Scout2 Usage: AWS Infrastructure Security Best Practices

Jordan Drysdale//

Full disclosure and tl;dr: The NCC Group has developed an amazing toolkit for analyzing your AWS infrastructure against Amazon’s best practices guidelines.

Start here:

https://github.com/nccgroup/Scout2

Then, access your AWS console as a user with privilege enough to create an “auditor” account (best practice tip #1: once your admin accounts are online and MFA enabled, never use the root account).

Create a user.

Create a group like the following and enable the SecurityAudit role for this user.

Review this user account.

Download the .csv with your access keys.

We are just about ready to run Scout2!!! I cloned the repo in to /opt/, so head over to whichever directory you are using and execute the ‘pip install -r requirements.’ The –help flag lists the following.

Because AWS is driven by programmatic functions, you need not specify anything more than the credentials file we downloaded earlier to run Scout2.

After we let Scout2 do its thing, we end up with a highly functional HTML report.

Then, we can drill down as to the ‘why’ of our failures to implement best practices. AWS security best practices are documented here: https://d0.awsstatic.com/whitepapers/compliance/AWS_Auditing_Security_Checklist.pdf

This tool should be a part of your AWS deployment. It is easy to run and provides guidance to make just about any environment more secure.