25. 25Athenaによる証跡の分析
保存先のS3BucketをLOCATIONで指定し、ログファイルを
直接クエリ
• すべての匿名 (署名されていない) リクエストを返すの例
SELECT *
FROM cloudtrail_logs
WHERE
eventsource = 's3.amazonaws.com' AND
eventname in ('GetObject') AND
useridentity.accountid LIKE '%ANONYMOUS%' AND
useridentity.arn IS NULL AND
requestparameters LIKE '%[your bucket name ]%';
Querying AWS CloudTrail Logs
https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html
39. 39IAM Policy for IAM Database Access(例)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds-db:us-east-2:1234567890:dbuser:db-ABCDEFGHIJKL01234/db_user"
]
}
]
}
Creating and Using an IAM Policy for IAM Database Access
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html
40. 40IAM Policies for Session Manager(例)
{
"Effect": "Allow",
"Action": [
"ssm:StartSession"
],
"Resource": [
"arn:aws:ec2:us-east-2:123456789012:instance/i-1234567890EXAMPLE",
"arn:aws:ec2:us-east-2:123456789012:instance/i-abcdefghijEXAMPLE",
"arn:aws:ec2:us-east-2:123456789012:instance/i-0e9d8c7b6aEXAMPLE"
]
},
{
"Effect": "Allow",
"Action": [
"ssm:TerminateSession"
],
"Resource": [
"arn:aws:ssm:*:*:session/${aws:username}-*"
]
}
Additional Sample IAM Policies for Session Manager (Example 1: Restrict Access to Specific Instances)
https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-restrict-access-examples.html
43. 43Awspec / belong_to_iam_group
IAM Userが特定のIAM Groupに所属していることを評価す
る例
describe iam_user('my-iam-user') do
it { should belong_to_iam_group('my-iam-group') }
end
belong_to_iam_group
https://github.com/k1LoW/awspec/blob/master/doc/resource_types.md#belong_to_iam_group
57. 57Automated IAM User Cleanup
Level 200: Automated IAM User Cleanup: Lab Guide
https://github.com/awslabs/aws-well-architected-labs/blob/master/Security/200_Automated_IAM_User_Cleanup/Lab_Guide.md