[SPIKE] Review how we check and monitor security group access

[davidkelliott]

User Story

As a Modernisation Platform Engineer
I want to investigate methods for auditing AWS Security Group rules
So that we are appropriately using open SG rules

User Type(s)

Modernisation Platform Customer

Value

Review how we check and monitor security group access, this is to ensure customers don't configure unprotected access points to the modernisation platform.

Does SecurityHub do enough? Is it just a question of correlating the results so that we can take action?

Questions / Assumptions / Hypothesis

Definition of done

• set appropriate timebox for spike
• identify AWS-centric ways of auditing security groups
• investigate other tools that could be integrated with a GitHub action?
• options identified and presented to team
• follow-on issues raised

Reference

How to write good user stories

[dms1981]

The most obvious tool to use here would be AWS Firewall Manager, as it can be used to audit security groups across, for example, a OU: How to continuously audit and limit security groups with AWS Firewall Manager

An alternative option would be something like (https://steampipe.io/), but I think that would require an account-by-account approach.

[dms1981]

The most obvious tool to use here would be AWS Firewall Manager, as it can be used to audit security groups across, for example, a OU: How to continuously audit and limit security groups with AWS Firewall Manager

An alternative option would be something like (https://steampipe.io/), but I think that would require an account-by-account approach.

[github-actions]

This issue is stale because it has been open 90 days with no activity.

[davidkelliott]

These are also currently raised by security hub

[dms1981]

We do also have our secure analysis tools to check these things.

[github-actions]

This issue is stale because it has been open 90 days with no activity.

[SimonPPledger]

closed as a duplicate