AWS Detective control

In AWS security control, the detective control is the most basic control in managing your cloud resources. You can argue the preventive is the most powerful control to prevent users from making any non compliant resources, but without detective control, you even don’t know what resources & which controls to be managed & controlled and you need to know how expensive & fancy control the preventive control is.

To have detective control, you will need to understand the detective framework control flow.

1. Resource state: The most important rules for the monitoring is to know what resource you need to monitor. Even if you have the robust monitoring system, if you can’t cover 100% of resources or miss the critical resources, your monitoring system can tell about your system well.
2. Collection of events: This is about how you collect all activities and status of resources or actions on the resources. The detective system will watch all resources’ state but also all changes upon the resources.
3. Analyze the events: Now if you know all resources to be monitored and ensure your system will collect all events, then you need to analyze your resources based on the policy (standard, guidelines).
4. Remediation: Lastly, you will have to remediate non-compliant resources found by the framework.

Let’s go detail.

Resource State

AWS Config will provide the service for you to gather information about the resources…