Control: 1.15 Ensure security questions are registered in the AWS account
Description
The AWS support portal allows account owners to establish security questions that can be used to authenticate individuals calling AWS customer service for support. It is recommended that security questions be established.
When creating a new AWS account, a default super user is automatically created. This account is referred to as the "root" account. It is recommended that the use of this account be limited and highly controlled. During events in which the Root password is no longer accessible or the MFA token associated with root is lost/destroyed it is possible, through authentication using secret questions and associated answers, to recover root login access.
Remediation
Perform the following in the AWS Management Console:
- Login to the AWS Account as root.
- Click on the
<Root_Account_Name>from the top right of the console. - From the drop-down menu Click My Account.
- Scroll down to the
Configure Security Questionssection. - Click on
Edit. - Click on each
Question.
- From the drop-down select an appropriate question
- Click on the
Answersection - Enter an appropriate answer.
- Follow process for all 3 questions
- Click
Updatewhen complete. - Place Questions and Answers and place in a secure physical location.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cis_v120_1_15Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cis_v120_1_15 --shareSQL
This control uses a named query:
manual_control