Service Screener

MSR baseline checks

At AWS, security is our top priority. Partner Migration Security Requirements (MSR) is an APJ Core team initiative to help our partners migrate their custom's workloads securely to AWS.

MSR details security requirements that partners should implement controls for, in line with 5 core security themes of identity and access management, 61 logging and monitoring, infrastructure security, data protection, and incident response. clubbed with additional best practices. MSR will be used by both internal stakeholders like Migration PSA's, relevant account teams and external stakeholders like consulting, migration, and GSI partners to elevate the security posture of workloads being migrated to cloud and ensure ongoing elevated security posture.
Read more

Summary: [Not available:34] | [Compliant:20] | [Need Attention:15]

Breakdown

Framework. MSR baseline checks

Category	Rule ID	Compliance Status	Description	Reference
CW.	1	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
CW.	2	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
CW.	3	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
CW.	4	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
CD.	1	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IAM.	1	Need Attention	[ManagedPolicyFullAccessOneServ] - Limit permissions. [GLOBAL]Role::CodeStarWorker-dojo-ToolChain, Role::OrthancRole [FullAdminAccess] - Limit permissions. [GLOBAL]Role::AWSReservedSSO_AWSAdministratorAccess_fae89f7963febc98, Role::DojoEC2AdminRole, Role::EC2AdminRole, Role::itadmin, Role::OrganizationAccountAccessRole, Role::PACICloudFormationStackSetExecutionRole, Role::ServiceScreenerAutomationRole, Role::stacksets-exec-7ca18804340a75b25a831ca17fba8659 [InlinePolicyFullAccessOneServ] - Limit access in policy [GLOBAL]Role::Cognito_dojoIdPAuth_Role, Role::Cognito_dojoIdPUnauth_Role [InlinePolicyFullAdminAccess]	AWS Docs AWS Docs Organization GuardRail Blog AWS Docs
IAM.	2	Compliant	[rootConsoleLogin30days] [rootConsoleLoginFail3x]
IAM.	3	Compliant	[rootHasAccessKey]
IAM.	4	Need Attention	[rootMfaActive] - Enable MFA on root user [GLOBAL]User::root_id	AWS MFA IAM Best Practices
IAM.	5	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IAM.	6	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
DP.	1	Need Attention	[MacieToEnable] - Enable Macie [ap-southeast-1]Macie [us-east-1]Macie	Getting started with Amazon Macie
DP.	2	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
DP.	3	Compliant	[PublicAccessBlock]
DP.	4	Need Attention	[BucketVersioning] - Enable Versioning [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs Manage Versioning Example
DP.	5	Need Attention	[MFADelete] - Enable MFA Delete [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	Prevention for Accidental Deletions on S3 AWS Docs
DP.	6	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
DP.	7	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
DP.	8	Compliant	[DBwithoutSecretManager] [DBwithSomeSecretsManagerOnly] [Secret__NoRotation] [Secret__NotUsed7days]
DP.	9	Compliant	[ServerSideEncrypted]
DP.	10	Compliant	[lambdaPublicAccess]
DP.	11	Compliant	[KeyRotationEnabled]
DP.	12	Compliant	[AdminIsGrantor]
DP.	13	Compliant	[SnapshotRDSIsPublic] [snapshotEBSIsPublic]
DP.	14	Compliant	[ELBSGRulesMatch]
DP.	15	Compliant	[SQLServerEOL]
DP.	16	Compliant	[PubliclyAccessible] [SecurityGroupIPRangeNotPrivateCidr]
LM.	1	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
LM.	2	Compliant	[NeedToEnableCloudTrail]
LM.	3	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
LM.	4	Need Attention	[CloudWatchLogsLogGroupArn] - CloudWatch for CloudTrail [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Using CloudWatch Logs with CloudTrail
LM.	5	Compliant	[HasOneMultiRegionTrail]
LM.	6	Need Attention	[MacieToEnable] - Enable Macie [ap-southeast-1]Macie [us-east-1]Macie	Getting started with Amazon Macie
LM.	7	Need Attention	[EnableTrailS3BucketLogging] - Enable S3 Bucket Logging [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Configure S3 Logging Resilience in CloudTrail
LM.	8	Need Attention	[EnableTrailS3BucketMFADelete] - Enable MFA delete [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	S3 Enable MFA Delete Delete with MFA enabled file in S3
LM.	9	Compliant	[ServerSideEncrypted]
LM.	10	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
LM.	11	Need Attention	[supportPlanLowTier] - Subscribe to the AWS Business Support tier (or higher) [GLOBAL]Account::Config	AWS Support Plan Guide
LM.	12	Need Attention	[BucketLogging] - Enable Server Access Logging [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs
LM.	13	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
LM.	14	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
LM.	15	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IP.	1	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IP.	2	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IP.	3	Compliant	[enableGuardDuty]
IP.	4	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IP.	5	Compliant	[EC2InstanceAutoPublicIP]
IP.	6	Compliant	[EC2SubnetAutoPublicIP]
IP.	7	Need Attention	[WAFAssociation] - Use Web Application Firewall (WAF) for enhanced security. [GLOBAL]Cloudfront::E2X390QMMYIRUF [ELBEnableWAF]	AWS Docs Developer Guide
IP.	8	Need Attention	[EnableTrailS3BucketMFADelete] - Enable MFA delete [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	S3 Enable MFA Delete Delete with MFA enabled file in S3
IP.	9	Compliant	[DBwithoutSecretManager] [DBwithSomeSecretsManagerOnly] [Secret__NoRotation] [Secret__NotUsed7days]
IP.	10	Need Attention	[SGDefaultDisallowTraffic] - Default Security Group with Rules [ap-southeast-1]SG::sg-34753642 [us-east-1]SG::sg-9b3e45a4 [SecurityGroupDefault]	VPC default security group rules
IP.	11	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IP.	12	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IP.	13	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IP.	14	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IP.	15	Compliant	[ASGIMDSv2]
IP.	16	Need Attention	[lambdaRuntimeUpdate] - Runtime Update Available [ap-southeast-1]Lambda::isengard-create-vpc-endpoints-for-ssm, Lambda::webScrapNew, Lambda::webScrapper, Lambda::isengard-create-inventory-association, Lambda::testFunction, Lambda::isengard-set-default-instance-role, Lambda::isengard-set-default-patch-baseline [us-east-1]Lambda::isengard-set-default-instance-role, Lambda::isengard-create-vpc-endpoints-for-ssm, Lambda::isengard-set-default-patch-baseline, Lambda::isengard-create-inventory-association	Lambda runtimes
IR.	1	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IR.	2	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IR.	3	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IR.	4	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IR.	5	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IR.	6	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IR.	7	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IR.	8	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IR.	9	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IR.	10	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.
IR.	11	Not available	Please refer to the Partner Security Requirement (PSR) ID section for further details in the main sheet in the Partner Migration Security Requirements (MSR) sheet. Kindly upload the artefacts in the Artefacts tabs in the MSR sheet corresponding to the respective PSR ID.