AWS SQS and SNS - lab


In this scenario, we have a use case where a customer accidentally created a SNS topic and SQS queue without encryption. Our goal here is to detect and remediate the SNS topic and SQS queue.

Here is a valuable use case from AWS about why encrypting SQS and SNS is important: Link to AWS Blog


1. Log in to Trend Micro - Cloud One, choose Conformity, select the account on your left that you have integrated for this workshop, and then click in Browse All Checks


2. Click Filter checks to open the filter options to enable an easy way to investigate some checks for Amazon SQS and SNS


3. Define the Filter check

Here are the configurations that you should apply:

  • On Resource Types: search for SQS Queue and press Enter
  • On Resource Types: search for SNS Topic and press Enter
  • On Search Tags: add Lab::4 and press Enter
  • On Status: uncheck Success

After you complete configurations, click Filter Check again


4. How to look for the specific Conformity check to properly perform remediation

Locate the Conformity checks that pertains to the misconfigurations of this scenario (SNS Topic Encrypted and Queue Server Side Encryption). Next to each, select Resolve, which will populate the step-by-step instructions for remediating these misconfiguration.

Clicking the (+) icon on the left side of the Conformity checks allows you to see more details about the discovered misconfiguration. It will also provide the direct link to the resource to help you to review and fix it.


5. Remediation

Clicking Resolve button will bring you to the Knowledge Base where you will find step-by-step instructions on how to remediate the misconfiguration found by Conformity.


6. Review the remediation

After completing the remediation for those two use cases, you can return to the Conformity click Run Conformity Bot to start a new process.

The default Conformity process for monitoring is hourly checks performed by the Conformity bot. You can also manually run the checks or enable the real-time monitoring feature.

After couple minutes the Conformity Bot check will finish and you can check if the previous configurations will now appear as Succeeded instead of Failed.