modernisation-platform
modernisation-platform copied to clipboard
ministryofjustice
[SPIKE] Review how we check and monitor security group access
User Story
As a Modernisation Platform Engineer I want to investigate methods for auditing AWS Security Group rules So that we are appropriately using open SG rules
User Type(s)
Modernisation Platform Customer
Value
Review how we check and monitor security group access, this is to ensure customers don't configure unprotected access points to the modernisation platform.
Does SecurityHub do enough? Is it just a question of correlating the results so that we can take action?
Questions / Assumptions / Hypothesis
Definition of done
- [ ] set appropriate timebox for spike
- [ ] identify AWS-centric ways of auditing security groups
- [ ] investigate other tools that could be integrated with a GitHub action?
- [ ] options identified and presented to team
- [ ] follow-on issues raised
Reference
How to write good user stories
The most obvious tool to use here would be AWS Firewall Manager, as it can be used to audit security groups across, for example, a OU: How to continuously audit and limit security groups with AWS Firewall Manager
An alternative option would be something like (https://steampipe.io/), but I think that would require an account-by-account approach.
The most obvious tool to use here would be AWS Firewall Manager, as it can be used to audit security groups across, for example, a OU: How to continuously audit and limit security groups with AWS Firewall Manager
An alternative option would be something like (https://steampipe.io/), but I think that would require an account-by-account approach.
This issue is stale because it has been open 90 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}