts within it.

After scheduling assessments, you can choose to run them manually at any time. Just click “Start” in any of the scheduled audits’ sections; this will cause them all to begin running immediately using resources allocated for each respective assessment type.

Review assessment results

Having gathered all of the information from running your assessments, it is time to review the outcome of each assessment. Make sure that you have the right security settings, permissions, policies and users/groups for each resource in your AWS account in order to streamline the audit process quickly.

You can set up automation tools to schedule any fixes that you need or conduct them manually for more real-time control.

The best part about using Audit Manager is that it’s easy to use and offers many features, such as a dashboard for managing assessments and reports. You can also export the results of your audit into Excel for easier analysis. With all these tools at your disposal, there’s no reason not to perform regular audits on your AWS account.