SECURING THE GLOBAL ENTERPRISE: UNLEASHING THE POWER OF AWS CONFIG FOR UNMATCHED IT GOVERNANCE

Client Profile

A global technology company offers various services and products to help businesses connect, secure, analyze, and leverage their data and applications. Their solutions encompass servers, storage systems, networking tools, containerization software, and consulting and support services.

Key Requirement & Challenges

The client was to establish a robust and automated solution to ensure the security and compliance of its AWS infrastructure across multiple regions and services. Specifically, the client needed a system that could:
  • Continuously monitor the configuration of AWS resources
  • Ensure compliance with internal security policies and industry standards
  • Automate remediation actions to address non-compliance
  • Efficiently manage exceptions and log events for auditing purposes
  • The client faced challenges with existing manual monitoring and enforcing compliance processes, which were time-consuming and prone to human error. They made maintaining a strong security posture in an agile cloud environment difficult.

    Solution

    Flentas has implemented an automated compliance and security control solution to address these challenges using AWS Config, AWS Lambda, Amazon DynamoDB, AWS Systems Manager (SSM), AWS EventBridge, and AWS Organizations. The solution was designed to:

      1. Leverage AWS Config to monitor and record the configurations of AWS resources continuously.

      2. Implement AWS Config Rules with custom Lambda functions to check compliance status against internal security standards that are not available as pre-defined AWS Config rules.

      3. Use EventBridge Rules to trigger a Lambda Orchestrator based on compliance findings and resource tags, such as the auto_remediation tag, which indicates whether auto-remediation should be performed.

      4. Execute Automated Remediation using AWS Lambda functions and SSM documents for resources tagged with auto_remediation = Y.

      5. Initiate Manual Remediation Actions by generating Jira tickets through a detection flow Lambda function for resources tagged with auto_remediation = N.

      6. Store Logs and Exceptions in Amazon DynamoDB for tracking auditing and troubleshooting purposes.

      7. Create a Delegated Config Admin Account with an Organization-level Config Aggregator to centralize compliance monitoring and view all AWS account details in a single dashboard.

    Components and Services

  • AWS Config: Monitors and records configurations of AWS resources and evaluates them against desired configurations.
  • AWS Lambda: Executes code in response to events. They are used for custom compliance checks, orchestration, remediation, and detection workflows.
  • Amazon DynamoDB: A NoSQL database service used to store log details, exception logs, and other metadata.
  • AWS Systems Manager (SSM): Used for automation and executing SSM documents for auto-remediation actions.
  • AWS EventBridge (formerly CloudWatch Events): Monitors events from AWS services and routes them to targets like AWS Lambda functions.
  • AWS Organizations: Helps manage and govern AWS accounts in a centrally managed manner.
  • AWS Config Aggregator: Collects configuration and compliance data from multiple AWS accounts and regions into one account.
  • Jira: A third-party ticketing system used to create tickets for manual intervention when auto-remediation is not enabled.
  • Business Impact

    Enhanced Security Posture Continuous monitoring and automated remediation significantly reduced the risk of misconfigurations and security breaches.
    Operational Efficiency Automating compliance checks and remediation reduced the manual workload on the client’s security team, allowing them to focus on strategic initiatives.
    Improved Compliance Management The solution ensured that the client’s AWS environment complied with internal policies and industry standards.
    Scalability and Flexibility The architecture is scalable and can be easily modified to incorporate new compliance rules or integrate with additional AWS services.
    Comprehensive Logging and Auditing The centralized logging of all actions and exceptions in DynamoDB facilitated detailed auditing and compliance reporting.

    More Success Stories

    ×

    Talk to our experts to discuss your requirements

    Real boy icon sized sample pic Real girl icon sized sample pic Real boy icon sized sample pic
    India Directory