Identity and Access Management:
- Avoid the use of the “root” account
- Ensure multi-factor authentication (MFA)is enabled for all IAM users that have a console password.
- Implement strong IAM password policies across accounts.
- Ensure that CloudTrail is enabled all regions.
- Ensure the S3 bucket used to store cloudTrail logs is not publicly accessible.
1. Ensure a log metric filter and alarm exist for usage of the “root” account.
2. Ensure a log metric filter and alarm exist for IAM policy changes.
1. Ensure no security groups allow ingress from 0.0.0.0/0 to port 22.
2. Ensure the default security group of every VPC restricts all traffic.
3. Ensure routing tables for VPC peering are “least access”.