Hey, I'm Marat šŸ‘‹
Published on

Event-driven Security Remediation with AWS Auto Remediate

Authors

Photo by James Sutton on Unsplash Photo by James Sutton on Unsplash

Jay Kim and I have spent the last couple of weeks developing an open source application to help with automatic security remediation based on compliance events from AWS Config.

What is Auto Remediate?

Auto Remediate is a serverless tool built on Lambda with the help of SQS, SNS, DynamoDB, CloudWatch, and Config all tied together with the Serverless Framework. This makes it completely serverless with the majority of costs coming from AWS Config (charged per rule per month).

Auto Remediateā€™s serverless architectureAuto Remediateā€™s serverless architecture

Simply put, Auto Remediate fixes common security issues (such as a publically open port 22 or S3 Buckets with public read/write enabled) within minutes and sometimes even seconds.

Auto Remediate supports 24 of the 27 AWS Config Rules (created by AWS Security Hub). The 3 unsupported rules relate to the root account and cannot be remediated outside of it. These rules help you align your account with the CIS AWS Foundations Benchmark. A full list of supported AWS Config Rules can be found in the README and COVERAGE documentation.

Auto Remediate isnā€™t the only tool in the market that solves security issues. There are tools such as Netflixā€™s Security Monkey and T-Mobileā€™s PacBot that offer a similar solution. However, Auto Remediateā€™s simple design makes it another viable option in the security space. It is small, serverless, and can be deployed in minutes. Although it isnā€™t as polished as PacBot or as extensible as Security Monkey, it still gets the job done.

So why do I need it?

With cloud adoption on the rise, developers are now able to leverage a whole gamut of services and offerings. This rapid growth also exposes developers to various security pitfalls that remain hidden initially and fixing them requires extensive manual intervention.

Auto Remediate aims at exposing and resolving hidden risks and provides us a guardrail against security threats such as misconfigured config files and open ports. This allows our security, infrastructure, and DevSecOps teams to focus on more valuable business aligned workloads.

Sweet! How do I get started?

Head on over to our GitHub repo (below) to clone and deploy the tool in your environment.

servian/aws-auto-remediate

If youā€™d like to contribute, weā€™re more than happy to accept community remediations via pull requests.

Discuss on Twitter ā€¢ View on GitHub