Remediate Current AWS for Latacora Security Findings

[rfuelsh]

going through latacore security findings - https://drive.google.com/drive/folders/1Mbe6Ek_n5IS3NK9WXx6pYBOqnaf45XXL

[rfuelsh]

fixing AWS as much as I can based latacora findings

[rfuelsh]

done as much as I can for old account

[rfuelsh]

• For the AWS audit, 55% of vulnerabilities were low, 23 % Medium, and 13 % Informational

Low: Limited impact on SAPCP. High awareness/easily detected. Difficult to exploit or not directly exploitable. May be useful for reconnaissance. Potentially no action required.

Medium : Moderate impact on SAPCP. High awareness/possibly

CloudTrail Log File Validation Is Disabled - Done CloudTrail Service Not Configured - Done EC2 Instance with IMDS Version 1 Enabled - N/A EKS Cluster API Allowing Access From All IPs (0.0.0.0/0) - N/A (Important for Future AWS) EKS Cluster Allowing Pod Access to IMDS - N/A IAM Managed Policy Allows ”iam:PassRole” For All Resources - N/A (Important for Future AWS) IAM Managed Policy Allows All Actions - N/A (Important for Future AWS) IAM Role Cross-Account Trust Policy Lacks External ID and MFA Requirements - N/A **IAM Root Account without MFA - Need to speak to team lead about this** Organizations Node Lacking Service Control Policies - N/A RDS Database Instance IAM Authentication Disabled - N/A Organizations Account Resource Configured with Sensitive Cross-Account Relationships - N/A Organizations Management Account with Resources - N/A - For K8s Audit, 59% Medium, 31% Low. 10% Informational Kubernetes Container Security Context Configured with ”runAsUser” as UID 0 (root user) - important for future Kubernetes Namespace Missing a ”Default Deny” Network Policy - TBD Kubernetes Principal with Full RBAC Permissions - To improve on Kubernetes Principal with Sensitive RBAC Permissions. - to improve on Kubernetes Security Context Configured with ”allowPrivilegeEscalation” - optimization Kubernetes Security Context Missing ”readOnlyRootFilesystem” Field - optimization Kubernetes Security Context Missing ”runAsNonRoot” and ”runAsUser” Fields - optimization Kubernetes Sensitive Path Mounted as Volume - n/a