AWS Security Implementation

Objective:   To implement AWS Security Hub and its accompanying data from Amazon GuardDuty, Amazon Inspector, and Amazon Maci.   Background/Context:   WOWzer Technologies builds applications that automate the tedious tasks that Accountants and Bookkeepers have to do. One of these tasks is to backup customer organization data. When using cloud accounting as their resource, it is not automatically backed up in a fully restorable version. Or it’s backed up by the vendor, with no commitment to being able to restore lost data in the event of a breach or corruption. With this in mind, WOWzer built a Backup and Restore application specifically for Xero Cloud accounting. We are preparing to launch our new application and would like to improve our security and increase information flow about vulnerabilities. Output(s):   Implement AWS Security Hub, adding WOWzer team members to the platform. Implement Amazon GuardDuty and connect to AWS Security Hub. Implement Amazon Inspector and connect to AWS Security Hub. Implement Amazon Maci and connect to AWS Security Hub. Write an implementation guide with screenshots and instructions for the above four applications. Write an instruction guide as to what key metrics are being measured and what responses should be taken based on AWS Security Hub outputs and how often the metrics should be monitored. How will the success of the project be measured:   The project's success will be based on the final two outputs and how well a WOWzer staff member can adopt the practices and procedures in the guide without relying on other resources. Project Manager: Mark Kennedy, mark@wowzer.tech Governance:   Weekly meetings can be made available to each team as needed by available WOWzer team members. An MS Teams chat will be set up for ongoing questions throughout the project. The attending Professor will be added to the chat. Resources:   WOWzer will provide access to a test environment on AWS with access to our application for operation testing. WOWzer team members, including Preston Wong CTO, Mark Kennedy, CEO and WOWzers’ AWS representative, will provide Senior Architect access for questions or clarification.  Reporting Requirements:   Project status updates every two weeks. Verbal or written. Assumptions and Constraints:   WOWzer assumes that the team members have sufficient background and knowledge of AWS to complete the project and, given sufficient time, can succeed. Constraints may include student time availability, meeting time availability and experience in preparing written and visual material to support the work. Risk Management:   Team members accessing WOWzers’ AWS platform must use MFA when logging into the system. Issues Management:   Issues encountered must be brought to the attention of the attending Professor and WOWzer team as soon as they present. Knowledge gaps will be referred to AWS staff engaged by WOWzer. Related Projects:   WOWzer will be shifting to AWS Elastic Beanstalk simultaneously and the team should be prepared to switch from AWS EC2 Autoscale and Load Balancer to the Beanstalk Service, should the existing resource be changed . The team must be prepared to re-implement onto new EC2 instances and S3 buckets. Quality Assurance:   As each AWS application is implemented, tests must be performed by a backup and restoration procedure using WOWzers’ application. This will ensure that the settings programmed into the AWS applications do not prevent the end user from still using WOWzers’ Backup and Restore application effectively.