Sign in

SOC2 Compliance Tasks

There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

This runbook outlines specific tasks and procedures for ensuring AWS cloud services adhere to SOC2 standards, focusing on security, availability, processing integrity, confidentiality, and privacy. It includes audits and configurations for AWS CloudTrail, IAM policies, S3 bucket security and encryption, and more, aimed at maintaining data integrity, confidentiality, and minimizing unauthorized access to ensure compliance with SOC2 requirements.

  1. 1

    AWS S3 Bucket Public Write Access Audit : SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook conducts an audit, ensuring that S3 buckets within AWS do not allow unauthorized public write access. This audit reviews Block Public Access settings, bucket policies, and ACLs to adhere to SOC2's strict data security standards. It aims to identify and rectify any configurations that may compromise data integrity and confidentiality.

    1
    1. 1.1

      List the names of all S3 buckets

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves retrieving and listing the names of all the S3 buckets that are currently associated with your AWS account. By fetching this list, you gain an overview of the existing S3 buckets under your account, which can aid in resource management, access control, and tracking. This information is valuable for maintaining an organized and well-structured AWS environment, ensuring efficient storage utilization, and facilitating easy navigation of your stored data.

      1.1
    2. 1.2

      Check which buckets allow AWS S3 Bucket Public Write Access

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      The task involves auditing AWS S3 buckets to identify those that permit public write access. This process helps ensure data security by flagging buckets that might be vulnerable to unauthorized modifications.

      1.2
      1. 1.2.1

        Enforce S3 Bucket Write Protection using Public Access Block Settings

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task programmatically tightens security on a specified AWS S3 bucket by disabling public write access. It modifies the bucket's Block Public Access settings, ensuring compliance with data security standards. This preventive measure is critical in safeguarding sensitive data from unauthorized modifications.

        1.2.1
  2. 2

    AWS S3 Bucket Public Read Access Audit: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook involves a thorough review of S3 bucket configurations to ensure they align with SOC2 standards by prohibiting public read access. It includes checking Block Public Access settings, analyzing bucket policies, and inspecting ACLs to prevent unauthorized data exposure. Essential for maintaining data integrity and confidentiality.

    2
    1. 2.1

      List the names of all S3 buckets

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves retrieving and listing the names of all the S3 buckets that are currently associated with your AWS account. By fetching this list, you gain an overview of the existing S3 buckets under your account, which can aid in resource management, access control, and tracking. This information is valuable for maintaining an organized and well-structured AWS environment, ensuring efficient storage utilization, and facilitating easy navigation of your stored data.

      2.1
    2. 2.2

      Check which buckets allow AWS S3 Bucket Public Read Access

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      The task involves scanning AWS S3 buckets to detect any that permit public read access, highlighting potential vulnerabilities in data privacy and security.

      2.2
      1. 2.2.1

        Enforce S3 Bucket Read Protection using Public Access Block Settings

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task strengthens data security by restricting public read access to specified AWS S3 buckets. It updates Block Public Access settings and ACLs, ensuring data confidentiality. This action aligns with security compliance standards to protect sensitive information.

        2.2.1
  3. 3

    AWS S3 Bucket Server-Side Encryption Audit: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook methodically assesses and verifies server-side encryption configurations, identifying buckets that do not adhere to AES-256 or AWS KMS encryption standards. It aims to ensure all S3 buckets within an AWS environment meet stringent SOC2 encryption requirements, enhancing data security and compliance.

    3
    1. 3.1

      List the names of all S3 buckets

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves retrieving and listing the names of all the S3 buckets that are currently associated with your AWS account. By fetching this list, you gain an overview of the existing S3 buckets under your account, which can aid in resource management, access control, and tracking. This information is valuable for maintaining an organized and well-structured AWS environment, ensuring efficient storage utilization, and facilitating easy navigation of your stored data.

      3.1
    2. 3.2

      Check which AWS S3 buckets have Server Side Encryption enabled

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task assesses whether AWS S3 buckets have default server-side encryption activated or if their bucket policies explicitly deny any put-object requests that lack server-side encryption, specifically using AES-256 or AWS KMS. It designates S3 buckets as NON_COMPLIANT if they are not set to be encrypted by default.

      3.2
      1. 3.2.1

        AWS S3 Bucket Encryption Setup and Status Verification Process

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task involves enabling AES-256 server-side encryption on S3 buckets and verifying its activation. This process ensures data security by encrypting contents within the buckets. By default all new buckets created are encrypted but this task beneficial for legacy buckets without encryption enabled.

        3.2.1
  4. 4

    AWS S3 Bucket Logging Enabled Audit: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook automates the assessment and activation of Server Access Logging for Amazon S3 buckets. It aligns with SOC2 compliance guidelines by ensuring that every S3 bucket has logging enabled, contributing to better security and traceability of actions performed on the buckets.

    4
    1. 4.1

      List the names of all S3 buckets

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves retrieving and listing the names of all the S3 buckets that are currently associated with your AWS account. By fetching this list, you gain an overview of the existing S3 buckets under your account, which can aid in resource management, access control, and tracking. This information is valuable for maintaining an organized and well-structured AWS environment, ensuring efficient storage utilization, and facilitating easy navigation of your stored data.

      4.1
    2. 4.2

      Check which AWS S3 buckets have Server Access Logging enabled

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves checking AWS S3 buckets to determine if Server Access Logging is enabled. It's crucial for monitoring and diagnosing security incidents, as it records requests made to the S3 bucket, enhancing transparency and aiding compliance with security protocols.

      4.2
      1. 4.2.1

        AWS S3 Bucket Logging Setup and Verification

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task involves setting up and verifying Server Access Logging for AWS S3 buckets. It ensures that logging is active for a bucket, providing detailed records of access requests. This is crucial for security monitoring, compliance with data governance standards, and effective management of AWS resources.

        4.2.1
  5. 5

    AWS IAM Root Access Key Audit SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook involves auditing the AWS account to check if the root user has any active access keys. It's essential to ensure root access keys are not used, as they provide unrestricted access to all resources in the AWS account. The audit aims to enhance security by verifying that no root access keys exist, aligning with best practices for AWS account management.

    5
    1. 5.1

      Check whether the root user access key exists or not

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves verifying the presence of access keys for the AWS root user. It is critical for security to ensure that the root user, which has extensive privileges, does not have active access keys, thereby reducing the risk of unauthorized access and potential security breaches in the AWS environment.

      5.1
  6. 6

    AWS IAM Policy No Statements with Admin Access Audit: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook reviews and ensures AWS IAM policies don't contain overly permissive statements granting full admin access, adhering to the principle of least privilege for enhanced security.

    6
    1. 6.1

      List all AWS IAM Users

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This lists all IAM users in an AWS account, providing key details like usernames, user IDs, and creation dates. Essential for managing permissions and auditing access, this function supports security and compliance protocols by offering a clear view of user entities and their access levels. It's instrumental in enforcing security policies and the principle of least privilege in AWS resource access management.

      6.1
    2. 6.2

      Check which Users have AWS IAM Policies with Admin Access: SOC2 Compliance

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task audits AWS IAM users to identify those with administrative access. It ensures adherence to security standards by limiting broad access rights, crucial for mitigating risks associated with unauthorized permissions in a cloud environment.

      6.2
      1. 6.2.1

        Remove/Delete an IAM Policy from an AWS IAM User

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task is used to detach managed IAM policies or delete inline policies from specific IAM users. This action is crucial for maintaining secure and appropriate access levels within AWS environments, ensuring compliance with best security practices.

        6.2.1
  7. 7

    Enforce MFA for All Users Accessing Cloud Services (AWS)

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook helps with a key task for SOC2 compliance, requiring Multi-Factor Authentication (MFA) for all cloud service users in AWS. This step strengthens security and access control, meeting SOC2's requirements for safeguarding data and maintaining robust account security in cloud environments.

    7
    1. 7.1

      List all AWS IAM Users

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This lists all IAM users in an AWS account, providing key details like usernames, user IDs, and creation dates. Essential for managing permissions and auditing access, this function supports security and compliance protocols by offering a clear view of user entities and their access levels. It's instrumental in enforcing security policies and the principle of least privilege in AWS resource access management.

      7.1
    2. 7.2

      Filter Out Users in AWS IAM based on Multi-Factor Authentication Status

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task aims at enhancing SOC2 compliance by identifying AWS IAM users without Multi-Factor Authentication (MFA). This process helps enforce strict access control measures, crucial for SOC2 guidelines, by pinpointing and addressing accounts lacking essential security features.

      7.2
  8. 8

    AWS IAM User No Policies Audit: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook ensures that AWS IAM users don't have direct policies attached, adhering to SOC2 security guidelines. It mandates permissions be granted via group memberships or IAM roles, enhancing security and simplifying permission management. This audit is key in maintaining structured access control, crucial for SOC2 compliance in cloud environments.

    8
    1. 8.1

      Check which AWS IAM users have directly attached policies

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves identifying IAM users in an AWS environment who have individual policies attached to their accounts. This is key for security and compliance, ensuring permissions are managed through group memberships or role assumptions, rather than direct attachments, for better access control and security practices.

      8.1
      1. 8.1.1

        Attach an AWS IAM User to a Group

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task manages user permissions in AWS by confirming the existence of both IAM users and groups, ensuring users aren't already in the target group, and then adding them if necessary. This process streamlines user access management and maintains organized, best-practice-based user-group associations in AWS IAM.

        8.1.1
      2. 8.1.2

        Attach AWS IAM User Policy to Assume a Role

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task assigns a policy to an IAM user, enabling them to assume a specified IAM role. This key security measure allows controlled, temporary access elevation in line with the principle of least privilege. It's essential for secure and efficient permission management in AWS. Note:- This will directly attach a policy to the AWS IAM User.

        8.1.2
  9. 9

    Deactivate long-lasting AWS IAM Keys

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook refers to a security best practice where IAM access keys that have been active for an extended period of time are deactivated to prevent potential unauthorized use. This runbook involves monitoring the age of IAM access keys and automatically deactivating any that exceed a specified age threshold (e.g., 90 days). This proactive approach enhances security by reducing the likelihood of compromised keys being used for unauthorized or malicious activity over prolonged periods. Implementing this runbook typically involves using AWS SDK to interact with the IAM API, retrieving all user keys, evaluating their ages, and deactivating those that are deemed to be too old.

    9
    1. 9.1

      Filter Out Old AWS IAM Access Keys

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task identifies and isolates AWS IAM (Identity and Access Management) access keys that have surpassed a predefined age threshold. AWS IAM keys are utilized to securely control access to AWS services and resources. As a best practice for secure access management, it is recommended to regularly rotate IAM access keys and retire those that are no longer needed or have become outdated. By filtering out old access keys, administrators can ensure that access credentials are not overly permissive or unnecessarily prolonged, thereby enhancing the security posture. This task involves analyzing the creation date of each IAM access key, comparing it against the current date, and identifying keys that exceed the acceptable age limit, which are then either flagged for review to uphold stringent access control and minimize potential security risks.

      9.1
      1. 9.1.1

        Deactivate Old AWS IAM Access Keys

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task involves deactivating IAM (Identity and Access Management) access keys in AWS that have surpassed a specified age or are no longer in use, as a measure to enhance security. Regularly auditing and deactivating stale or outdated access keys restrict unauthorized or inadvertent access to AWS resources and services. This task deactivates access keys that are identified as old, thereby ensuring they cannot be used to authenticate API requests. This practice is pivotal in a robust IAM policy to assure that only active and necessary access keys are in circulation, thereby safeguarding the AWS environment against potential malicious activities or inadvertent misconfigurations by reducing the attack surface and adhering to the principle of least privilege.

        9.1.1
      2. 9.1.2

        Create AWS IAM Access Keys

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task involves generating a new set of credentials – an access key ID and a secret access key – for an AWS Identity and Access Management (IAM) user. These credentials are vital for programmatic access to AWS services, enabling API calls to be authenticated and authorized. Within AWS, an IAM user can have a maximum of two active access keys, facilitating seamless key rotation. The procedure to create an access key includes the automatic creation of an access key ID and a secret key, which should be securely stored immediately upon creation, as AWS does not allow for the retrieval of the secret key at a later time. Implementing good practices, such as routinely rotating and responsibly managing access keys, is crucial to maintaining secure user access to AWS services.

        9.1.2
      3. 9.1.3

        Update Old AWS IAM Access Keys

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task pertains to managing and refreshing AWS Identity and Access Management (IAM) user credentials to uphold security best practices. IAM access keys, which consist of an access key ID and a secret access key, are used to authenticate AWS API requests. However, if these keys are compromised or simply aged, updating them becomes crucial to safeguard the account. Updating might involve changing the status of the keys (activating or deactivating them), in this case we are deactivating them. The practice of regularly updating access keys is crucial in minimizing the risk associated with long-term key usage or potential unauthorized access.

        9.1.3
      4. 9.1.4

        Delete AWS IAM Access Keys

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task refers to the removal of an AWS Identity and Access Management (IAM) user's access keys, ensuring they can no longer be used for authentication with AWS services and resources. IAM access keys comprise an access key ID and a secret access key, which are employed to sign programmatic requests that you make to AWS. Whether it is for security compliance, a response to a security incident, or part of a key rotation policy, deleting an IAM access key is a critical operation. After deletion, any applications or users utilizing the deleted access key will lose access to AWS resources, so it is crucial to update all instances where the key is used before deletion. Additionally, AWS recommends regular access key rotation as a best practice, which involves creating a new key, updating all applications to use the new key, and then safely deleting the old key to maintain secure and functional access control.

        9.1.4
  10. 10

    Check and Rotate Expiring Access Keys for AWS IAM Users

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook involves monitoring the age of IAM user access keys and replacing them periodically. Access keys are used to authenticate programmatic requests to AWS services. Over time, the risk of these keys being compromised increases, either through unintentional exposure or malicious activities. By routinely checking the age of these keys, organizations can identify which ones are nearing or past their recommended lifespan. Rotating, or replacing, these old keys reduces potential security vulnerabilities. The process typically involves creating a new set of access keys, updating all applications or services to use the new keys, and then deactivating the old keys. This proactive approach ensures that AWS access remains secure and aligns with industry standards for credential management.

    10
    1. 10.1

      List all AWS IAM Users

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This lists all IAM users in an AWS account, providing key details like usernames, user IDs, and creation dates. Essential for managing permissions and auditing access, this function supports security and compliance protocols by offering a clear view of user entities and their access levels. It's instrumental in enforcing security policies and the principle of least privilege in AWS resource access management.

      10.1
    2. 10.2

      Filter Out Old AWS IAM Access Keys

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task identifies and isolates AWS IAM (Identity and Access Management) access keys that have surpassed a predefined age threshold. AWS IAM keys are utilized to securely control access to AWS services and resources. As a best practice for secure access management, it is recommended to regularly rotate IAM access keys and retire those that are no longer needed or have become outdated. By filtering out old access keys, administrators can ensure that access credentials are not overly permissive or unnecessarily prolonged, thereby enhancing the security posture. This task involves analyzing the creation date of each IAM access key, comparing it against the current date, and identifying keys that exceed the acceptable age limit, which are then either flagged for review to uphold stringent access control and minimize potential security risks.

      10.2
      1. 10.2.1

        Deactivate Old AWS IAM Access Keys

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task involves deactivating IAM (Identity and Access Management) access keys in AWS that have surpassed a specified age or are no longer in use, as a measure to enhance security. Regularly auditing and deactivating stale or outdated access keys restrict unauthorized or inadvertent access to AWS resources and services. This task deactivates access keys that are identified as old, thereby ensuring they cannot be used to authenticate API requests. This practice is pivotal in a robust IAM policy to assure that only active and necessary access keys are in circulation, thereby safeguarding the AWS environment against potential malicious activities or inadvertent misconfigurations by reducing the attack surface and adhering to the principle of least privilege.

        10.2.1
      2. 10.2.2

        Create AWS IAM Access Keys

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task involves generating a new set of credentials – an access key ID and a secret access key – for an AWS Identity and Access Management (IAM) user. These credentials are vital for programmatic access to AWS services, enabling API calls to be authenticated and authorized. Within AWS, an IAM user can have a maximum of two active access keys, facilitating seamless key rotation. The procedure to create an access key includes the automatic creation of an access key ID and a secret key, which should be securely stored immediately upon creation, as AWS does not allow for the retrieval of the secret key at a later time. Implementing good practices, such as routinely rotating and responsibly managing access keys, is crucial to maintaining secure user access to AWS services.

        10.2.2
      3. 10.2.3

        Update Old AWS IAM Access Keys

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task pertains to managing and refreshing AWS Identity and Access Management (IAM) user credentials to uphold security best practices. IAM access keys, which consist of an access key ID and a secret access key, are used to authenticate AWS API requests. However, if these keys are compromised or simply aged, updating them becomes crucial to safeguard the account. Updating might involve changing the status of the keys (activating or deactivating them), in this case we are deactivating them. The practice of regularly updating access keys is crucial in minimizing the risk associated with long-term key usage or potential unauthorized access.

        10.2.3
      4. 10.2.4

        Delete AWS IAM Access Keys

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task refers to the removal of an AWS Identity and Access Management (IAM) user's access keys, ensuring they can no longer be used for authentication with AWS services and resources. IAM access keys comprise an access key ID and a secret access key, which are employed to sign programmatic requests that you make to AWS. Whether it is for security compliance, a response to a security incident, or part of a key rotation policy, deleting an IAM access key is a critical operation. After deletion, any applications or users utilizing the deleted access key will lose access to AWS resources, so it is crucial to update all instances where the key is used before deletion. Additionally, AWS recommends regular access key rotation as a best practice, which involves creating a new key, updating all applications to use the new key, and then safely deleting the old key to maintain secure and functional access control.

        10.2.4
  11. 11

    Cleanup inactive users in AWS IAM

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook involves listing all IAM users, identifying those who haven't accessed AWS services for a specified period, and then safely deleting these inactive users. This process enhances security by removing potential vulnerabilities and optimizes resource usage in the AWS environment. Always proceed with caution to avoid unintended deletions.

    11
    1. 11.1

      List all AWS IAM Users

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This lists all IAM users in an AWS account, providing key details like usernames, user IDs, and creation dates. Essential for managing permissions and auditing access, this function supports security and compliance protocols by offering a clear view of user entities and their access levels. It's instrumental in enforcing security policies and the principle of least privilege in AWS resource access management.

      11.1
    2. 11.2

      Filter out inactive users AWS IAM Users

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task identifies users who haven't accessed AWS services within a specified timeframe. This process helps to maintain a secure and well-organized IAM environment by focusing on active users and potentially deactivating or removing those who are no longer in use.

      11.2
      1. 11.2.1

        Delete an AWS IAM user

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task deletes an IAM user in AWS which is a critical step in managing access to AWS resources. This process ensures that the user no longer has permission to perform actions or access resources. It involves several key steps: detaching all associated policies, removing any login profiles or access keys, and finally, deleting the user itself. This action is irreversible, and once the user is deleted, they cannot access the AWS Management Console, AWS CLI, or API operations unless recreated. Properly removing users helps in maintaining a secure and tidy AWS environment, especially when individuals no longer require access or have changed roles.

        11.2.1
  12. 12

    AWS EC2 Security Groups Unrestricted SSH Check: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook helps enforce SOC2 compliance in AWS environments. It identifies and remediates security groups allowing unrestricted SSH access in running EC2 instances, ensuring robust security and compliance with SOC2 standards.

    12
    1. 12.1

      Get all AWS EC2 instances

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      Amazon Elastic Compute Cloud (EC2) is a service offered by Amazon Web Services (AWS) that provides resizable compute capacity in the cloud. Through Boto3's EC2 client, the describe_instances() method provides detailed information about each instance, including its ID, type, launch time, and current state. This capability assists users in effectively monitoring and managing their cloud resources.

      12.1
    2. 12.2

      Check which AWS EC2 Security Groups allow unrestricted SSH Access: SOC2 Compliance

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task is designed to audit AWS environments for SOC2 compliance. It systematically identifies security groups in running EC2 instances that permit unrestricted SSH access, flagging potential security vulnerabilities and aiding in maintaining SOC2 compliance standards.

      12.2
      1. 12.2.1

        Remediate AWS EC2 Security Groups with unrestricted SSH Access: SOC2 Compliance

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task identifies and corrects security groups in AWS EC2, which allow unrestricted SSH access.

        12.2.1
  13. 13

    AWS EC2 Instance No Public IP Associated Audit: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook checks all EC2 instances in an AWS environment to confirm they do not have public IP addresses. This audit is key to SOC2 compliance, aiming to protect against unauthorized access and minimize cyber threats. Its goal is to ensure that EC2 instances are secured within private networks, aligning with SOC2's focus on system security and integrity.

    13
    1. 13.1

      Get all AWS EC2 instances

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      Amazon Elastic Compute Cloud (EC2) is a service offered by Amazon Web Services (AWS) that provides resizable compute capacity in the cloud. Through Boto3's EC2 client, the describe_instances() method provides detailed information about each instance, including its ID, type, launch time, and current state. This capability assists users in effectively monitoring and managing their cloud resources.

      13.1
    2. 13.2

      Check which AWS EC2 Instances have a Public IP Associated: SOC2 Compliance

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task is focused on identifying EC2 instances in an AWS environment that are assigned public IP addresses. It plays a crucial role in maintaining SOC2 compliance by identifying potential security risks associated with public internet exposure.

      13.2
  14. 14

    AWS Restricted Common Ports Audit

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    The AWS Restricted Common Ports Audit rule evaluates security groups to ensure they do not allow unrestricted incoming TCP traffic to specific critical ports for IPv4. It aims to prevent unauthorized access by marking configurations as COMPLIANT when traffic to these ports is appropriately restricted, thereby enhancing the security posture of AWS environments.

    14
    1. 14.1

      Checks which security groups in use do not allow unrestricted incoming TCP traffic to the specified ports for IPv4

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task identifies security groups allowing unrestricted TCP traffic to specified ports on IPv4, highlighting potential security risks. It ensures traffic to sensitive ports is limited to authorized sources, bolstering network security. The aim is to prevent unauthorized access and exposure of critical services.

      14.1
  15. 15

    Default Security Group Audit and Remediation in AWS VPCs: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook conducts a thorough audit of default security groups in all AWS VPCs, ensuring they disallow any inbound or outbound traffic. It identifies and automatically remediates non-compliant groups to enforce stringent network security standards. The process enhances overall VPC security by adhering to a strict no-traffic policy in default security groups.

    15
    1. 15.1

      List All VPCs in AWS

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task enumerates all Virtual Private Clouds across every AWS region in an account. This task is essential for network management, security audits, and resource tracking, especially in large-scale environments. It provides details like VPC IDs, CIDR blocks, and associated resources for each VPC.

      15.1
    2. 15.2

      Detecting and Marking Non-Compliant VPC Security Groups: SOC2 Compliance

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task focuses on scrutinizing default security groups in AWS VPCs to identify and flag those allowing unauthorized traffic. It serves as a critical measure to pinpoint security groups that deviate from the no-traffic policy, ensuring adherence to stringent network security protocols in VPC environments.

      15.2
      1. 15.2.1

        Implementing No-Traffic Policy in VPC Default Security Groups

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task involves configuring the default security groups within AWS VPCs to strictly enforce a no-traffic policy. It entails systematically updating the security group rules to block all inbound and outbound traffic, ensuring compliance with stringent network security protocols.

        15.2.1
  16. 16

    Enable VPC Flow Logs in AWS

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook involves turning on a feature for capturing information about IP traffic going to and from networks interfaces in a Virtual Private Cloud (VPC). This data is vital for network monitoring, security analysis, and troubleshooting. The logs can be stored in Amazon CloudWatch Logs or Amazon S3 for detailed analysis and archival purposes, aiding in compliance and operational auditing.

    16
    1. 16.1

      List All VPCs in AWS

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task enumerates all Virtual Private Clouds across every AWS region in an account. This task is essential for network management, security audits, and resource tracking, especially in large-scale environments. It provides details like VPC IDs, CIDR blocks, and associated resources for each VPC.

      16.1
    2. 16.2

      Filter Out VPCs with Flow Logs not enabled in AWS

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task identifies Virtual Private Clouds (VPCs) in an AWS environment that lack active Flow Logs. This task is essential for security and compliance, ensuring that network traffic is monitored and logged. It involves checking each VPC's Flow Logs status and isolating those without the feature, helping to prioritize security enhancements and network monitoring strategies.

      16.2
      1. 16.2.1

        Create an AWS S3 bucket

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task involves setting up a unique data storage bucket in Amazon S3 for storing, managing, and retrieving data, with options for access control, versioning, and lifecycle management. S3 buckets provide a scalable and secure cloud storage solution.

        16.2.1
      2. 16.2.2

        Update AWS S3 bucket policy for VPC Flow Logs

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.
        16.2.2
      3. 16.2.3

        Configure VPC Flow Logs in AWS to an S3 bucket

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task activates a logging feature for Virtual Private Clouds (VPCs) in AWS. This feature records and stores information about the network traffic flowing through the VPC, aiding in security monitoring, traffic analysis, and troubleshooting. The collected data can be sent to Amazon CloudWatch Logs or Amazon S3 for retention and analysis.

        16.2.3
  17. 17

    End-to-End Encryption Setup for AWS CloudTrail: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook provides a detailed guide for verifying and/or setting up end-to-end encryption in AWS CloudTrail for SOC2 compliance. It covers configuring CloudTrail with AWS KMS Customer Master Keys (CMKs) for Server-Side Encryption (SSE), including steps for creating or selecting KMS CMKs and ensuring secure encryption of CloudTrail trails.

    17
    1. 17.1

      Verify Whether AWS CloudTrail is configured to use SSE AWS KMS

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task verifies if AWS CloudTrail is configured with Server-Side Encryption (SSE) using AWS Key Management Service (KMS) Customer Master Keys (CMKs). It ensures that each CloudTrail trail has a KmsKeyId defined, confirming encryption according to SOC2 standards. This process enhances security and meets regulatory requirements for encrypted AWS activity logging.

      17.1
      1. 17.1.1

        Choose or Create an AWS KMS CMK

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task selects an existing AWS KMS Customer Master Key (CMK) or creates a new one if none exists. It checks for a CMK with a specific alias, creating a new key for encryption purposes as needed. This ensures enhanced security and compliance in AWS environments.

        17.1.1
      2. 17.1.2

        Update the AWS KMS Key Policy to Allow CloudTrail to use the key

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task updates the AWS KMS key policy to authorize AWS CloudTrail to encrypt log files using the specified KMS key. The objective is to secure CloudTrail logs with KMS encryption, ensuring enhanced security and compliance. The process involves modifying the KMS key policy to include permissions for CloudTrail operations.

        17.1.2
      3. 17.1.3

        Update AWS CloudTrail Trail with AWS KMS CMK

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task updates an AWS CloudTrail trail to use an AWS Key Management Service (KMS) Customer Master Key (CMK) for server-side encryption. It ensures that the trail's logs are encrypted with a specified KMS key, enhancing the security and confidentiality of audit log files. This update is vital for maintaining compliance and robust data protection standards in AWS.

        17.1.3
  18. 18

    AWS CloudTrail Log Validation Enabled Audit: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook ensures that CloudTrail, AWS's service for logging API activity, has log file validation enabled. This is crucial for SOC2 compliance, which demands secure and private handling of customer data. Enabling log file validation helps verify the integrity and authenticity of CloudTrail logs, demonstrating a commitment to robust information security practices.

    18
    1. 18.1

      List all AWS CloudTrail Trails

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves enumerating and retrieving detailed information about every AWS CloudTrail trail that exists across all AWS regions within an AWS account. Each trail captures specific API activity and events, and having a comprehensive list helps in providing visibility into what actions are being logged, where the logs are stored, and how they are configured. This listing process is foundational for subsequent tasks like auditing, analysis, and optimization of AWS CloudTrail, aiding in efficient resource management and security compliance.

      18.1
    2. 18.2

      Check which AWS CloudTrail Trails have Log File Validation enabled: SOC2 Complaince

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task audits AWS CloudTrail Trails for SOC2 Compliance by checking Log File Validation across various regions. It evaluates each trail for enabled log file validation and the presence of a valid 'LatestDigestDeliveryTime'. Trails are marked as compliant or non-compliant based on these criteria, with specific reasons for non-compliance provided.

      18.2
      1. 18.2.1

        Enable Log File Validation for AWS CloudTrail Trail

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task automates the enforcement and verification of log file validation for AWS CloudTrail trails. It checks if log file validation is enabled for a specified trail and activates it if necessary. Post-activation, it confirms the validation status, ensuring compliance with security best practices.

        18.2.1
  19. 19

    Multi-Region AWS CloudTrail Compliance Verification: SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook is focused on ensuring that AWS CloudTrail configurations across multiple regions comply with SOC2 standards. It involves comprehensive checks on CloudTrail trail configurations, including logging status, S3 bucket integrations, and CloudWatch Logs, ensuring global event capture and multi-region setup. It's essential for maintaining SOC2 compliance, emphasizing data security and integrity in cloud environments, and helps organizations manage their compliance posture efficiently.

    19
    1. 19.1

      List all AWS CloudTrail Trails

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves enumerating and retrieving detailed information about every AWS CloudTrail trail that exists across all AWS regions within an AWS account. Each trail captures specific API activity and events, and having a comprehensive list helps in providing visibility into what actions are being logged, where the logs are stored, and how they are configured. This listing process is foundational for subsequent tasks like auditing, analysis, and optimization of AWS CloudTrail, aiding in efficient resource management and security compliance.

      19.1
    2. 19.2

      Check whether a Multi-Region AWS CloudTrail exists with the required configurations: SOC2 Guideline

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task verifies the existence and configuration of a Multi-Region AWS CloudTrail in compliance with SOC2 guidelines. It focuses on ensuring essential settings like logging, S3 and CloudWatch integrations, and global event coverage. This is crucial for upholding data security and integrity standards across an organization's AWS infrastructure.

      19.2
  20. 20

    Enable AWS CloudTrail Logging for Logging and Monitoring User Activity

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook involves configuring an AWS CloudTrail Trail to log and monitor user activities, crucial for meeting SOC2 guidelines. By capturing detailed records of API calls and user actions within AWS, CloudTrail aids in continuous auditing and real-time security analysis.

    20
    1. 20.1

      Create an AWS S3 bucket

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves setting up a unique data storage bucket in Amazon S3 for storing, managing, and retrieving data, with options for access control, versioning, and lifecycle management. S3 buckets provide a scalable and secure cloud storage solution.

      20.1
    2. 20.2

      Update the bucket policy of an AWS S3 bucket

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves modifying access controls and permissions of a S3 bucket to manage and secure data access, ensuring compliance with security standards and organizational requirements. This is essential for controlling and safeguarding sensitive information stored in S3. In this case the policy update is regarding write permissions for CloudTrail trail to write to S3 bucket.

      20.2
    3. 20.3

      Create an AWS CloudTrail trail and configuring it to an S3 bucket

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task involves establishing a CloudTrail trail to monitor and record AWS account activities, and directing the log files to a specified S3 bucket for secure and centralized storage. This setup enables efficient auditing and analysis of AWS service usage and user activities.

      20.3
  21. 21

    AWS IAM Password Policy SOC2 Compliance

    There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

    This runbook involves setting stringent password rules and enforcing them for all IAM users. Key measures include complex password requirements, regular password changes, and preventing password reuse. This effort aligns with SOC2 standards for robust data security and access management in cloud environments, enhancing the overall security posture and integrity of the system.

    21
    1. 21.1

      Check the current AWS IAM password policy

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      This task reviews the existing AWS IAM password policy to ensure it meets specified security standards. It involves assessing criteria like password complexity, expiration, and rotation rules for compliance with organizational or regulatory requirements.

      21.1
      1. 21.1.1

        Set an AWS IAM Password Policy

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task configures rules for user passwords in your AWS account. This process includes defining requirements for password complexity, expiration, and rotation to enhance account security and manage access controls effectively.

        21.1.1
      2. 21.1.2

        Enforce Password Change for AWS IAM Users

        There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

        This task makes all users to update their passwords by updating their login profiles, typically following the implementation of a new password policy. This ensures that all user passwords comply with the updated security standards, enhancing overall account security.

        21.1.2