The Cloud Conformity team are currently in the final stages of developing a new AWS Technology product. This product will provide automated checks on AWS accounts to ensure best practices are conformed with in the following areas:
3) Performance Efficiency
4) Cost Optimisation
This product will be vital to organisation utilising Amazon Web Services. This technology product will run immediately upon any changes to the Infrastructure and check that all best practices are being adhered to.
We currently have 100 automated rules. To ensure users understand what is being checked, along with the implications of any violations, we need to create an overview of each of the rules. We would like each rule to be documented in the following format:
- Title/Short description
- Full Description (this should be limited to one or two paragraphs)
- Rationale (Why do this? Why is it important)
- Audit: Provide steps by step how to audit using AWS Management Console (AWS CLI command is a plus)
- Remediation/Resolution: Provide steps by step how to remidiate using AWS Management Console (AWS CLI command is a plus)
- SEO Keywords
If you are interested in this work, please provide an example piece of content using one of the following rules:
Rule 1: ELB Insecure SSL Ciphers
Description: Ensure ELBs do not use insecure SSL ciphers
AWS Product: EC2/ELB
List of insecure/deprecated SSL ciphers
"RC2-CBC-MD5", "PSK-AES256-CBC-SHA", "PSK-3DES-EDE-CBC-SHA", "KRB5-DES-CBC3-SHA", "KRB5-DES-CBC3-MD5", "PSK-AES128-CBC-SHA", "PSK-RC4-SHA", "KRB5-RC4-SHA", "KRB5-RC4-MD5", "KRB5-DES-CBC-SHA", "KRB5-DES-CBC-MD5", "EXP-EDH-RSA-DES-CBC-SHA", "EXP-EDH-DSS-DES-CBC-SHA", "EXP-ADH-DES-CBC-SHA", "EXP-DES-CBC-SHA", "EXP-RC2-CBC-MD5", "EXP-KRB5-RC2-CBC-SHA", "EXP-KRB5-DES-CBC-SHA", "EXP-KRB5-RC2-CBC-MD5", "EXP-KRB5-DES-CBC-MD5", "EXP-ADH-RC4-MD5", "EXP-RC4-MD5", "EXP-KRB5-RC4-SHA", "EXP-KRB5-RC4-MD5"
More info: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-table.html
Rule 2: CloudTrail Bucket Publicly Accessible
Description: Ensure CloudTrail logging bucket is not publicly accessible
AWS Product: CloudTrail
Rule 3: CloudTrail Integrated With CloudWatch
Description: Ensure CloudTrail events are monitored with CloudWatch Logs. This enables you to receive SNS notifications from CloudWatch when specific API activity occurs Category: Security
AWS Product: CloudTrail
Rule 4: Route 53 Domain Transfer Lock
Description: Ensure Route 53 domains have the transfer lock set to prevent an unauthorized transfer to another registrar
AWS Product: Route 53 I look forward to hearing from you.
Please only chose one of the above rules when providing an example. We will be engaging the most suitable author to complete content for 100 rules.
Along with your submission, please quote your hourly rate and expected number of hours required to complete each rule.
The ideal candidate will be experienced with Amazon Web Services and will be capable of providing not only an overview of what the rules do, but providing steps to rectify the violations.
A technical resource from our team will be available to assist with any technical queries.