AWS Security Automation

This is a collection of scripts and resources designed for DevSecOps, Security Automation, and Automated Incident Response Remediation. IAM Access Denied Responder: This example solution sets up an automated response to an access denied event that occurs within a CloudTrail event, a failed authentication attempt to the AWS console, or a Client.UnauthorizedOperation event. EC2 Auto Clean Room Forensics: This example solution takes an instance ID from an SNS topic and uses a series of AWS Lambda functions coordinated by AWS Step Functions to automatically notify, isolate, and perform basic forensics on the identified instance. CloudTrailRemediation: This demo script automatically restarts CloudTrail.

to prevent the activation of CloudTrail without identifying the user responsible for the action

This is a demo script designed to automatically create and attach a virtual Multi-Factor Authentication (MFA) device to any newly created AWS Identity and Access Management (IAM) user.

The user can retrieve the MFA Seed by themselves using the AWS CLI. Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the 'License'). You may not use this file except in compliance with the License. A copy of the License is available.