AWS Security-Quick Wins

Ensure that the security contacts are up to date, and that the mail address is monitored regularly, so that AWS Security teams can communicate with you to alert you about abuse or potential security incidents in your infrastructure.

If AWS detects an access key unintended disclosure on the web (such as a public code repository) AWS will notify you using the Security contacts set in the accounts.

Alternate Security Contact in AWS Accounts

This can be automated to be set during Account creation however in this case we will see how security teams can go about detecting it if in case this process was missed or configured incorrectly.

I have created a small Python script that will retrieve the security contacts of accounts managed in AWS Organizations. For this to work, We have to Enable trusted access to AWS Account Management as a trusted service in organization.

Enabling Trusted access for Central Account Management

We can make the script run at regular interval and configure notifications however in this blog, I have kept it simple.

Python script for security contact retrieval

The management account can only be managed using the standalone context from the management account so it has been excluded during script execution(line 11, in the script )

Now lets fix it:

One can visit AWS Organizations and set the security contact by clicking on the account:

Setting Security Contacts by Visiting AWS Organizations

It is an essential step and tagged as quick win.(https://maturitymodel.security.aws.dev/en/1.-quickwins/assign-security-contacts/)