3 Answers
- Newest
- Most votes
- Most comments
1
The list depends on yours company risk appetite and delivery governance/compliance processes, but typically you should look into:
- Cloudtrail
- AWS Config
- AWS artifacts
- AWS Audit Manager
0
My Friend, The major services required for Security Audit are 1. CloudTrail (Certralized/ Account wise) 2. GuardDuty (if enabled) 3. ELB Access Logs in the S3 bucket 4. WAF Logs in the S3 Bucket 5. If any other Security Services are integrated, those details will be required. Based on the kind of Audit you are doing the requirement will change. But most commonly these services are required.
answered a year ago
0
Hi, 2 pointers for you:
- Recommendation for security audit on your AWS infrastructure: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-audit-guide.html
- Security Pillar of Well-Architected Framework: https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html
If you apply those documents to your specific context, you'll be able to define the proper form of a security audit for your system
Hope it helps
Didier
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago