Ensure security contact information is registered

AWS provides customers with the option of specifying the contact information for account's security team. It is recommended that this information be provided.Specifying security-specific contact information will help ensure that security advisories sent by AWS reach the team in your organization that is best equipped to respond to them.

Risk Level: Low
Cloud Entity: AWS Identity and Access Management (IAM)
CloudGuard Rule ID: D9.AWS.OPE.22
Covered by Spectral: No
Category: Security, Identity, & Compliance

GSL LOGIC

Account should have alternateContacts with [ alternateContactType='SECURITY' ]

REMEDIATION

**From Console

  1. Sign in to the AWS Management Console https://console.aws.amazon.com/
  2. Click on your account name at the top right corner of the console.
  3. From the drop-down menu Click My Account
  4. Scroll down to the Alternate Contacts section
  5. Enter contact information in the Security section,Update.

From Command Line

  1. Use below command to update the alternateContacts
aws account put-alternate-contact [--account-id VALUE] --alternate-contact-type VALUE --email-address VALUE --name VALUE --phone-number VALUE --title VALUE [--cli-input-json VALUE ] [--generate-cli-skeleton VALUE]

For example:

aws account put-alternate-contact --alternate-contact-type SECURITY --email-address [email protected]  --name Example --phone-number +1234567890 --title Example

From TF

  1. Use resource: aws_account_alternate_contact and update the arguments. Make sure type SECURITY.

resource "aws_account_alternate_contact" "SECURITY" {
alternate_contact_type = "SECURITY"
name = "Example"
title = "Example"
email_address = "[email protected]"
phone_number = "+1234567890"
}

References

  1. https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact.html
  2. https://docs.aws.amazon.com/cli/latest/reference/account/put-alternate-contact.html
  3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact

AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users.

Compliance Frameworks

  • AWS CIS Controls V 8
  • AWS CIS Foundations v. 1.3.0
  • AWS CIS Foundations v. 1.4.0
  • AWS CIS Foundations v. 1.5.0
  • AWS CIS Foundations v. 2.0.0
  • AWS CSA CCM v.4.0.1
  • AWS CloudGuard Best Practices
  • AWS ISO27001:2022
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-53 Rev 5
  • CloudGuard AWS All Rules Ruleset