branch[accurics_zqenw6ua]: Auto Generated Pull Request from Accurics #23
Conversation
…ebserver, violation: [HIGH]: Ensure IMDv1 is disabled for AWS EC2 instances
…ebserver, violation: [MEDIUM]: Ensure virtual private cloud (VPC) is configured for AWS EC2 instances
…ebserver, violation: [LOW]: Ensure detailed monitoring is enabled for AWS EC2 instances
…accuricsbucketdemo, violation: [HIGH]: Ensure at-rest server side encryption (SSE) is enabled for AWS S3 Buckets
…accuricsbucketdemo, violation: [HIGH]: Ensure versioning is enabled for AWS S3 Buckets
…accuricsbucketdemo, violation: [MEDIUM]: Ensure access logging is enabled for AWS S3 Buckets
…accuricsbucketdemo, violation: [HIGH]: Ensure AWS S3 Buckets are accessible to all authenticated users
| http_endpoint = "disabled" | ||
| http_tokens = "required" | ||
| } | ||
| monitoring = true | ||
| } | ||
|
|
||
| resource "aws_s3_bucket" "accuricsbucketdemo" { |
There was a problem hiding this comment.
Accurics remediation
[HIGH]: Ensure at-rest server side encryption (SSE) is enabled for AWS S3 Buckets
Vulnerability
AWS S3 Buckets do not have at-rest server side encryption enabled to protect sensitive data.
Remediation
On the AWS S3 console, for each bucket that failed the rule, navigate to the Properties tab, and select Default encryption. Select an encryption method (AES-256 or AWS-KMS).
source: accurics-stageone
| http_endpoint = "disabled" | ||
| http_tokens = "required" | ||
| } | ||
| monitoring = true | ||
| } | ||
|
|
||
| resource "aws_s3_bucket" "accuricsbucketdemo" { |
There was a problem hiding this comment.
Accurics remediation
[HIGH]: Ensure versioning is enabled for AWS S3 Buckets
Vulnerability
Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites.
Remediation
You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures. When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of the objects.
source: accurics-stageone
| http_endpoint = "disabled" | ||
| http_tokens = "required" | ||
| } | ||
| monitoring = true | ||
| } | ||
|
|
||
| resource "aws_s3_bucket" "accuricsbucketdemo" { |
There was a problem hiding this comment.
Accurics remediation
[MEDIUM]: Ensure access logging is enabled for AWS S3 Buckets
Vulnerability
AWS S3 Buckets have access logging disabled. Access log information can be useful in security and access audits.
Remediation
By default, Amazon S3 doesn't collect server access logs. When you enable logging, Amazon S3 delivers access logs for a source bucket to a target bucket that you choose. The target bucket must be in the same AWS Region as the source bucket and must not have a default retention period configuration.
source: accurics-stageone
| http_endpoint = "disabled" | ||
| http_tokens = "required" | ||
| } | ||
| monitoring = true | ||
| } | ||
|
|
||
| resource "aws_s3_bucket" "accuricsbucketdemo" { |
There was a problem hiding this comment.
Accurics remediation
[HIGH]: Ensure AWS S3 Buckets are accessible to all authenticated users
Vulnerability
S3 bucket Access is allowed to all AWS Account Users.
Remediation
Amazon S3 Bucket ACL with full control permission to authenticated users allows anyone with an AWS account to access objects in the bucket. When read and write access is granted to authenticated users, they can read, edit and delete the objects in the bucket. It is a recommended practice to remove full control permission from S3 Bucket ACL.
source: accurics-stageone
Link to Accurics Dashboard