Security Compliance for a particular cloud account looks into the compliance of all resources under your infrastructure against best practices followed in the industry and provides a detailed compliance report on the same. This works well and is easier to manage when there is only one account to manage. But what about when multiple accounts are present and you want to view the consolidated list of issues across cloud accounts? Or if you want to view issues in only selected resources? This feature provides an easy and time saving solution for this problem.
What is the problem?
When a large number of accounts are to be audited and information obtained at once, it becomes tougher to look into multiple accounts and gain insights about all the issues occurring in multiple accounts. While performing manual audit on AWS accounts, switching of regions in different accounts and finding issues is a tedious and time consuming task. Another common problem that occurs is irrelevant alerts on some resources that spam your in-box unnecessarily. It might not be feasible for a person to look into the issues of a certain resource tagged with a common name/value in multiple regions of multiple accounts in a short interval.
What are Security Centers?
Security Centers is a feature that allows you to create groupings based on accounts added in Beam. This feature allows you to audit all such accounts added in the group and give a consolidated list of issues found. The reports for such groups contain issues from all the accounts in the group and hence makes it easier to analyze and fix the issues. Another time saving feature associated with security centers is that if you have same kind of tag added to the resources you are concerned about in 2 or more accounts, you can filter resources based on these tags under audit issue details. This filter will be applied across accounts and across regions and thus saving a lot of time to the user. Multi fix and multi ignore on the group further simplifies the actions a person can take through Beam. Cross account consolidated analysis of issues and the graphs depicting the same shown on Dashboard helps analyze the issues on daily basis and with little effort.
Region and Tag customization feature added in security centers gives an added advantage in grouping only required resources. This allows you to avoid alerts on all other resources and focus on selected few. This is useful when you want to have an overall Application compliance. Security Centers are useful in getting a top level view of your overall infrastructure.
How can I get started?
Security Centers can be created directly from the Configure section under Security Compliance. You can give any name through which you can easily recognize the group, add a description to the group and add any desired account(s) to the group and create it. The security center creation takes about 4 to 6 hours based on the size of your account and the number of accounts added.
Consider a case where you want to view issues with tag key Environment and tag value Prod across two accounts. In this case, you can create a security center by adding one account with Tag Environment - Prod and all regions and another account with the same Tag and all regions. The tag keys can be chosen from the existing keys in the account using the drop down option.
Once the security center is created, it will be visible along with your accounts on the drop down above. You can select the security center from the drop down and see the data on Dashboard, Audit reports and Policy Compliance page. Actions such as Click to Fix and Ignore can also be performed on the data available under security center. Get started by adding your first security center.