How to Increase your Security Score in AWS.

Security score in SecurityHub

OBJECTIVE: This article provides the checklist of the AWS services that impact the security score in the security hub. The following is the list of AWS services and their components that have to be taken care of to mitigate all the security issues in AWS

IAM:

• IAM users’ access keys should be rotated every 90 days or less.
• IAM customer-managed policies that you create should not allow wildcard actions for services.
• IAM root user access key should not exist.
• IAM policies should not allow full “*” administrative privileges.
• MFA should be enabled for all IAM users that have a console password.
• Password policies for IAM users should have strong configurations.
• Unused IAM user credentials should be removed.
• IAM users should not have IAM policies attached.

EC2 :

• EC2 instances should not have a public IPv4 address.
• EC2 instances should use Instance Metadata Service Version 2 (IMDSv2).
• Security groups should only allow unrestricted incoming traffic for authorized ports.
• The attached EBS volumes should be encrypted at rest.