agent: |
Managing workspaces and access control
DagKnows Architecture Overview
Setting up SSO via Azure AD for Dagknows
Enable "Auto Exec" and "Send Execution Result to LLM" in "Adjust Settings" if desired
Add credentials for various integrations
(Optionally) Add ubuntu user to docker group and refresh group membership
Deployment of an EKS Cluster with Worker Nodes in AWS
Adding, Deleting, Listing DagKnows Proxy credentials or key-value pairs
Comprehensive AWS Security and Compliance Evaluation Workflow (SOC2 Super Runbook)
AWS EKS Version Update 1.29 to 1.30 via terraform
Instruction to allow WinRM connection
MSP Usecase: User Onboarding Azure + M365
Post a message to a Slack channel
How to debug a kafka cluster and kafka topics?
Open VPN Troubleshooting (Powershell)
Execute a simple task on the proxy
Assign the proxy role to a user
Create roles to access credentials in proxy
Install OpenVPN client on Windows laptop
Setup Kubernetes kubectl and Minikube on Ubuntu 22.04 LTS
Install Prometheus and Grafana on the minikube cluster on EC2 instance in the monitoring namespace
update the EKS versions in different clusters
AI agent session 2024-09-12T09:36:14-07:00 by Sarang Dharmapurikar
Parse EDN content and give a JSON out
Check whether a user is there on Azure AD and if the user account status is enabled
Get the input parameters of a Jenkins pipeline
Get the console output of last Jenkins job build
Get last build status for a Jenkins job
Trigger a Jenkins job with param values
List all the resource ARNs in a given region
Give me steps to do health checks on a Linux Server
Process Zendesk Ticket for updating comments (auto reply)
Add a public comment to a Zendesk Ticket
Identify list out IAM users list in AWS using dagknows
Restoring an AWS Redshift Cluster from a Snapshot
Notify about disk space before cleaning up
SOC2 Compliance Tasks
This runbook outlines specific tasks and procedures for ensuring AWS cloud services adhere to SOC2 standards, focusing on security, availability, processing integrity, confidentiality, and privacy. It includes audits and configurations for AWS CloudTrail, IAM policies, S3 bucket security and encryption, and more, aimed at maintaining data integrity, confidentiality, and minimizing unauthorized access to ensure compliance with SOC2 requirements.
- 1Cv7KGlv99NP32mG17WJtAWS S3 Bucket Public Write Access Audit : SOC2 Compliance
1
AWS S3 Bucket Public Write Access Audit : SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook conducts an audit, ensuring that S3 buckets within AWS do not allow unauthorized public write access. This audit reviews Block Public Access settings, bucket policies, and ACLs to adhere to SOC2's strict data security standards. It aims to identify and rectify any configurations that may compromise data integrity and confidentiality.
inputsoutputs1- 1.1Lbq4lAMD8jNZJ6QrdaSHList the names of all S3 buckets
1.1
List the names of all S3 buckets
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves retrieving and listing the names of all the S3 buckets that are currently associated with your AWS account. By fetching this list, you gain an overview of the existing S3 buckets under your account, which can aid in resource management, access control, and tracking. This information is valuable for maintaining an organized and well-structured AWS environment, ensuring efficient storage utilization, and facilitating easy navigation of your stored data.
inputsoutputs1.1 - 1.2EsqvuErx6OOaiD1j1wAJCheck which buckets allow AWS S3 Bucket Public Write Access
1.2
Check which buckets allow AWS S3 Bucket Public Write Access
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.The task involves auditing AWS S3 buckets to identify those that permit public write access. This process helps ensure data security by flagging buckets that might be vulnerable to unauthorized modifications.
inputsoutputs1.2- 1.2.1gxVzUwi6V7rXwSQnJMWwEnforce S3 Bucket Write Protection using Public Access Block Settings
1.2.1
Enforce S3 Bucket Write Protection using Public Access Block Settings
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task programmatically tightens security on a specified AWS S3 bucket by disabling public write access. It modifies the bucket's Block Public Access settings, ensuring compliance with data security standards. This preventive measure is critical in safeguarding sensitive data from unauthorized modifications.
inputsoutputs1.2.1
- 2xEQamaxLCA1M0wHc7mdvAWS S3 Bucket Public Read Access Audit: SOC2 Compliance
2
AWS S3 Bucket Public Read Access Audit: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook involves a thorough review of S3 bucket configurations to ensure they align with SOC2 standards by prohibiting public read access. It includes checking Block Public Access settings, analyzing bucket policies, and inspecting ACLs to prevent unauthorized data exposure. Essential for maintaining data integrity and confidentiality.
inputsoutputs2- 2.1Lbq4lAMD8jNZJ6QrdaSHList the names of all S3 buckets
2.1
List the names of all S3 buckets
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves retrieving and listing the names of all the S3 buckets that are currently associated with your AWS account. By fetching this list, you gain an overview of the existing S3 buckets under your account, which can aid in resource management, access control, and tracking. This information is valuable for maintaining an organized and well-structured AWS environment, ensuring efficient storage utilization, and facilitating easy navigation of your stored data.
inputsoutputs2.1 - 2.2RtdQuZz6wlulVQbBHTjVCheck which buckets allow AWS S3 Bucket Public Read Access
2.2
Check which buckets allow AWS S3 Bucket Public Read Access
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.The task involves scanning AWS S3 buckets to detect any that permit public read access, highlighting potential vulnerabilities in data privacy and security.
inputsoutputs2.2- 2.2.1Q6GwB4XEmKvA7IjX1TxcEnforce S3 Bucket Read Protection using Public Access Block Settings
2.2.1
Enforce S3 Bucket Read Protection using Public Access Block Settings
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task strengthens data security by restricting public read access to specified AWS S3 buckets. It updates Block Public Access settings and ACLs, ensuring data confidentiality. This action aligns with security compliance standards to protect sensitive information.
inputsoutputs2.2.1
- 3V8ZiPt0bNusNRmoQJr76AWS S3 Bucket Server-Side Encryption Audit: SOC2 Compliance
3
AWS S3 Bucket Server-Side Encryption Audit: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook methodically assesses and verifies server-side encryption configurations, identifying buckets that do not adhere to AES-256 or AWS KMS encryption standards. It aims to ensure all S3 buckets within an AWS environment meet stringent SOC2 encryption requirements, enhancing data security and compliance.
inputsoutputs3- 3.1Lbq4lAMD8jNZJ6QrdaSHList the names of all S3 buckets
3.1
List the names of all S3 buckets
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves retrieving and listing the names of all the S3 buckets that are currently associated with your AWS account. By fetching this list, you gain an overview of the existing S3 buckets under your account, which can aid in resource management, access control, and tracking. This information is valuable for maintaining an organized and well-structured AWS environment, ensuring efficient storage utilization, and facilitating easy navigation of your stored data.
inputsoutputs3.1 - 3.2jnchonon6FNdGO2PKBh4Check which AWS S3 buckets have Server Side Encryption enabled
3.2
Check which AWS S3 buckets have Server Side Encryption enabled
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task assesses whether AWS S3 buckets have default server-side encryption activated or if their bucket policies explicitly deny any put-object requests that lack server-side encryption, specifically using AES-256 or AWS KMS. It designates S3 buckets as NON_COMPLIANT if they are not set to be encrypted by default.
inputsoutputs3.2- 3.2.1dsaM2cTMEFx0aTxNVYHCAWS S3 Bucket Encryption Setup and Status Verification Process
3.2.1
AWS S3 Bucket Encryption Setup and Status Verification Process
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves enabling AES-256 server-side encryption on S3 buckets and verifying its activation. This process ensures data security by encrypting contents within the buckets. By default all new buckets created are encrypted but this task beneficial for legacy buckets without encryption enabled.
inputsoutputs3.2.1
- 4rWjVvNwKBQFjo6Y4CuDZAWS S3 Bucket Logging Enabled Audit: SOC2 Compliance
4
AWS S3 Bucket Logging Enabled Audit: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook automates the assessment and activation of Server Access Logging for Amazon S3 buckets. It aligns with SOC2 compliance guidelines by ensuring that every S3 bucket has logging enabled, contributing to better security and traceability of actions performed on the buckets.
inputsoutputs4- 4.1Lbq4lAMD8jNZJ6QrdaSHList the names of all S3 buckets
4.1
List the names of all S3 buckets
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves retrieving and listing the names of all the S3 buckets that are currently associated with your AWS account. By fetching this list, you gain an overview of the existing S3 buckets under your account, which can aid in resource management, access control, and tracking. This information is valuable for maintaining an organized and well-structured AWS environment, ensuring efficient storage utilization, and facilitating easy navigation of your stored data.
inputsoutputs4.1 - 4.2CdW1Wjq5W6VzU9ovqBpOCheck which AWS S3 buckets have Server Access Logging enabled
4.2
Check which AWS S3 buckets have Server Access Logging enabled
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves checking AWS S3 buckets to determine if Server Access Logging is enabled. It's crucial for monitoring and diagnosing security incidents, as it records requests made to the S3 bucket, enhancing transparency and aiding compliance with security protocols.
inputsoutputs4.2- 4.2.1d9o2nAQm1yXauBgWKFUnAWS S3 Bucket Logging Setup and Verification
4.2.1
AWS S3 Bucket Logging Setup and Verification
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves setting up and verifying Server Access Logging for AWS S3 buckets. It ensures that logging is active for a bucket, providing detailed records of access requests. This is crucial for security monitoring, compliance with data governance standards, and effective management of AWS resources.
inputsoutputs4.2.1
- 5Y92bj5uiX555nl9DoEf5AWS IAM Root Access Key Audit SOC2 Compliance
5
AWS IAM Root Access Key Audit SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook involves auditing the AWS account to check if the root user has any active access keys. It's essential to ensure root access keys are not used, as they provide unrestricted access to all resources in the AWS account. The audit aims to enhance security by verifying that no root access keys exist, aligning with best practices for AWS account management.
inputsoutputs5- 5.1jqrTaWVja3JeD2yI0x1vCheck whether the root user access key exists or not
5.1
Check whether the root user access key exists or not
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves verifying the presence of access keys for the AWS root user. It is critical for security to ensure that the root user, which has extensive privileges, does not have active access keys, thereby reducing the risk of unauthorized access and potential security breaches in the AWS environment.
inputsoutputs5.1
- 6O9Tex40tpJiNriELYVSWAWS IAM Policy No Statements with Admin Access Audit: SOC2 Compliance
6
AWS IAM Policy No Statements with Admin Access Audit: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook reviews and ensures AWS IAM policies don't contain overly permissive statements granting full admin access, adhering to the principle of least privilege for enhanced security.
inputsoutputs6- 6.1fFaE4DsUHFgCAxJ4CTxgList all AWS IAM Users
6.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This lists all IAM users in an AWS account, providing key details like usernames, user IDs, and creation dates. Essential for managing permissions and auditing access, this function supports security and compliance protocols by offering a clear view of user entities and their access levels. It's instrumental in enforcing security policies and the principle of least privilege in AWS resource access management.
inputsoutputs6.1 - 6.2kh2vFIma4WntHaS6kBaCCheck which Users have AWS IAM Policies with Admin Access: SOC2 Compliance
6.2
Check which Users have AWS IAM Policies with Admin Access: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task audits AWS IAM users to identify those with administrative access. It ensures adherence to security standards by limiting broad access rights, crucial for mitigating risks associated with unauthorized permissions in a cloud environment.
inputsoutputs6.2- 6.2.1KyqIZ8LMOnuC9qxXPYEfRemove/Delete an IAM Policy from an AWS IAM User
6.2.1
Remove/Delete an IAM Policy from an AWS IAM User
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task is used to detach managed IAM policies or delete inline policies from specific IAM users. This action is crucial for maintaining secure and appropriate access levels within AWS environments, ensuring compliance with best security practices.
inputsoutputs6.2.1
- 7usrrf4UVbJnI7mdCCcSvEnforce MFA for All Users Accessing Cloud Services (AWS)
7
Enforce MFA for All Users Accessing Cloud Services (AWS)
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook helps with a key task for SOC2 compliance, requiring Multi-Factor Authentication (MFA) for all cloud service users in AWS. This step strengthens security and access control, meeting SOC2's requirements for safeguarding data and maintaining robust account security in cloud environments.
inputsoutputs7- 7.1fFaE4DsUHFgCAxJ4CTxgList all AWS IAM Users
7.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This lists all IAM users in an AWS account, providing key details like usernames, user IDs, and creation dates. Essential for managing permissions and auditing access, this function supports security and compliance protocols by offering a clear view of user entities and their access levels. It's instrumental in enforcing security policies and the principle of least privilege in AWS resource access management.
inputsoutputs7.1 - 7.2RH7ZGEqVgUBmd9NgdN3rFilter Out Users in AWS IAM based on Multi-Factor Authentication Status
7.2
Filter Out Users in AWS IAM based on Multi-Factor Authentication Status
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task aims at enhancing SOC2 compliance by identifying AWS IAM users without Multi-Factor Authentication (MFA). This process helps enforce strict access control measures, crucial for SOC2 guidelines, by pinpointing and addressing accounts lacking essential security features.
inputsoutputs7.2
- 8ryurfGc5kxygUtKLmmxxAWS IAM User No Policies Audit: SOC2 Compliance
8
AWS IAM User No Policies Audit: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook ensures that AWS IAM users don't have direct policies attached, adhering to SOC2 security guidelines. It mandates permissions be granted via group memberships or IAM roles, enhancing security and simplifying permission management. This audit is key in maintaining structured access control, crucial for SOC2 compliance in cloud environments.
inputsoutputs8- 8.1cx60ZpTfw2bv6JODIeQnCheck which AWS IAM users have directly attached policies
8.1
Check which AWS IAM users have directly attached policies
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves identifying IAM users in an AWS environment who have individual policies attached to their accounts. This is key for security and compliance, ensuring permissions are managed through group memberships or role assumptions, rather than direct attachments, for better access control and security practices.
inputsoutputs8.1- 8.1.1UGwuhvGGuGfsQJAcbxSHAttach an AWS IAM User to a Group
8.1.1
Attach an AWS IAM User to a Group
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task manages user permissions in AWS by confirming the existence of both IAM users and groups, ensuring users aren't already in the target group, and then adding them if necessary. This process streamlines user access management and maintains organized, best-practice-based user-group associations in AWS IAM.
inputsoutputs8.1.1 - 8.1.2NtJav4SoiCTaPAOOrL2RAttach AWS IAM User Policy to Assume a Role
8.1.2
Attach AWS IAM User Policy to Assume a Role
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task assigns a policy to an IAM user, enabling them to assume a specified IAM role. This key security measure allows controlled, temporary access elevation in line with the principle of least privilege. It's essential for secure and efficient permission management in AWS. Note:- This will directly attach a policy to the AWS IAM User.
inputsoutputs8.1.2
- 9eYokuUpf2S3ghqXvFsvUDeactivate long-lasting AWS IAM Keys
9
Deactivate long-lasting AWS IAM Keys
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook refers to a security best practice where IAM access keys that have been active for an extended period of time are deactivated to prevent potential unauthorized use. This runbook involves monitoring the age of IAM access keys and automatically deactivating any that exceed a specified age threshold (e.g., 90 days). This proactive approach enhances security by reducing the likelihood of compromised keys being used for unauthorized or malicious activity over prolonged periods. Implementing this runbook typically involves using AWS SDK to interact with the IAM API, retrieving all user keys, evaluating their ages, and deactivating those that are deemed to be too old.
inputsoutputs9- 9.1X558SPzEooJlHYDt7qaIFilter Out Old AWS IAM Access Keys
9.1
Filter Out Old AWS IAM Access Keys
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task identifies and isolates AWS IAM (Identity and Access Management) access keys that have surpassed a predefined age threshold. AWS IAM keys are utilized to securely control access to AWS services and resources. As a best practice for secure access management, it is recommended to regularly rotate IAM access keys and retire those that are no longer needed or have become outdated. By filtering out old access keys, administrators can ensure that access credentials are not overly permissive or unnecessarily prolonged, thereby enhancing the security posture. This task involves analyzing the creation date of each IAM access key, comparing it against the current date, and identifying keys that exceed the acceptable age limit, which are then either flagged for review to uphold stringent access control and minimize potential security risks.
inputsoutputs9.1- 9.1.1OHoae8JNMasgXPIkCoTmDeactivate Old AWS IAM Access Keys
9.1.1
Deactivate Old AWS IAM Access Keys
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves deactivating IAM (Identity and Access Management) access keys in AWS that have surpassed a specified age or are no longer in use, as a measure to enhance security. Regularly auditing and deactivating stale or outdated access keys restrict unauthorized or inadvertent access to AWS resources and services. This task deactivates access keys that are identified as old, thereby ensuring they cannot be used to authenticate API requests. This practice is pivotal in a robust IAM policy to assure that only active and necessary access keys are in circulation, thereby safeguarding the AWS environment against potential malicious activities or inadvertent misconfigurations by reducing the attack surface and adhering to the principle of least privilege.
inputsoutputs9.1.1 - 9.1.2qHDwpkkWgn5S7Jn0Vv3tCreate AWS IAM Access Keys
9.1.2
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves generating a new set of credentials – an access key ID and a secret access key – for an AWS Identity and Access Management (IAM) user. These credentials are vital for programmatic access to AWS services, enabling API calls to be authenticated and authorized. Within AWS, an IAM user can have a maximum of two active access keys, facilitating seamless key rotation. The procedure to create an access key includes the automatic creation of an access key ID and a secret key, which should be securely stored immediately upon creation, as AWS does not allow for the retrieval of the secret key at a later time. Implementing good practices, such as routinely rotating and responsibly managing access keys, is crucial to maintaining secure user access to AWS services.
inputsoutputs9.1.2 - 9.1.3L2A7hQSm5CTq6pW4jpdHUpdate Old AWS IAM Access Keys
9.1.3
Update Old AWS IAM Access Keys
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task pertains to managing and refreshing AWS Identity and Access Management (IAM) user credentials to uphold security best practices. IAM access keys, which consist of an access key ID and a secret access key, are used to authenticate AWS API requests. However, if these keys are compromised or simply aged, updating them becomes crucial to safeguard the account. Updating might involve changing the status of the keys (activating or deactivating them), in this case we are deactivating them. The practice of regularly updating access keys is crucial in minimizing the risk associated with long-term key usage or potential unauthorized access.
inputsoutputs9.1.3 - 9.1.4EZozuKYZOPXYBdrBJTQRDelete AWS IAM Access Keys
9.1.4
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task refers to the removal of an AWS Identity and Access Management (IAM) user's access keys, ensuring they can no longer be used for authentication with AWS services and resources. IAM access keys comprise an access key ID and a secret access key, which are employed to sign programmatic requests that you make to AWS. Whether it is for security compliance, a response to a security incident, or part of a key rotation policy, deleting an IAM access key is a critical operation. After deletion, any applications or users utilizing the deleted access key will lose access to AWS resources, so it is crucial to update all instances where the key is used before deletion. Additionally, AWS recommends regular access key rotation as a best practice, which involves creating a new key, updating all applications to use the new key, and then safely deleting the old key to maintain secure and functional access control.
inputsoutputs9.1.4
- 10BY7qlt38ZhpeLeRzOmq9Check and Rotate Expiring Access Keys for AWS IAM Users
10
Check and Rotate Expiring Access Keys for AWS IAM Users
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook involves monitoring the age of IAM user access keys and replacing them periodically. Access keys are used to authenticate programmatic requests to AWS services. Over time, the risk of these keys being compromised increases, either through unintentional exposure or malicious activities. By routinely checking the age of these keys, organizations can identify which ones are nearing or past their recommended lifespan. Rotating, or replacing, these old keys reduces potential security vulnerabilities. The process typically involves creating a new set of access keys, updating all applications or services to use the new keys, and then deactivating the old keys. This proactive approach ensures that AWS access remains secure and aligns with industry standards for credential management.
inputsoutputs10- 10.1fFaE4DsUHFgCAxJ4CTxgList all AWS IAM Users
10.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This lists all IAM users in an AWS account, providing key details like usernames, user IDs, and creation dates. Essential for managing permissions and auditing access, this function supports security and compliance protocols by offering a clear view of user entities and their access levels. It's instrumental in enforcing security policies and the principle of least privilege in AWS resource access management.
inputsoutputs10.1 - 10.2X558SPzEooJlHYDt7qaIFilter Out Old AWS IAM Access Keys
10.2
Filter Out Old AWS IAM Access Keys
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task identifies and isolates AWS IAM (Identity and Access Management) access keys that have surpassed a predefined age threshold. AWS IAM keys are utilized to securely control access to AWS services and resources. As a best practice for secure access management, it is recommended to regularly rotate IAM access keys and retire those that are no longer needed or have become outdated. By filtering out old access keys, administrators can ensure that access credentials are not overly permissive or unnecessarily prolonged, thereby enhancing the security posture. This task involves analyzing the creation date of each IAM access key, comparing it against the current date, and identifying keys that exceed the acceptable age limit, which are then either flagged for review to uphold stringent access control and minimize potential security risks.
inputsoutputs10.2- 10.2.1OHoae8JNMasgXPIkCoTmDeactivate Old AWS IAM Access Keys
10.2.1
Deactivate Old AWS IAM Access Keys
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves deactivating IAM (Identity and Access Management) access keys in AWS that have surpassed a specified age or are no longer in use, as a measure to enhance security. Regularly auditing and deactivating stale or outdated access keys restrict unauthorized or inadvertent access to AWS resources and services. This task deactivates access keys that are identified as old, thereby ensuring they cannot be used to authenticate API requests. This practice is pivotal in a robust IAM policy to assure that only active and necessary access keys are in circulation, thereby safeguarding the AWS environment against potential malicious activities or inadvertent misconfigurations by reducing the attack surface and adhering to the principle of least privilege.
inputsoutputs10.2.1 - 10.2.2qHDwpkkWgn5S7Jn0Vv3tCreate AWS IAM Access Keys
10.2.2
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves generating a new set of credentials – an access key ID and a secret access key – for an AWS Identity and Access Management (IAM) user. These credentials are vital for programmatic access to AWS services, enabling API calls to be authenticated and authorized. Within AWS, an IAM user can have a maximum of two active access keys, facilitating seamless key rotation. The procedure to create an access key includes the automatic creation of an access key ID and a secret key, which should be securely stored immediately upon creation, as AWS does not allow for the retrieval of the secret key at a later time. Implementing good practices, such as routinely rotating and responsibly managing access keys, is crucial to maintaining secure user access to AWS services.
inputsoutputs10.2.2 - 10.2.3L2A7hQSm5CTq6pW4jpdHUpdate Old AWS IAM Access Keys
10.2.3
Update Old AWS IAM Access Keys
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task pertains to managing and refreshing AWS Identity and Access Management (IAM) user credentials to uphold security best practices. IAM access keys, which consist of an access key ID and a secret access key, are used to authenticate AWS API requests. However, if these keys are compromised or simply aged, updating them becomes crucial to safeguard the account. Updating might involve changing the status of the keys (activating or deactivating them), in this case we are deactivating them. The practice of regularly updating access keys is crucial in minimizing the risk associated with long-term key usage or potential unauthorized access.
inputsoutputs10.2.3 - 10.2.4EZozuKYZOPXYBdrBJTQRDelete AWS IAM Access Keys
10.2.4
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task refers to the removal of an AWS Identity and Access Management (IAM) user's access keys, ensuring they can no longer be used for authentication with AWS services and resources. IAM access keys comprise an access key ID and a secret access key, which are employed to sign programmatic requests that you make to AWS. Whether it is for security compliance, a response to a security incident, or part of a key rotation policy, deleting an IAM access key is a critical operation. After deletion, any applications or users utilizing the deleted access key will lose access to AWS resources, so it is crucial to update all instances where the key is used before deletion. Additionally, AWS recommends regular access key rotation as a best practice, which involves creating a new key, updating all applications to use the new key, and then safely deleting the old key to maintain secure and functional access control.
inputsoutputs10.2.4
- 11wxLIMZt8roL8WOKqCFCdCleanup inactive users in AWS IAM
11
Cleanup inactive users in AWS IAM
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook involves listing all IAM users, identifying those who haven't accessed AWS services for a specified period, and then safely deleting these inactive users. This process enhances security by removing potential vulnerabilities and optimizes resource usage in the AWS environment. Always proceed with caution to avoid unintended deletions.
inputsoutputs11- 11.1fFaE4DsUHFgCAxJ4CTxgList all AWS IAM Users
11.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This lists all IAM users in an AWS account, providing key details like usernames, user IDs, and creation dates. Essential for managing permissions and auditing access, this function supports security and compliance protocols by offering a clear view of user entities and their access levels. It's instrumental in enforcing security policies and the principle of least privilege in AWS resource access management.
inputsoutputs11.1 - 11.2Rq1LfdD2I4xfq3eQ0FQJFilter out inactive users AWS IAM Users
11.2
Filter out inactive users AWS IAM Users
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task identifies users who haven't accessed AWS services within a specified timeframe. This process helps to maintain a secure and well-organized IAM environment by focusing on active users and potentially deactivating or removing those who are no longer in use.
inputsoutputs11.2- 11.2.1AkwqiDXEqnFekFuwG8gPDelete an AWS IAM user
11.2.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task deletes an IAM user in AWS which is a critical step in managing access to AWS resources. This process ensures that the user no longer has permission to perform actions or access resources. It involves several key steps: detaching all associated policies, removing any login profiles or access keys, and finally, deleting the user itself. This action is irreversible, and once the user is deleted, they cannot access the AWS Management Console, AWS CLI, or API operations unless recreated. Properly removing users helps in maintaining a secure and tidy AWS environment, especially when individuals no longer require access or have changed roles.
inputsoutputs11.2.1
- 12GNV888cqikKraHdB4kApAWS EC2 Security Groups Unrestricted SSH Check: SOC2 Compliance
12
AWS EC2 Security Groups Unrestricted SSH Check: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook helps enforce SOC2 compliance in AWS environments. It identifies and remediates security groups allowing unrestricted SSH access in running EC2 instances, ensuring robust security and compliance with SOC2 standards.
inputsoutputs12- 12.1l2WbsJzf9MvMxNsLlFq3Get all AWS EC2 instances
12.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Amazon Elastic Compute Cloud (EC2) is a service offered by Amazon Web Services (AWS) that provides resizable compute capacity in the cloud. Through Boto3's EC2 client, the describe_instances() method provides detailed information about each instance, including its ID, type, launch time, and current state. This capability assists users in effectively monitoring and managing their cloud resources.
inputsoutputs12.1 - 12.2jzZzwGvPAizmxRmLLGysCheck which AWS EC2 Security Groups allow unrestricted SSH Access: SOC2 Compliance
12.2
Check which AWS EC2 Security Groups allow unrestricted SSH Access: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task is designed to audit AWS environments for SOC2 compliance. It systematically identifies security groups in running EC2 instances that permit unrestricted SSH access, flagging potential security vulnerabilities and aiding in maintaining SOC2 compliance standards.
inputsoutputs12.2- 12.2.1jglVdOlHBGzIXnjIlluVRemediate AWS EC2 Security Groups with unrestricted SSH Access: SOC2 Compliance
12.2.1
Remediate AWS EC2 Security Groups with unrestricted SSH Access: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task identifies and corrects security groups in AWS EC2, which allow unrestricted SSH access.
inputsoutputs12.2.1
- 13gHDo5q3cKPTR48OnAZ2MAWS EC2 Instance No Public IP Associated Audit: SOC2 Compliance
13
AWS EC2 Instance No Public IP Associated Audit: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook checks all EC2 instances in an AWS environment to confirm they do not have public IP addresses. This audit is key to SOC2 compliance, aiming to protect against unauthorized access and minimize cyber threats. Its goal is to ensure that EC2 instances are secured within private networks, aligning with SOC2's focus on system security and integrity.
inputsoutputs13- 13.1l2WbsJzf9MvMxNsLlFq3Get all AWS EC2 instances
13.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.Amazon Elastic Compute Cloud (EC2) is a service offered by Amazon Web Services (AWS) that provides resizable compute capacity in the cloud. Through Boto3's EC2 client, the describe_instances() method provides detailed information about each instance, including its ID, type, launch time, and current state. This capability assists users in effectively monitoring and managing their cloud resources.
inputsoutputs13.1 - 13.2YlFJyXUlKKJewMG2oMAKCheck which AWS EC2 Instances have a Public IP Associated: SOC2 Compliance
13.2
Check which AWS EC2 Instances have a Public IP Associated: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.13.2
- 14ZMDRJFsBdOxhG0PocuojAWS Restricted Common Ports Audit
14
AWS Restricted Common Ports Audit
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.The AWS Restricted Common Ports Audit rule evaluates security groups to ensure they do not allow unrestricted incoming TCP traffic to specific critical ports for IPv4. It aims to prevent unauthorized access by marking configurations as COMPLIANT when traffic to these ports is appropriately restricted, thereby enhancing the security posture of AWS environments.
inputsoutputs14- 14.1cDNOQUgW9Is8MRVyjTNxChecks which security groups in use do not allow unrestricted incoming TCP traffic to the specified ports for IPv4
14.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task identifies security groups allowing unrestricted TCP traffic to specified ports on IPv4, highlighting potential security risks. It ensures traffic to sensitive ports is limited to authorized sources, bolstering network security. The aim is to prevent unauthorized access and exposure of critical services.
inputsoutputs14.1
- 15UcYPYVlaxMeURpokx8TZDefault Security Group Audit and Remediation in AWS VPCs: SOC2 Compliance
15
Default Security Group Audit and Remediation in AWS VPCs: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook conducts a thorough audit of default security groups in all AWS VPCs, ensuring they disallow any inbound or outbound traffic. It identifies and automatically remediates non-compliant groups to enforce stringent network security standards. The process enhances overall VPC security by adhering to a strict no-traffic policy in default security groups.
inputsoutputs15- 15.1NyeDrRgo1w7ndZEQJZYaList All VPCs in AWS
15.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task enumerates all Virtual Private Clouds across every AWS region in an account. This task is essential for network management, security audits, and resource tracking, especially in large-scale environments. It provides details like VPC IDs, CIDR blocks, and associated resources for each VPC.
inputsoutputs15.1 - 15.2ySql1lvPAYue9jDX1mTdDetecting and Marking Non-Compliant VPC Security Groups: SOC2 Compliance
15.2
Detecting and Marking Non-Compliant VPC Security Groups: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task focuses on scrutinizing default security groups in AWS VPCs to identify and flag those allowing unauthorized traffic. It serves as a critical measure to pinpoint security groups that deviate from the no-traffic policy, ensuring adherence to stringent network security protocols in VPC environments.
inputsoutputs15.2- 15.2.1Cn09UVVGIqVK8dHcQafjImplementing No-Traffic Policy in VPC Default Security Groups
15.2.1
Implementing No-Traffic Policy in VPC Default Security Groups
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves configuring the default security groups within AWS VPCs to strictly enforce a no-traffic policy. It entails systematically updating the security group rules to block all inbound and outbound traffic, ensuring compliance with stringent network security protocols.
inputsoutputs15.2.1
- 16z2EwKopujyDmdYWg5xuNEnable VPC Flow Logs in AWS
16
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook involves turning on a feature for capturing information about IP traffic going to and from networks interfaces in a Virtual Private Cloud (VPC). This data is vital for network monitoring, security analysis, and troubleshooting. The logs can be stored in Amazon CloudWatch Logs or Amazon S3 for detailed analysis and archival purposes, aiding in compliance and operational auditing.
inputsoutputs16- 16.1NyeDrRgo1w7ndZEQJZYaList All VPCs in AWS
16.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task enumerates all Virtual Private Clouds across every AWS region in an account. This task is essential for network management, security audits, and resource tracking, especially in large-scale environments. It provides details like VPC IDs, CIDR blocks, and associated resources for each VPC.
inputsoutputs16.1 - 16.2C7h7EgxU8gkBcLlRkY9oFilter Out VPCs with Flow Logs not enabled in AWS
16.2
Filter Out VPCs with Flow Logs not enabled in AWS
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task identifies Virtual Private Clouds (VPCs) in an AWS environment that lack active Flow Logs. This task is essential for security and compliance, ensuring that network traffic is monitored and logged. It involves checking each VPC's Flow Logs status and isolating those without the feature, helping to prioritize security enhancements and network monitoring strategies.
inputsoutputs16.2- 16.2.1I4Jg58AgFTnrLoNniBs9Create an AWS S3 bucket
16.2.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.16.2.1 - 16.2.2jLl4PEsrWvzRveVfhAQuUpdate AWS S3 bucket policy for VPC Flow Logs
16.2.2
Update AWS S3 bucket policy for VPC Flow Logs
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.16.2.2 - 16.2.3dTFEJj9CIWX6Q1fHHXTdConfigure VPC Flow Logs in AWS to an S3 bucket
16.2.3
Configure VPC Flow Logs in AWS to an S3 bucket
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task activates a logging feature for Virtual Private Clouds (VPCs) in AWS. This feature records and stores information about the network traffic flowing through the VPC, aiding in security monitoring, traffic analysis, and troubleshooting. The collected data can be sent to Amazon CloudWatch Logs or Amazon S3 for retention and analysis.
inputsoutputs16.2.3
- 17WWVGacdUb7NrQMTsHDsBEnd-to-End Encryption Setup for AWS CloudTrail: SOC2 Compliance
17
End-to-End Encryption Setup for AWS CloudTrail: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook provides a detailed guide for verifying and/or setting up end-to-end encryption in AWS CloudTrail for SOC2 compliance. It covers configuring CloudTrail with AWS KMS Customer Master Keys (CMKs) for Server-Side Encryption (SSE), including steps for creating or selecting KMS CMKs and ensuring secure encryption of CloudTrail trails.
inputsoutputs17- 17.1fAuAaVSIKtWaSftRDQJ1Verify Whether AWS CloudTrail is configured to use SSE AWS KMS
17.1
Verify Whether AWS CloudTrail is configured to use SSE AWS KMS
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task verifies if AWS CloudTrail is configured with Server-Side Encryption (SSE) using AWS Key Management Service (KMS) Customer Master Keys (CMKs). It ensures that each CloudTrail trail has a KmsKeyId defined, confirming encryption according to SOC2 standards. This process enhances security and meets regulatory requirements for encrypted AWS activity logging.
inputsoutputs17.1- 17.1.1wNxRKhr9anuka2NjUxf2Choose or Create an AWS KMS CMK
17.1.1
Choose or Create an AWS KMS CMK
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task selects an existing AWS KMS Customer Master Key (CMK) or creates a new one if none exists. It checks for a CMK with a specific alias, creating a new key for encryption purposes as needed. This ensures enhanced security and compliance in AWS environments.
inputsoutputs17.1.1 - 17.1.2K5SnkJHW2Er7prXMCpooUpdate the AWS KMS Key Policy to Allow CloudTrail to use the key
17.1.2
Update the AWS KMS Key Policy to Allow CloudTrail to use the key
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task updates the AWS KMS key policy to authorize AWS CloudTrail to encrypt log files using the specified KMS key. The objective is to secure CloudTrail logs with KMS encryption, ensuring enhanced security and compliance. The process involves modifying the KMS key policy to include permissions for CloudTrail operations.
inputsoutputs17.1.2 - 17.1.3bCDyuaAahEmOGB4SJEVPUpdate AWS CloudTrail Trail with AWS KMS CMK
17.1.3
Update AWS CloudTrail Trail with AWS KMS CMK
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task updates an AWS CloudTrail trail to use an AWS Key Management Service (KMS) Customer Master Key (CMK) for server-side encryption. It ensures that the trail's logs are encrypted with a specified KMS key, enhancing the security and confidentiality of audit log files. This update is vital for maintaining compliance and robust data protection standards in AWS.
inputsoutputs17.1.3
- 18KTZC7RnkirpE1rB0E3ddAWS CloudTrail Log Validation Enabled Audit: SOC2 Compliance
18
AWS CloudTrail Log Validation Enabled Audit: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook ensures that CloudTrail, AWS's service for logging API activity, has log file validation enabled. This is crucial for SOC2 compliance, which demands secure and private handling of customer data. Enabling log file validation helps verify the integrity and authenticity of CloudTrail logs, demonstrating a commitment to robust information security practices.
inputsoutputs18- 18.1jtE72IY5WRDEnevpEUHqList all AWS CloudTrail Trails
18.1
List all AWS CloudTrail Trails
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves enumerating and retrieving detailed information about every AWS CloudTrail trail that exists across all AWS regions within an AWS account. Each trail captures specific API activity and events, and having a comprehensive list helps in providing visibility into what actions are being logged, where the logs are stored, and how they are configured. This listing process is foundational for subsequent tasks like auditing, analysis, and optimization of AWS CloudTrail, aiding in efficient resource management and security compliance.
inputsoutputs18.1 - 18.2LhXetNPcHeiEbBkaCm5DCheck which AWS CloudTrail Trails have Log File Validation enabled: SOC2 Complaince
18.2
Check which AWS CloudTrail Trails have Log File Validation enabled: SOC2 Complaince
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task audits AWS CloudTrail Trails for SOC2 Compliance by checking Log File Validation across various regions. It evaluates each trail for enabled log file validation and the presence of a valid 'LatestDigestDeliveryTime'. Trails are marked as compliant or non-compliant based on these criteria, with specific reasons for non-compliance provided.
inputsoutputs18.2- 18.2.1oKVoul9lLG3G69AwZ4NGEnable Log File Validation for AWS CloudTrail Trail
18.2.1
Enable Log File Validation for AWS CloudTrail Trail
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task automates the enforcement and verification of log file validation for AWS CloudTrail trails. It checks if log file validation is enabled for a specified trail and activates it if necessary. Post-activation, it confirms the validation status, ensuring compliance with security best practices.
inputsoutputs18.2.1
- 19sy8XjuwmeOJHaOTB5cjqMulti-Region AWS CloudTrail Compliance Verification: SOC2 Compliance
19
Multi-Region AWS CloudTrail Compliance Verification: SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook is focused on ensuring that AWS CloudTrail configurations across multiple regions comply with SOC2 standards. It involves comprehensive checks on CloudTrail trail configurations, including logging status, S3 bucket integrations, and CloudWatch Logs, ensuring global event capture and multi-region setup. It's essential for maintaining SOC2 compliance, emphasizing data security and integrity in cloud environments, and helps organizations manage their compliance posture efficiently.
inputsoutputs19- 19.1jtE72IY5WRDEnevpEUHqList all AWS CloudTrail Trails
19.1
List all AWS CloudTrail Trails
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves enumerating and retrieving detailed information about every AWS CloudTrail trail that exists across all AWS regions within an AWS account. Each trail captures specific API activity and events, and having a comprehensive list helps in providing visibility into what actions are being logged, where the logs are stored, and how they are configured. This listing process is foundational for subsequent tasks like auditing, analysis, and optimization of AWS CloudTrail, aiding in efficient resource management and security compliance.
inputsoutputs19.1 - 19.2Weiel7NV4hBihuinlCznCheck whether a Multi-Region AWS CloudTrail exists with the required configurations: SOC2 Guideline
19.2
Check whether a Multi-Region AWS CloudTrail exists with the required configurations: SOC2 Guideline
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task verifies the existence and configuration of a Multi-Region AWS CloudTrail in compliance with SOC2 guidelines. It focuses on ensuring essential settings like logging, S3 and CloudWatch integrations, and global event coverage. This is crucial for upholding data security and integrity standards across an organization's AWS infrastructure.
inputsoutputs19.2
- 20uC6cfnr9xHPADaTfvAs1Enable AWS CloudTrail Logging for Logging and Monitoring User Activity
20
Enable AWS CloudTrail Logging for Logging and Monitoring User Activity
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook involves configuring an AWS CloudTrail Trail to log and monitor user activities, crucial for meeting SOC2 guidelines. By capturing detailed records of API calls and user actions within AWS, CloudTrail aids in continuous auditing and real-time security analysis.
inputsoutputs20- 20.1I4Jg58AgFTnrLoNniBs9Create an AWS S3 bucket
20.1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.20.1 - 20.2T5l4631JDkDI29kYWDHNUpdate the bucket policy of an AWS S3 bucket
20.2
Update the bucket policy of an AWS S3 bucket
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves modifying access controls and permissions of a S3 bucket to manage and secure data access, ensuring compliance with security standards and organizational requirements. This is essential for controlling and safeguarding sensitive information stored in S3. In this case the policy update is regarding write permissions for CloudTrail trail to write to S3 bucket.
inputsoutputs20.2 - 20.3Tk4D72j4lmsIgEnGt5iTCreate an AWS CloudTrail trail and configuring it to an S3 bucket
20.3
Create an AWS CloudTrail trail and configuring it to an S3 bucket
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task involves establishing a CloudTrail trail to monitor and record AWS account activities, and directing the log files to a specified S3 bucket for secure and centralized storage. This setup enables efficient auditing and analysis of AWS service usage and user activities.
inputsoutputs20.3
- 21HhyOuNmdyFcOaRLmGt8yAWS IAM Password Policy SOC2 Compliance
21
AWS IAM Password Policy SOC2 Compliance
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This runbook involves setting stringent password rules and enforcing them for all IAM users. Key measures include complex password requirements, regular password changes, and preventing password reuse. This effort aligns with SOC2 standards for robust data security and access management in cloud environments, enhancing the overall security posture and integrity of the system.
inputsoutputs21- 21.1QJnMBo38c9iQavr1DSwiCheck the current AWS IAM password policy
21.1
Check the current AWS IAM password policy
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task reviews the existing AWS IAM password policy to ensure it meets specified security standards. It involves assessing criteria like password complexity, expiration, and rotation rules for compliance with organizational or regulatory requirements.
inputsoutputs21.1- 21.1.1FQ7JkEUtC3oxsI3mURl7Set an AWS IAM Password Policy
21.1.1
Set an AWS IAM Password Policy
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task configures rules for user passwords in your AWS account. This process includes defining requirements for password complexity, expiration, and rotation to enhance account security and manage access controls effectively.
inputsoutputs21.1.1 - 21.1.2MlcWv73ys88cOgQNXQiREnforce Password Change for AWS IAM Users
21.1.2
Enforce Password Change for AWS IAM Users
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.This task makes all users to update their passwords by updating their login profiles, typically following the implementation of a new password policy. This ensures that all user passwords comply with the updated security standards, enhancing overall account security.
inputsoutputs21.1.2