Amazon IAM

1.1: Avoid the Use of the Root Account

๐Ÿ“˜ Using the root account in AWS can lead to significant security risks, including escalation of privileges and unauthorized access. It's crucial to use IAM roles and users with minimum necessary privileges for daily operations.

  • Section: Identity and Access Management
  • Severity: Critical
  • CWE: CWE-250 Execution with Unnecessary Privileges
  • Assurance Scope: PCI, NIST, HIPPA, APRA
  • Threat Modeling Principal: Escalation of Privileges
  • Rule Set: Rapticore Benchmark

1.2: AWS IAM: Avoid Reuse of IAM Roles with Some Exceptions

๐Ÿ“˜ Reusing IAM roles in AWS without proper assessment can lead to security vulnerabilities, especially when roles have excessive privileges. It's essential to evaluate and tailor IAM roles specifically for each use case.

  • Section: Identity and Access Management
  • Severity: High
  • CWE: CWE-250 Execution with Unnecessary Privileges
  • Assurance Scope: PCI, NIST, HIPPA, APRA
  • Threat Modeling Principal: Escalation of Privileges
  • Rule Set: Rapticore Benchmark

1.3: Ensure No Amazon IAM Groups with Administrator Permissions

๐Ÿ“˜ Having Amazon IAM groups with administrator permissions contradicts cloud security best practices. Limiting privileges to the least required reduces risks associated with privilege escalation and unauthorized access.

  • Section: Identity and Access Management
  • Severity: High
  • CWE: CWE-250 Execution with Unnecessary Privileges
  • Assurance Scope: PCI, NIST, HIPPA, APRA
  • Threat Modeling Principal: Information Disclosure, Tampering
  • Rule Set: Rapticore Benchmark

1.4: Ensure at Least One IAM Group Assigned to an IAM User

๐Ÿ“˜ Assigning at least one IAM group to an IAM user is crucial for effective access and privilege management. This ensures that user permissions are properly organized and monitored.

  • Section: Identity and Access Management
  • Severity: High
  • CWE: CWE-250 Execution with Unnecessary Privileges
  • Assurance Scope: PCI, NIST, HIPPA, APRA
  • Threat Modeling Principal: Escalation of Privileges
  • Rule Set: Rapticore Benchmark

1.5: Ensure Third Party IAM Roles Use MFA for Cross-Account Access

๐Ÿ“˜ Implementing Multi-Factor Authentication (MFA) for third-party IAM roles accessing your AWS account is critical for enhancing security. MFA adds an additional layer of protection, mitigating risks of information disclosure and tampering.

  • Section: Identity and Access Management
  • Severity: Critical
  • CWE: CWE-308 Use of Single-factor Authentication
  • Assurance Scope: PCI, NIST, HIPPA, APRA
  • Threat Modeling Principal: Information Disclosure, Tampering
  • Rule Set: Rapticore Benchmark

Updated 5 months ago