Audit AWS Cloud Security using ScoutSuite

Source: Unsplash

Cloud Infrastructure services like AWS, Google Cloud, Microsoft Azure, and Alibaba Cloud have become very popular because they help to scale technology, increase availability, and manage everything that comes with it. It also costs less than managing physical hardware, which is becoming outdated and difficult to scale and maintain.

Nonetheless, it is important to keep in mind that cloud environments are not entirely immune to cyber threats. It is our responsibility to check for any vulnerabilities and fix them to avoid problems.

Imagine if someone got access to your cloud infrastructure because of a small mistake you didn’t notice; it may lead to a business downfall. That’s why we need to take care and ensure our cloud infrastructure is secure to prevent such incidents.

This article focuses on utilizing the open-source tool ScoutSuite for Cloud Security.

What is ScoutSuite

ScoutSuite is a security auditing tool, available as an open-source tool, which is designed to evaluate the security posture of cloud environments. It also supports multiple cloud platforms. It uses APIs provided by cloud providers to gather configuration data, identify security gaps, and highlight potential risks.

The tool was developed by security experts to provide a security-oriented view of cloud accounts and present the attack surface in an easy-to-understand format. ScoutSuite can be used offline once the data has been gathered, and it does not require users to fill out any additional forms for AWS, Microsoft Azure, and Google Cloud.

The following cloud providers are currently supported by ScoutSuite:

• Amazon Web Services
• Microsoft Azure
• Google Cloud Platform
• Alibaba Cloud (alpha)
• Oracle Cloud Infrastructure (alpha)

This document outlines the process of utilizing ScoutSuite to conduct a security audit of AWS cloud infrastructure to identify vulnerabilities and strengthen the security of the cloud environment.

Prerequisites

To run ScoutSuite, you need to comply with the following prerequisites:

• Python 3.6 or above.
• AWS CLI: ScoutSuite requires access to a cloud provider to audit the infrastructure, so you must install their CLI program to access cloud resources.
• Programmatic user: It is necessary to create a programmatic user for ScoutSuite and attach the ReadOnlyAccess and SecurityAudit policies to the user. With these credentials, we can configure AWS CLI and run ScoutSuite.

Installation

It is recommended to use a virtual environment while installing and running ScoutSuite. We are going to install it in the easiest way, i.e., using Python’s pip program. Below are the commands:

Create a virtual environment:

virtualenv -p python3 venv

Activate Virtual Environment:

source venv/bin/activate

Install ScoutSuite:

pip install scoutsuite

Run the scout help command to check whether it is successfully installed or not:

scout --help

Please refer to screenshots for the installation process below:

Image by the author — ScoutSuite installation process

Image by the author — ScoutSuite installation process

Image by the author — ScoutSuite installation process

Running ScoutSuite

Step 1: Open the command line interface of your system and configure your AWS user credentials, i.e. Access Key ID and Secret Access Key using the aws configure command:

aws configure

Image by the author — AWS CLI configuration

With these user credentials, ScoutSuite will be able to access the AWS resources for the assessment.

Step 2: Run the below command to run ScoutSuite on AWS:

scout aws

Image by the author — Execution of ScoutSuite

After the command is successfully executed, ScoutSuite will automatically open a report in HTML format in your default browser:

Image by the author — Main Dashboard

Above is the main dashboard of ScoutSuite, which shows all the services provided by AWS, the number of scanned resources, the number of affected resources, and the number of checks performed.

Image by the author — EC2 Dashboard

Above is the EC2 dashboard, and all the rules under EC2 sections against your resources are scanned.

Image by the author — EC2 Dashboard

Above is a detailed description of rules, remediation, compliance, and references. It also shows the number of scanned resources and the number of flagged resources.

Image by the author — Security Group Dashboard

Above is the security dashboard; in this section, you can see the actual affected resource which is being flagged; with this, you can verify the resource and fix it accordingly.

Image by the author — IAM Dashboard

With the report above, you can see all the configurations related to AWS resources such as EC2, IAM, R53, S3, etc. The configurations in ScoutSuite are divided into three categories: Good, Warning, and Danger. Each category represents the level of risk associated with the configuration.

• The Good category indicates that the configuration is safe and meets best practices for security.
• The Warning category means that there is a potential risk associated with the configuration, and it should be investigated further.
• The Danger category indicates a critical security issue requiring immediate attention and action.

By categorizing the configurations in this way, ScoutSuite helps users prioritize their security efforts and focus on the most critical issues first. You can also enable/disable rules according to your requirements. Please refer to Enable/Disable Rules. Also, you can create a custom ruleset according to your needs. Please refer to Custom Rules.

You can also find the scoutsuite-report folder in the current working directory from where you executed the scan. You can zip it and store it in S3 or any other location and also share it with people for auditing purposes.

ScoutSuite scans can be integrated with Continuous Integration/Continuous Delivery tools like Jenkins with the help of shell scripts. For example; you can write a shell script to download, install and then run ScoutSuite scan. After execution, you can zip the scoutsuite-report folder and upload it to an S3 bucket using AWS CLI commands. Whenever we need to scan the infrastructure, we just need to trigger the Jenkins job and get the reports in the S3 bucket. Reports can also be exported programmatically for later access. For more information, please refer to Exporting Reports.

Advantages of ScoutSuite

Below are some of the advantages of using ScoutSuite to scan your cloud infrastructure:

• Comprehensive cloud security assessment: ScoutSuite supports multiple cloud service providers, including AWS, Azure, and Google Cloud Platform. It scans and audits your cloud infrastructure to identify security misconfigurations, vulnerabilities, and compliance issues. It provides a holistic view of your cloud environment’s security posture, allowing you to address potential risks effectively.
• Automated security assessments: ScoutSuite automates the security assessment process, saving time and effort compared to manual inspections. It scans your cloud infrastructure for a wide range of security best practices, including access controls, encryption, network configurations, logging, and more. This tool helps to identify common security pitfalls and areas that require attention.
• Easy-to-Use and customizable: ScoutSuite provides a user-friendly CLI that simplifies the security assessment process. It offers numerous configuration options and plugins, allowing users to customize the tool’s behaviour based on their specific requirements.
• Security insights and reporting: ScoutSuite generates detailed reports that provide a comprehensive overview of security issues and recommendations. The reports highlight misconfigurations, vulnerabilities, and compliance violations, making it easier to understand the security posture of your cloud environment. The insights gained from these reports help in remediating security risks promptly.
• Continuous monitoring and compliance: ScoutSuite supports continuous security monitoring by allowing scheduled scans or integration with continuous integration/continuous deployment (CI/CD) pipelines. It helps to ensure that security controls are consistently in place, reducing the chances of new vulnerabilities or misconfigurations going undetected.
• Open-source community support: ScoutSuite is an open-source tool with an active community of contributors. This means it benefits from ongoing development, updates, and improvements based on user feedback and security research. The community also provides support and resources for users to enhance their understanding of cloud security best practices.
• Cost-Effective security assessment: As an open-source tool, ScoutSuite is freely available, making it a cost-effective option for security auditing. It provides a viable alternative to commercial cloud security solutions without compromising on functionality or effectiveness.

Conclusion

In this article, we explored how ScoutSuite can be used to its fullest potential. This included defining the cloud environment, configuring the tool with appropriate credentials, and reviewing the results to identify and mitigate potential risks. The Scout Suite’s report can be used as a guide to improving the security posture of your cloud infrastructure projects, and it should be regularly updated to stay protected against new threats. Overall, it is an invaluable tool for businesses to protect their cloud infrastructure and keep their data safe.

Reference

• ScoutSuite