Member-only story
Identify AWS Resources Exposed to the World using Cloud Custodian
Identify the cloud resources that are unintentionally exposed to everyone.
An organization may have several hundreds of AWS accounts provisioned programmatically or via console. It is very easy to misconfigure the resources with the same speed as you modify or provisioned them. It is very important to understand the working mechanics for each resource so you make proper use of and configure those correctly.
Cloud Custodian is an open-source tool that allows us to write the policy in YAML and deploy those as Lambda functions. The policy gets triggered based on the scheduled defined (Cloudwatch event rules) within the policy. This helps us identify resources that may have been unintentionally configured to be exposed to the world. We have provided some policies examples below.
Example#1: Cloud Watch Event Bus Access to Everyone
policies:
- name: cw-event-bus-publicly-accessible
resource: aws.event-bus
comment: |
This policy identifies any publicly accessible CloudWatch Event
Bus. This is a notify policy. Deployed in all low and high tier.
Using an overly permissive access policy for your CloudWatch
default event bus can allow unauthorized AWS users to send their
CloudWatch events.
filters:
— type: cross-account…
