Security Cloud Privacy Tech
Posts > Cloud > Automating Audit Evidence Collection Natively in AWS

Automating Audit Evidence Collection Natively in AWS

3 minute read | Last updated 2-Aug-2022 | An icon depicting a retail tag with a heart for 'favourite'   

The AWS Audit Manager can help organize all of your audit and compliance evidence. This solution helps streamline the collection of non-AWS resource data points. More in this Twitter thread .

Tweet 1/8  Next tweet

before I dive in here, did you know that @awscloud Audit Manager exists?

probably not. tl:dr > it helps map your usage to various regulations & standards to give you a better idea of your risk & compliance posture

some thoughts & a blog post analysis

#cloud #security

marknca @marknca tweeted at 10-Mar-2022, 13:52

Tweet 2/8  Next tweet  Start

@awscloud this is the workflow for @awscloud Audit Manager. it’s not bad for the basics

#cloud #security

marknca @marknca tweeted at 10-Mar-2022, 13:52

Tweet 3/8  Next tweet  Start

@awscloud what started me down this path was this post on the @awssecurityinfo blog, “Streamlining evidence collection with AWS Audit Manager”

https://aws.amazon.com/blogs/security/streamlining-evidence-collection-with-aws-audit-manager/

anything that helps smooth out the evidence gathering process is usually a big win, let’s dig in

#cloud #security

marknca @marknca tweeted at 10-Mar-2022, 13:52

Tweet 4/8  Next tweet  Start

@awscloud @AWSSecurityInfo right out of the gate, AWS Audit Manager pulls from @awscloud Security Hub, AWS Config, and AWS CloudTrail. so those data sources are already covered

this post shows how an approach to streamlining your custom metrics/data points

#cloud #security

marknca @marknca tweeted at 10-Mar-2022, 13:52

Tweet 5/8  Next tweet  Start

@awscloud @AWSSecurityInfo the idea is pretty simple

you setup an HTTPS endpoint via @awscloud API Gateway. that endpoint triggers a Lambda which then stores the evidence in S3 while also triggering a Step Function to process the evidence

it’s simple, #serverless, and low cost

#cloud #security

marknca @marknca tweeted at 10-Mar-2022, 13:52

Tweet 6/8  Next tweet  Start

@awscloud @AWSSecurityInfo the trick now is using this evidence storage method

@awscloud Audit Manager associated evidence to a Control within an Assessments

you need to know where this evidence belongs, in order to use this solution

#cloud #security

marknca @marknca tweeted at 10-Mar-2022, 13:52

Tweet 7/8  Next tweet  Start

@awscloud @AWSSecurityInfo more from the docs at https://docs.aws.amazon.com/audit-manager/latest/userguide/upload-evidence.html

and

https://docs.aws.amazon.com/audit-manager/latest/userguide/how-evidence-is-collected.html

#cloud #security

marknca @marknca tweeted at 10-Mar-2022, 13:52

Tweet 8/8  Next tweet  Start

@awscloud @AWSSecurityInfo it’s not too complicated to figure this out but it’s going to be the top hurdle in getting buy-in from other teams

streamlining the evidence/control/assessment alignment process would be a huge win & make this solution a lot more useful

/ #cloud #security

marknca @marknca tweeted at 10-Mar-2022, 13:52

Start