AWS CloudSaga v1.0.1 releases: Simulate security events in AWS

AWS CloudSaga – Simulate security events in AWS

AWS CloudSaga is for customers to test security controls and alerts within their Amazon Web Services (AWS) environment, using generated alerts based on security events seen by the AWS Customer Incident Response Team (CIRT).

Use Case

Security controls and best practices are published for securing AWS accounts, however, customers look for mechanisms to test security and incident response within their AWS environments, in order to protect themselves against known security events.

AWS CloudSaga is for customers who want to test their environment against documented security events from the AWS CIRT. Using AWS CloudSaga, simple scenarios that mimic actual security events can be run against a customer’s environment, testing the customer’s response plans and defenses when these events occur and improve defenses of their AWS environment from the results.

Specific Scenario Details

IMDS Reveal Scenario:
This scenario is based on a server-side request forgery attack. EC2 instances using IMDS version 1 are more likely to be subject to this kind of software flaw, and if EC2 Role credentials are present, those credentials can be used in AWS.

Bitcoin Mining Scenario:
This scenario simulates the creation of Bitcoin mining instances. Attackers attempt to create Bitcoin mining instances using Amazon EC2, in order to leverage legitimate AWS customer’s resources for their own purposes.

Network Changes Scenario:
This scenario simulates the creation and modification of network resources within AWS. This includes creating Amazon VPCs, as well as modifications to Security Groups, for the purposes of compromising resources within the AWS account.

IAM Credentials Scenario:
This scenario attempts to grab the IAM credential report within the AWS account.

Publicly Accessible Resources Scenario:
This scenario is for creating then checking for publicly accessible resources within an AWS account.

Changelog v1.0.1

• README file to reflect new installation instructions
  • AWS CloudSaga is used via pip3 installer

Install & Use

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.