avatarTeri Radichel

Summary

Teri Radichel shares insights and experiences on setting up AWS Organizations, discussing best practices, challenges, and solutions for managing security and governance in cloud environments.

Abstract

The provided content is a comprehensive collection of articles by Teri Radichel, focusing on the intricacies of AWS Organizations. Radichel delves into the creation and management of AWS accounts, organizational units (OUs), and service control policies (SCPs). She discusses the risks associated with AWS Organizations, such as root user management and the importance of IAM roles. The articles also cover the deployment of CloudTrail for auditing, strategies for closing and moving accounts, and the use of permission boundaries and SCPs for access control. Radichel emphasizes the need for automation, MFA enforcement, and secure deployment practices, while also addressing the protection against SSH vulnerabilities and the organization of resources for better governance and security. The content serves as a resource for cybersecurity professionals looking to enhance their cloud governance and security posture.

Opinions

  • Radichel advocates for a secure baseline and automated account provisioning to improve governance in AWS Organizations.
  • She emphasizes the importance of creating a safer AWS Organizations management role to reduce risk.
  • Radichel suggests that governance teams should have the ability to govern through the use of SCPs and other controls to prevent the riskiest actions.
  • She points out the complexities involved in enabling CloudTrail and the need for careful configuration of S3 bucket policies.
  • Radichel highlights the challenges and risks related to closing AWS accounts and moving accounts between organizations.
  • She recommends using containers that require MFA for deployment activities to enhance security.
  • Radichel stresses the necessity of organizing AWS resources and adopting naming conventions to streamline resource management and security incident response.
  • She expresses the importance of assessing supply chain geopolitical risk and considering the security implications of support team access.
  • Radichel encourages the use of CloudFormation for infrastructure as code (IaC) to maintain consistency and reduce drift in deployments.
  • She calls for the creation of shared repositories and code within an organization to avoid repetition and promote efficiency.
  • Radichel underscores the value of automating cybersecurity metrics to measure and improve security postures effectively.

AWS Organizations

Stories about AWS Organizations by Teri Radichel

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Appsec | Secure Code | Data Breaches | DevOps | Governance

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I’ve been working through setting up an AWS Organization from scratch (again). I’ve done this multiple times with and without AWS Control Tower, AWS SSO, etc. I actually wrote a class on AWS Control Tower but never taught it. I even had someone test the labs. But I had too may issues with it (it is a lot better than what some people are doing to manage security in the cloud but wasn’t the solution I wanted) so I ended up moving in a different direction. There are many options for deploying AWS Organizations and resources but these posts will give you some insight into things you might want to think about and gotchas you might face along the way so you can prepare.

Creating an AWS Account

Creating an AWS Organization

Creating Accounts and Organizational Units for AWS Organizations

This is another way to create an AWS account using a Lambda function, but I did not use this approach due to the inability to use AWS CloudFormation drift detection and alignment of code to resources provided by CloudFormation in that it is metadata that clearly describes resources. It also separates the execution of the deployment from what is deployed (depending on how you use it). But this is another option:

Risks Associated with AWS Organizations

AWS Organizations Governance and Service Control Policies

IAM for Organizations

Many more posts on related topics in my IAM posts:

AWS Organizations CloudTrail

Closing and Moving Accounts in Organizations

Multiple accounts and environments — reworking to support

In this post, I use my container that requires MFA for deployments to deploy resources in parallel. In this example I depoy most of the Organizational Units for my AWS Organization.

Protecting against an SSH vulnerability involving the RSA algorithm

Related for AWS Organizations:

Stories on Cloud Governance

Automating Cybersecurity Metrics

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Aws Organizations
Cloud
Security
Governance
Topics
Recommended from ReadMedium
avatarPaul Zhao
Using Boto3 To Clean Up Snapshots From Volumes That Are Unattached To Any Instances In AWS

This is a handy boto3 script tested to clean up snapshots from volumes that are unattached to Any Instances in AWS

5 min read
avatarRoman Ceresnak, PhD
Implementing Cloud Security Best Practices with AWS

As the AWS Cloud enthusiastic, I understand the paramount importance of securing cloud environments. With the rapid adoption of cloud…

16 min read
avatarRehan Mulla
Identity and Access Management (IAM): A Comprehensive Overview

Introduction to IAM

13 min read
avatarsundaeGAN
Please, Protect My AWS! : AWS Config

Today, we are going to know about an AWS Config!

3 min read
avatarSiladitya Ghosh
Demystifying Data Mesh: Key Components, Use Cases, and AWS Implementation

In the evolving landscape of data management, organizations are embracing new paradigms to unlock the full potential of their data. One…

4 min read
avatarJames Bellerjeau
Tough Changes Made Me a Lifelong Student of Effectiveness

I might have felt cast adrift amidst the frequent changes. Instead, I learned to master uncertainty on the way to mastering myself

10 min read