Forti365
AWS Security Baseline Guide
Security misconfigurations are the #1 cause of cloud breaches. After reviewing 50+ AWS environments, these are the 4 areas where we find the most risk. Use this guide to spot the red flags — then let us help you fix them.
1. IAM & Access Management
Overly permissive IAM policies are the most common finding in our reviews. If your root account doesn't have MFA, stop reading and go enable it now.
Is MFA enabled on your root account?
Does every person have their own IAM user (no shared credentials)?
Are your IAM policies following least-privilege principles?
Are access keys rotated within 90 days?
2. Logging & Monitoring
If you can't see what's happening, you can't respond to it. Most SMBs have gaps in their logging coverage.
Is CloudTrail enabled in all regions?
Is GuardDuty turned on?
Is AWS Config tracking resource changes?
Do you have billing alerts for anomaly detection?
3. Network Security
Open security groups are the #1 attack vector. One port open to the world is all it takes.
Are any security groups open to 0.0.0.0/0 on SSH or RDP?
Are databases in private subnets?
Are VPC Flow Logs enabled?
4. Data Protection
Unencrypted data and public S3 buckets are compliance failures waiting to happen.
Is "Block Public Access" enabled at the account level for S3?
Is encryption at rest enabled for RDS and EBS?
Is HTTPS enforced everywhere?
How many of these did you check off?
If you missed more than 2, your environment likely has gaps. Book a free call and we'll help you prioritize what to fix first.
Book Free Health Check →