Skip to content

Ajinkya shield prevention #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ajinkya1986 wants to merge 2 commits into
base: development
Choose a base branch
from
Open

Ajinkya shield prevention #136

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a5c7b0d
Added cause for shield
May 20, 2024
99f29d5
Added shield prevention
Aug 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
185 changes: 185 additions & 0 deletions docs/aws/audit/shieldmonitoring/rules/aws_shield_advanced_enable_autorenew.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,191 @@ CBP

### Triage and Remediation
<Tabs>


<Tab title='Prevention'>
### How to Prevent
<AccordionGroup>
<Accordion title='Using Console' defaultOpen='true'>
To prevent the misconfiguration where Shield Advanced Setting should be set to Auto Renew in AWS Shield using the AWS Management Console, follow these steps:

1. **Navigate to AWS Shield Console:**
- Sign in to the AWS Management Console.
- In the navigation bar, select the region where your Shield Advanced is configured.
- Type "Shield" in the search bar and select "AWS Shield" from the dropdown.

2. **Access Shield Advanced Settings:**
- In the AWS Shield console, click on "Shield Advanced" in the left-hand navigation pane.
- Select the "Settings" tab to view the configuration settings for Shield Advanced.

3. **Enable Auto Renew:**
- In the "Settings" tab, locate the "Auto Renew" section.
- Ensure that the "Auto Renew" option is enabled. If it is not, click the checkbox to enable it.

4. **Save Changes:**
- After enabling the "Auto Renew" option, click the "Save" button to apply the changes.
- Confirm that the settings have been updated successfully.

By following these steps, you can ensure that the Shield Advanced setting is configured to auto-renew, thereby preventing the misconfiguration.
</Accordion>

<Accordion title='Using CLI'>
To ensure that AWS Shield Advanced is set to auto-renew using the AWS CLI, you can follow these steps:

1. **Install and Configure AWS CLI**:
Ensure that you have the AWS CLI installed and configured with the necessary permissions to manage AWS Shield Advanced settings.

```sh
aws configure
```

2. **Enable Shield Advanced Auto-Renew**:
Use the `update-subscription` command to enable auto-renew for Shield Advanced. This command updates the subscription settings to ensure auto-renewal is enabled.

```sh
aws shield update-subscription --auto-renew ENABLED
```

3. **Verify Shield Advanced Subscription**:
Confirm that the Shield Advanced subscription is set to auto-renew by describing the subscription settings.

```sh
aws shield describe-subscription
```

Look for the `AutoRenew` field in the output to ensure it is set to `ENABLED`.

4. **Monitor and Audit Settings**:
Regularly monitor and audit your Shield Advanced settings to ensure that auto-renew remains enabled. You can set up a scheduled script or use AWS Config rules to automate this process.

```sh
aws shield describe-subscription
```

You can also use AWS Config to create a custom rule to check the auto-renew status periodically.

By following these steps, you can ensure that AWS Shield Advanced is set to auto-renew, thereby preventing any lapses in protection.
</Accordion>

<Accordion title='Using Python'>
To ensure that AWS Shield Advanced is set to auto-renew using Python scripts, you can use the AWS SDK for Python (Boto3). Below are the steps to achieve this:

1. **Install Boto3**:
Ensure you have Boto3 installed in your Python environment. If not, you can install it using pip:
```bash
pip install boto3
```

2. **Set Up AWS Credentials**:
Make sure your AWS credentials are configured. You can set them up using the AWS CLI or by creating a `~/.aws/credentials` file.

3. **Create a Python Script**:
Write a Python script to enable auto-renew for AWS Shield Advanced. Below is an example script:

```python
import boto3

# Initialize a session using Amazon Shield
client = boto3.client('shield')

# Function to enable auto-renew for Shield Advanced
def enable_auto_renew():
try:
response = client.update_subscription(
AutoRenew='ENABLED'
)
print("Auto-renew for Shield Advanced has been enabled.")
except Exception as e:
print(f"Error enabling auto-renew: {e}")

if __name__ == "__main__":
enable_auto_renew()
```

4. **Run the Script**:
Execute the script to enable auto-renew for AWS Shield Advanced:
```bash
python enable_shield_auto_renew.py
```

By following these steps, you can ensure that AWS Shield Advanced is set to auto-renew using a Python script. This will help prevent misconfigurations related to the auto-renewal setting.
</Accordion>

</AccordionGroup>
</Tab>

<Tab title='Cause'>
### Check Cause
<AccordionGroup>
<Accordion title='Using Console' defaultOpen='true'>
1. Log in to the AWS Management Console and open the AWS Shield console at https://console.aws.amazon.com/shield/.

2. In the navigation pane, choose "Protected resources".

3. In the Protected resources section, select the resource that you want to check.

4. In the details pane, under AWS Shield Advanced, check the status of the Auto Renew setting. If it is not set to Auto Renew, then the Shield Advanced setting is misconfigured.
</Accordion>

<Accordion title='Using CLI'>
1. Install and configure AWS CLI: Before you can start using AWS CLI, you need to install it on your local machine. You can download it from the official AWS website. After installation, you need to configure it with your AWS account credentials. You can do this by running the command `aws configure` and then entering your AWS Access Key ID, Secret Access Key, Default region name, and Default output format when prompted.

2. List all the subscriptions: Use the following AWS CLI command to list all the AWS Shield Advanced subscriptions in your account:

```
aws shield list-subscriptions
```
This command will return a list of all the AWS Shield Advanced subscriptions in your account.

3. Describe the subscription: For each subscription in the list, use the following AWS CLI command to get detailed information about the subscription:

```
aws shield describe-subscription --subscription-arn <subscription-arn>
```
Replace `<subscription-arn>` with the ARN of the subscription you want to check. This command will return detailed information about the subscription, including the auto-renew setting.

4. Check the auto-renew setting: In the output of the `describe-subscription` command, look for the `AutoRenew` field. If the value of this field is `ENABLED`, then the Shield Advanced subscription is set to auto-renew. If the value is `DISABLED`, then it is not set to auto-renew.
</Accordion>

<Accordion title='Using Python'>
1. Install AWS SDK for Python (Boto3): Boto3 is the Amazon Web Services (AWS) Software Development Kit (SDK) for Python, which allows Python developers to write software that makes use of services like Amazon S3, Amazon EC2, etc. You can install it using pip:

```bash
pip install boto3
```

2. Configure AWS Credentials: Before you can begin using Boto3, you should set up authentication credentials. You can do this by creating a new IAM user in your AWS console, then set your credentials in the AWS credentials file, which is located by default at `~/.aws/credentials`. At a minimum, the credentials file should specify the access key and secret access key. To specify these for the `default` profile, you can use the following format:

```bash
[default]
aws_access_key_id = YOUR_ACCESS_KEY
aws_secret_access_key = YOUR_SECRET_KEY
```

3. Create a Python script to check Shield Advanced Setting:

```python
import boto3

# Create a Shield client
client = boto3.client('shield')

# Get the Shield Advanced subscription details
response = client.describe_subscription()

# Check if AutoRenew is set to 'ENABLED'
if response['Subscription']['AutoRenew'] != 'ENABLED':
print("Shield Advanced Setting is not set to Auto Renew")
else:
print("Shield Advanced Setting is set to Auto Renew")
```

4. Run the Python script: You can run the Python script using any Python environment. If the output is "Shield Advanced Setting is not set to Auto Renew", then there is a misconfiguration. If the output is "Shield Advanced Setting is set to Auto Renew", then there is no misconfiguration.
</Accordion>

</AccordionGroup>
</Tab>

<Tab title='Remediation'>
### Remediation

Expand Down
183 changes: 183 additions & 0 deletions ...dit/shieldmonitoring/rules/aws_shield_advanced_enable_autorenew_remediation.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,189 @@

### Triage and Remediation
<Tabs>


<Tab title='Prevention'>
### How to Prevent
<AccordionGroup>
<Accordion title='Using Console' defaultOpen='true'>
To prevent the misconfiguration where Shield Advanced Setting should be set to Auto Renew in AWS Shield using the AWS Management Console, follow these steps:

1. **Navigate to AWS Shield Console:**
- Sign in to the AWS Management Console.
- In the navigation bar, select the region where your Shield Advanced is configured.
- Type "Shield" in the search bar and select "AWS Shield" from the dropdown.

2. **Access Shield Advanced Settings:**
- In the AWS Shield console, click on "Shield Advanced" in the left-hand navigation pane.
- Select the "Settings" tab to view the configuration settings for Shield Advanced.

3. **Enable Auto Renew:**
- In the "Settings" tab, locate the "Auto Renew" section.
- Ensure that the "Auto Renew" option is enabled. If it is not, click the checkbox to enable it.

4. **Save Changes:**
- After enabling the "Auto Renew" option, click the "Save" button to apply the changes.
- Confirm that the settings have been updated successfully.

By following these steps, you can ensure that the Shield Advanced setting is configured to auto-renew, thereby preventing the misconfiguration.
</Accordion>

<Accordion title='Using CLI'>
To ensure that AWS Shield Advanced is set to auto-renew using the AWS CLI, you can follow these steps:

1. **Install and Configure AWS CLI**:
Ensure that you have the AWS CLI installed and configured with the necessary permissions to manage AWS Shield Advanced settings.

```sh
aws configure
```

2. **Enable Shield Advanced Auto-Renew**:
Use the `update-subscription` command to enable auto-renew for Shield Advanced. This command updates the subscription settings to ensure auto-renewal is enabled.

```sh
aws shield update-subscription --auto-renew ENABLED
```

3. **Verify Shield Advanced Subscription**:
Confirm that the Shield Advanced subscription is set to auto-renew by describing the subscription settings.

```sh
aws shield describe-subscription
```

Look for the `AutoRenew` field in the output to ensure it is set to `ENABLED`.

4. **Monitor and Audit Settings**:
Regularly monitor and audit your Shield Advanced settings to ensure that auto-renew remains enabled. You can set up a scheduled script or use AWS Config rules to automate this process.

```sh
aws shield describe-subscription
```

You can also use AWS Config to create a custom rule to check the auto-renew status periodically.

By following these steps, you can ensure that AWS Shield Advanced is set to auto-renew, thereby preventing any lapses in protection.
</Accordion>

<Accordion title='Using Python'>
To ensure that AWS Shield Advanced is set to auto-renew using Python scripts, you can use the AWS SDK for Python (Boto3). Below are the steps to achieve this:

1. **Install Boto3**:
Ensure you have Boto3 installed in your Python environment. If not, you can install it using pip:
```bash
pip install boto3
```

2. **Set Up AWS Credentials**:
Make sure your AWS credentials are configured. You can set them up using the AWS CLI or by creating a `~/.aws/credentials` file.

3. **Create a Python Script**:
Write a Python script to enable auto-renew for AWS Shield Advanced. Below is an example script:

```python
import boto3

# Initialize a session using Amazon Shield
client = boto3.client('shield')

# Function to enable auto-renew for Shield Advanced
def enable_auto_renew():
try:
response = client.update_subscription(
AutoRenew='ENABLED'
)
print("Auto-renew for Shield Advanced has been enabled.")
except Exception as e:
print(f"Error enabling auto-renew: {e}")

if __name__ == "__main__":
enable_auto_renew()
```

4. **Run the Script**:
Execute the script to enable auto-renew for AWS Shield Advanced:
```bash
python enable_shield_auto_renew.py
```

By following these steps, you can ensure that AWS Shield Advanced is set to auto-renew using a Python script. This will help prevent misconfigurations related to the auto-renewal setting.
</Accordion>

</AccordionGroup>
</Tab>
<Tab title='Cause'>
### Check Cause
<AccordionGroup>
<Accordion title='Using Console' defaultOpen='true'>
1. Log in to the AWS Management Console and open the AWS Shield console at https://console.aws.amazon.com/shield/.

2. In the navigation pane, choose "Protected resources".

3. In the Protected resources section, select the resource that you want to check.

4. In the details pane, under AWS Shield Advanced, check the status of the Auto Renew setting. If it is not set to Auto Renew, then the Shield Advanced setting is misconfigured.
</Accordion>

<Accordion title='Using CLI'>
1. Install and configure AWS CLI: Before you can start using AWS CLI, you need to install it on your local machine. You can download it from the official AWS website. After installation, you need to configure it with your AWS account credentials. You can do this by running the command `aws configure` and then entering your AWS Access Key ID, Secret Access Key, Default region name, and Default output format when prompted.

2. List all the subscriptions: Use the following AWS CLI command to list all the AWS Shield Advanced subscriptions in your account:

```
aws shield list-subscriptions
```
This command will return a list of all the AWS Shield Advanced subscriptions in your account.

3. Describe the subscription: For each subscription in the list, use the following AWS CLI command to get detailed information about the subscription:

```
aws shield describe-subscription --subscription-arn <subscription-arn>
```
Replace `<subscription-arn>` with the ARN of the subscription you want to check. This command will return detailed information about the subscription, including the auto-renew setting.

4. Check the auto-renew setting: In the output of the `describe-subscription` command, look for the `AutoRenew` field. If the value of this field is `ENABLED`, then the Shield Advanced subscription is set to auto-renew. If the value is `DISABLED`, then it is not set to auto-renew.
</Accordion>

<Accordion title='Using Python'>
1. Install AWS SDK for Python (Boto3): Boto3 is the Amazon Web Services (AWS) Software Development Kit (SDK) for Python, which allows Python developers to write software that makes use of services like Amazon S3, Amazon EC2, etc. You can install it using pip:

```bash
pip install boto3
```

2. Configure AWS Credentials: Before you can begin using Boto3, you should set up authentication credentials. You can do this by creating a new IAM user in your AWS console, then set your credentials in the AWS credentials file, which is located by default at `~/.aws/credentials`. At a minimum, the credentials file should specify the access key and secret access key. To specify these for the `default` profile, you can use the following format:

```bash
[default]
aws_access_key_id = YOUR_ACCESS_KEY
aws_secret_access_key = YOUR_SECRET_KEY
```

3. Create a Python script to check Shield Advanced Setting:

```python
import boto3

# Create a Shield client
client = boto3.client('shield')

# Get the Shield Advanced subscription details
response = client.describe_subscription()

# Check if AutoRenew is set to 'ENABLED'
if response['Subscription']['AutoRenew'] != 'ENABLED':
print("Shield Advanced Setting is not set to Auto Renew")
else:
print("Shield Advanced Setting is set to Auto Renew")
```

4. Run the Python script: You can run the Python script using any Python environment. If the output is "Shield Advanced Setting is not set to Auto Renew", then there is a misconfiguration. If the output is "Shield Advanced Setting is set to Auto Renew", then there is no misconfiguration.
</Accordion>

</AccordionGroup>
</Tab>
<Tab title='Remediation'>
### Remediation

Expand Down
Loading