Creating an AWS Batch Job That Requires MFA
ACM.5 Series on my attempt to create an AWS Batch job that requires MFA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Batch Job Security | MFA |Passwords
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the last post I explained how batch jobs can help cybersecurity.
But what if your batch job goes rogue and does something it is not supposed to do? What if it is infected by malware? What if you are performing an assessment for a company and you want to ensure that only you can use the credentials the client assigned to you? What if you are running a cloud security product in your environment and you want to approve actions it takes, before it takes them, such as rolling back changes to critical resources?
By the way, I’ve seen that last one take down a cloud environment at a large financial institution. It happens.
I like the idea of only performing sensitive operations if MFA is present. As noted in some of my attempts to require MFA for sensitive operations is limited on AWS due to the fact that the use of MFA is not passed from the role assumption to subsequent actions.
However, we can require MFA for the role assumption, and only allow running an AWS Batch Job with a specific role, in theory. So I’m going to try this out. I’ve already started working on various aspects of the solution in relation to running cloud and application penetration tests for customers.
Follow along if you want to see how the rest of it goes. Additional posts will be added to this one as I proceed. I might get stuck but I think I can make this work.
I eventually got this working here, and the posts preceding it that you can click at the top of each story.
I also have all the stories listed in this sub series on deploying a static website in an S3 bucket.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2022
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
