Check out AWSume
AWSume is an open-source plugin that manages session tokens and streamlines cross-account MGA access from the CLI
Trek10’s security solutions and services will secure your AWS APIs and infrastructure. Schedule a meeting today to see if you qualify for a free security scan and report.
Security and compliance of AWS accounts and infrastructure is a shared responsibility between AWS and the customer. While AWS provides “Security of the Cloud” -- the hardware, software, networking and data center facilities that run all AWS cloud services in your accounts -- you are critically responsible for “Security in the Cloud.” This is a complex undertaking that varies based on the AWS services in use in your account. Trek10’s certified security experts provide analysis and recommendations based on a combination of automated scans and human review to keep the bad guys out of your environment and your company’s name out of the news.
AWS IAM is the foundation of your infrastructure’s security. As organizations continue to move up the stack and take advantage of AWS’s abstracted platform services, your attack surface shifts from server operating systems and dependencies to AWS IAM. As a certified AWS MSP, Trek10 has designed and built a hardened approach to accessing hundreds of different client AWS accounts with IAM escalations (with human escalation approvals included). Check out our blog post for the full design and reach out for an assessment on implementing this approach to secure your multi-account environment.
AWS Lambda and the serverless revolution help abstract away the undifferentiated heavy lifting that provides little business value to your organization. By building your applications with stateless serverless functions, you no longer need to patch your operating systems, and you can say goodbye to SSH keys! While serverless functions as a service drastically reduces your attack surface, it is by no means a silver bullet. Check out this 5 minute podcast (transcript included) to learn more about securing your serverless applications.
Several clients have asked us what they can do to help avoid a breach similar to the very public and recent Capital One breach.