Streamlining AWS Resource Audits: Foghorn’s Terraform-Powered Solution for Centralized Security Assessments

One of Foghorn’s customers, a federal bank, found itself facing a significant challenge: the centralized management and security assessment of AWS resources across multiple accounts.

In the context of managing AWS resources across multiple accounts, a significant challenge emerged for the company: the need to centralize security assessments and conduct regular audits. To tackle this issue, Foghorn proposed a comprehensive solution leveraging Terraform’s automation capabilities. Their approach aimed to streamline the deployment and configuration of Conformance Packs, comprising both Managed Rules and Custom Rules for auditing AWS resources.

The solution involved the thoughtful integration of various AWS services, seamlessly merging with the existing version control and CICD pipelines. This well-designed framework encompassed essential AWS services, including IAM for access management, Organizations for centralized account governance, Config for resource compliance monitoring, Lambda for executing custom audit checks, S3 for secure and scalable storage, and KMS for encryption and key management.

Furthermore, Foghorn capitalized on the power of third-party solutions, with Terraform at the forefront. By harnessing the capabilities of Terraform, Foghorn achieved automation, repeatability, and scalability throughout the deployment and configuration processes.

Foghorn successfully delivered Terraform templates that combined in-house modules and Organization Conformance Pack resources. These templates enabled the auditing of AWS resources within the accounts associated with the primary Organization Unit. By deploying three Conformance Packs based on CIS 1.4 Level 1, Security Best Practices, and Operational Best Practices, Foghorn ensured comprehensive coverage. Additionally, they implemented an AWS Config Custom Rule specifically designed to audit SSL Policies attached to AWS load balancers. All audit results were meticulously uploaded to a customer-managed, private, and KMS-encrypted S3 bucket, guaranteeing data security.

Throughout the project journey, Foghorn and the company learned valuable lessons. They discovered the abundance of useful resources provided by AWS, offering diverse templates that served as references for tailoring Conformance Packs to specific client needs. This insight empowered them to fine-tune the solution, ensuring its relevance and effectiveness in meeting unique requirements. By capitalizing on these learnings, Foghorn further solidified its expertise and commitment to delivering optimal outcomes for its clients.

In conclusion, Foghorn’s innovative approach, fueled by Terraform’s automation capabilities and complemented by various AWS services, successfully addressed the challenge of centralizing security assessments and conducting regular audits across multiple AWS accounts. The collaboration between Foghorn and the company resulted in an efficient and scalable solution that enhanced resource governance, compliance, and overall security.