Ensuring Role Assumption is Logged
Using CloudTrail to Log User Privileges
Role assumption needs to be properly configured as well as logged. Because AWS IAM is integrated with CloudTrail, you can easily track and log all user activities and assumed roles. By ensuring role assumption is logged, you can maintain and review the history of access and understand user privileges.
Transcription
When you enforce least privilege through the use of role assumption, one of the critical things that needs to be executed is logging of all activities and assumed roles. This can be executed using AWS CloudTrail. By enabling AWS CloudTrail, you can execute the logging of role assumption to ensure you are able to identify each user that has assumed a role. By doing this, you can understand which accesses are being granted and which privileges are being assumed.
Related Videos
Attributes of Log Data
Audit Trail Review with Kibana, Athena, and GuardDuty
Audit Your Security Groups for Insecure Ports and Protocols
Change-Detection Solutions in AWS
CloudTrail and CloudWatch Integration
Enabling AWS Config in All Regions
Enabling CloudTrail Log File Validation
Enabling CloudTrail in All Regions
Ensure ALBs Have WAF ACLs Attached
Ensure RDS Instances are Only Accessible by Internal IPs
Filters and Alarms in CloudWatch
GuardDuty Alerts for Control Failures
How to Edit Inbound Traffic Rules for Default Security Groups
Identify Unrestricted Access to Ports for Security Groups
Identify if EC2 Instances Are Directly Connected to the Internet
Logging Tools in AWS
Logging Web ACL Data in Amazon Kinesis
Monitor Network Traffic with VPC Flow Logs
Protecting API Gateways with WAF Rules
Restrict Access to CloudTrail Logs in S3 Buckets
Restrict Security Group Access to All Ports
Retaining Your Audit Trail in AWS
Routing Outbound Traffic Through NAT Gateways
Securing Your Log Files
Using Amazon Time Sync Service
