AWS SQS and SNS - lab
Scenario
In this scenario, we have a use case where a customer accidentally created a SNS topic and SQS queue without encryption. Our goal here is to detect and remediate the SNS topic and SQS queue.
Here is a valuable use case from AWS about why encrypting SQS and SNS is important: Link to AWS Blog
1. Log in to Trend Micro - Cloud One, choose Conformity, select the account on your left that you have integrated for this workshop, and then click in Browse All Checks
2. Click Filter checks to open the filter options to enable an easy way to investigate some checks for Amazon SQS and SNS
3. Define the Filter check
Here are the configurations that you should apply:
- On Resource Types: search for SQS Queue and press Enter
- On Resource Types: search for SNS Topic and press Enter
- On Search Tags: add Lab::4 and press Enter
- On Status: uncheck Success
After you complete configurations, click Filter Check again
4. How to look for the specific Conformity check to properly perform remediation
Locate the Conformity checks that pertains to the misconfigurations of this scenario (SNS Topic Encrypted and Queue Server Side Encryption). Next to each, select Resolve, which will populate the step-by-step instructions for remediating these misconfiguration.
Clicking the (+) icon on the left side of the Conformity checks allows you to see more details about the discovered misconfiguration. It will also provide the direct link to the resource to help you to review and fix it.
5. Remediation
Clicking Resolve button will bring you to the Knowledge Base where you will find step-by-step instructions on how to remediate the misconfiguration found by Conformity.
- SNS Topic Encrypted - Knowledge Base Link
- Queue Server Side Encryption - Knowledge Base Link
6. Review the remediation
After completing the remediation for those two use cases, you can return to the Conformity click Run Conformity Bot to start a new process.
The default Conformity process for monitoring is hourly checks performed by the Conformity bot. You can also manually run the checks or enable the real-time monitoring feature.
After couple minutes the Conformity Bot check will finish and you can check if the previous configurations will now appear as Succeeded instead of Failed.
