Control: 2.1 Maintain current contact details
Description
Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization.
An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of the Acceptable Use Policy or indicative of a likely security compromise is observed by the AWS Abuse team. Contact details should not be for a single individual, as circumstances may arise where that individual is unavailable. Email contact details should point to a mail alias which forwards email to multiple individuals within the organization; where feasible, phone contact details should point to a PABX hunt group or other call-forwarding system.
Remediation
This activity can only be performed via the AWS Console, with a user who has permission to read and write Billing information (aws-portal:*Billing).
From Console:
- Sign in to the AWS Management Console and open the
Billing and Cost Management
console at https://console.aws.amazon.com/billing/home#/. - On the navigation bar, choose your account name, and then choose Account.
- On the
Account Settings
page, next toAccount Settings
, chooseEdit
. - Next to the field that you need to update, choose
Edit
. - After you have entered your changes, choose
Save changes
. - After you have made your changes, choose
Done
. - To edit your contact information, under
Contact Information
, chooseEdit
. - For the fields that you want to change, type your updated information, and then choose
Update
.
From Command Line:
- Run the following command:
aws account put-contact-information --contact-information '{ "AddressLine1": "<AddressLine 1>", "AddressLine2": "<AddressLine 2>", "City": "<City>", "CompanyName": "<Company Name>", "CountryCode": "<Country Code>", "FullName": "<Full Name>", "PhoneNumber": "<Phone Number>", "PostalCode": "<Postal Code>", "StateOrRegion": "<State or Region>"}'
Default Value:
By default, AWS account contact information (email and telephone) is set to the values provided at account creation. These usually reference a single individual rather than a shared alias or group contact.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cis_v600_2_1
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cis_v600_2_1 --share
SQL
This control uses a named query:
select 'arn:' || partition || ':::' || account_id as resource, 'info' as status, 'Manual verification required.' as reason , account_idfrom aws_account;