- Más nuevo
- Más votos
- Más comentarios
An unauthorized User access one EC2 in Environment A and send out email via SES using email-smtp.ap-southeast-1.amazonaws.com. The credential account and verified identities belong to the authorized users AWS SES account.
How to prevent it?
Put EC2 Instance into private Subnet, use SSM to connect to the instance instead of putting it on the public network, add least privileges to the IAM Role which is attached to the instance. Restrict access to SES using SCPs.
https://docs.aws.amazon.com/de_de/systems-manager/latest/userguide/ssm-agent.html https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
Coming from a last week security aws workshop, I would recommend to ll oil into Guardduty and integration with security hub https://docs.aws.amazon.com/guardduty/latest/ug/securityhub-integration.html
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace 2 años