AWS IAM - lab

Scenario

In this scenario, we have a use case where a customer accidentally created an IAM role policy that is overly permissive. Our goal here is to detect the IAM role and fix it so it only grants access to those who absolutely need it.

scenario2

1. Log in to Trend Micro Cloud One, choose Conformity, select the account on your left that you have integrated for this workshop, and then click Browse All Checks

la2_s3

2. Click Filter checks to open the filter options so we can enable an easy way to investigate some checks for AWS IAM

la2_s3

3. Define the Filter check

Here are the configurations that you should apply

  • On Services, search for IAM and press Enter
  • On Search Tags, add Lab::3 and press Enter
  • On Status, uncheck Success

After you complete configurations, click Filter Check again.

la3_iam

4. How to look for the specific Conformity check to properly perform remediation

Locate the Conformity check that pertains to the misconfiguration of this scenario (IAM Role Policy Too Permissive). Next to it, select Resolve, which will populate the step-by-step instructions for remediating this misconfiguration.

Clicking the (+) icon on the left side of the Conformity checks will allow you to see more details about the discovered misconfiguration. It also provides direct link to the resource to help you to review and fix it.

la2_s3

5. Remediation

Clicking Resolve will bring you to the Knowledge Base where you will find step-by-step instructions on how to remediate the misconfiguration found by Conformity. In this case, you will find multiple use cases for remediation so you can choose the best approach based on your least privilege access strategy for giving users permission to resources in the cloud.

For this lab you can apply Case C in the Knowledge Base:

la2_s3

6. Review the remediation guide

After completing the remediation for those two use cases, you can return to the Conformity dashboard and click Run Conformity Bot to run a new process.

The default Conformity process for monitoring is hourly checks performed by the Conformity bot. You can also manually run the checks or enable the real-time monitoring feature.

After couple minutes the Conformity Bot check will finish and you can check if the previous configuration will now appear as Succeeded instead of Failed.

la2_s3