Key Requirement & Challenges
The client was to establish a robust and automated solution to ensure the security and compliance of its AWS infrastructure across multiple regions and services. Specifically, the client needed a system that could:1. Leverage AWS Config to monitor and record the configurations of AWS resources continuously.
2. Implement AWS Config Rules with custom Lambda functions to check compliance status against internal security standards that are not available as pre-defined AWS Config rules.
3. Use EventBridge Rules to trigger a Lambda Orchestrator based on compliance findings and resource tags, such as the auto_remediation tag, which indicates whether auto-remediation should be performed.
4. Execute Automated Remediation using AWS Lambda functions and SSM documents for resources tagged with auto_remediation = Y.
5. Initiate Manual Remediation Actions by generating Jira tickets through a detection flow Lambda function for resources tagged with auto_remediation = N.
6. Store Logs and Exceptions in Amazon DynamoDB for tracking auditing and troubleshooting purposes.
7. Create a Delegated Config Admin Account with an Organization-level Config Aggregator to centralize compliance monitoring and view all AWS account details in a single dashboard.