Benchmark: BP03 Automate detection of unintended data access


Use tools such as Amazon GuardDuty to automatically detect suspicious activity or attempts to move data outside of defined boundaries. For example, GuardDuty can detect Amazon Simple Storage Service (Amazon S3) read activity that is unusual with the Exfiltration:S3/AnomalousBehavior finding. In addition to GuardDuty, Amazon VPC Flow Logs, which capture network traffic information, can be used with Amazon EventBridge to detect connections, both successful and denied. Amazon S3 Access Analyzer can help assess what data is accessible to who in your Amazon S3 buckets.


Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-well-architected

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select BP03 Automate detection of unintended data access.

Run this benchmark in your terminal:

powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec09_bp03

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec09_bp03 --share