AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
MQ Brokers Has Cloudwatch Audit Logging.
More Info:
This rule checks if Amazon MQ brokers have Amazon CloudWatch audit logging enabled. The rule is NON_COMPLIANT if a broker does not have audit logging enabled.
Risk Level
Low
Address
Monitoring
Compliance Standards
CBP,GDPR,HIPAA,ISO27001,SEBI
Triage and Remediation
Remediation
To remediate the misconfiguration of MQ Brokers having CloudWatch audit logging enabled for AWS Security Groups using the AWS console, follow these steps:
-
Access AWS Console: Log in to your AWS Management Console using your credentials.
-
Navigate to Amazon MQ Service: Go to the Amazon MQ service by either searching for it in the AWS services search bar or locating it under the “Messaging & Queueing” section.
-
Select the MQ Broker: Select the MQ Broker for which you want to remediate the CloudWatch audit logging configuration.
-
Modify Broker: Click on the “Actions” dropdown menu and select “Modify Broker”.
-
Update Broker Configuration: In the “Broker Details” section, scroll down to the “Logs” section.
-
Disable CloudWatch Audit Logging: Locate the “CloudWatch Audit Logging” option and disable it by unchecking the box or selecting “Disabled” from the dropdown menu.
-
Save Changes: Scroll to the bottom of the page and click on the “Modify” button to save the changes.
-
Verify Configuration: Once the changes are saved, verify that CloudWatch audit logging is disabled for the MQ Broker by checking the broker’s configuration settings.
By following these steps, you will successfully remediate the misconfiguration of MQ Brokers having CloudWatch audit logging enabled for AWS Security Groups using the AWS console.
To remediate the misconfiguration of MQ Brokers having CloudWatch audit logging enabled for AWS Security Groups using AWS CLI, follow these steps:
-
Identify the AWS Security Groups associated with the MQ Brokers:
- Run the following AWS CLI command to list all the AWS Security Groups associated with the MQ Brokers:
aws mq list-brokers - Note down the Security Group IDs associated with the MQ Brokers.
- Run the following AWS CLI command to list all the AWS Security Groups associated with the MQ Brokers:
-
Disable CloudWatch audit logging for the identified Security Groups:
- Run the following AWS CLI command for each Security Group ID to disable CloudWatch audit logging:
aws mq update-broker --broker-id <BROKER_ID> --logging { "audit": false }
Replace
<BROKER_ID>with the actual ID of the MQ Broker associated with the Security Group. - Run the following AWS CLI command for each Security Group ID to disable CloudWatch audit logging:
-
Verify the changes:
- Run the following AWS CLI command to describe the MQ Broker and verify that CloudWatch audit logging is disabled for the Security Group:
aws mq describe-broker --broker-id <BROKER_ID>
Replace
<BROKER_ID>with the actual ID of the MQ Broker associated with the Security Group. - Run the following AWS CLI command to describe the MQ Broker and verify that CloudWatch audit logging is disabled for the Security Group:
-
Repeat for other Security Groups:
- If there are multiple Security Groups associated with the MQ Brokers, repeat steps 2 and 3 for each Security Group.
By following these steps, you can remediate the misconfiguration of MQ Brokers having CloudWatch audit logging enabled for AWS Security Groups using AWS CLI.
To remediate the misconfiguration of MQ Brokers having CloudWatch audit logging enabled for AWS Security Groups using Python, you can follow these steps:
-
Identify the Security Groups: First, you need to identify the Security Groups associated with your MQ Brokers.
-
Disable CloudWatch Audit Logging: You can use the AWS SDK for Python (Boto3) to disable CloudWatch audit logging for the identified Security Groups. Here is a sample Python code snippet to achieve this:
import boto3
# Initialize the AWS clients
ec2_client = boto3.client('ec2')
# Specify the Security Group IDs of the MQ Brokers
security_group_ids = ['sg-12345678', 'sg-87654321']
# Disable CloudWatch Audit Logging for each Security Group
for sg_id in security_group_ids:
response = ec2_client.modify_flow_logs(
DeliverLogsPermissionArn='',
LogGroupName='',
ResourceIds=[sg_id],
ResourceType='VPC',
TrafficType='ALL',
LogDestinationType='cloud-watch-logs',
LogDestination=''
)
print(f"CloudWatch Audit Logging disabled for Security Group {sg_id}")
- Run the Python Script: Save the above Python script in a file (e.g.,
remediate_security_groups.py) and execute it using Python. Make sure you have the necessary IAM permissions to modify the Security Groups.
By following these steps and executing the Python script, you can remediate the misconfiguration of MQ Brokers having CloudWatch audit logging enabled for AWS Security Groups.