Budget Friendly ISO27001/SOC2 Compliant Environments for AWS

Table of Contents Budget Friendly ISO27001/SOC2 Compliant Environments for AWS Table of Contents The Need The Problem Isolating or Removing Default VPCs, Subnets and Security Groups on all Regions Controls & Requirements Met Motivation Approach Allow Flow Logs in VPCs in all Regions, send to a S3 bucket, and query with Athena Controls & Requirements Met Motivation Approach Allow Cloudtrail on all Accounts, send to Cloudwatch or S3 to be queried by Athena Controls & Requirements Met Motivation Approach Enforce KMS Encryption to all EBS Volumes and S3s with Key Rotation Controls & Requirements Met Motivation Approach Remove all Access and Secrets Keys from IAM Controls & Requirements Met Motivation Approach Remove SSH access from instances Controls & Requirements Met Motivation Approach Restrict Security Groups Inbounds Controls & Requirements Met Motivation Approach Restrict network access with NACLS in VPCs Controls & Requirements Met Motivation Approach Object Locks and Protect Key De