Securing Your Website with AWS CloudTrail
What is AWS CloudTrail?
It is a cloud auditing service that helps you track user activity and API usage in your AWS account. It provides a comprehensive record of all events in your account, which you can use to detect unauthorized access, investigate security incidents, and meet compliance requirements.
Benefits of using AWS Config for cloud security
Auditability: CloudTrail provides a comprehensive audit trail of all API calls, so you can see who is accessing your resources and what they are doing.
Security monitoring: CloudTrail can help you detect unauthorized access and identify suspicious activity, such as failed login attempts or access to sensitive resources.
Compliance: CloudTrail can help you meet compliance requirements by providing a detailed audit trail of all activity, so you can demonstrate to auditors that you are protecting your data.
Operational troubleshooting: CloudTrail can help you troubleshoot operational problems by identifying the root cause of issues, such as performance issues or errors.
Cost optimization: CloudTrail can help you optimize your AWS costs by providing insights into resource utilization, so you can identify resources that are not being used efficiently.
How to use AWS CloudTrail
Case scenario: Your company’s website was hacked. As a security engineer, they are relying on you to find out who did it and ensure that it doesn’t happen again. Members of your team make frequent changes to the website, and sometimes those changes cause issues. Also, this morning, it looks like the website was hacked. Your team is asking if there is a way to track what was changed and who made the changes.
Step 1: Modify the security group and observe the website.
Step 2: Create a CloudTrail log
Step 3: Observe the hacked website
Note: Enabling CloudTrail before the attack can give you information about what users have done in your account.
Step 4: Analyzing the CloudTrail logs using Athena
AWS Athena is a serverless, interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL.
Step 5: Improving security.
To update your SSH security, enter the following command
sudo ls -l /etc/ssh/sshd_config
sudo vi /etc/ssh/sshd_config " in vi, enter the :set number"
Run this command to restart the SSH service so that the changes take effect
sudo service sshd restart
Step 6: Fix the website
Run this command on your terminal
cd /var/www/html/cafe/images/
ls -l
sudo mv Coffee-and-Pastries.backup Coffee-and-Pastries.jpg
Step 7: Delete the AWS hacker user
Conclusion:
AWS CloudTrail was used to investigate and respond to this security incident, demonstrating its ability to be used in conjunction with other AWS services such as AWS Athena and AWS IAM. To protect your data in the cloud, start using AWS CloudTrail today.