7 min read

AWS Compliance Reporting

August 12, 2020

AWS Compliance Reporting

We are pleased to announce the general availability of Compliance Reporting.  Hava's new reporting module centred around the AWS trusted advisor methodology is available on selected subscription plans and self hosted enterprise solutions.

The compliance reports run daily and identify potential resource configuration issues that do not meet AWS best practices.

The reporting module can be accessed via a link in the menu bar of your Hava dashboard.

Hava Dashboard showing AWS Compliance Reporting Menu

Once selected the reports dashboard is opened showing the available reports for each AWS account connected to your hava.io data sources

Hava Dashboard showing AWS Compliance Reports

Selecting the required compliance report will open up the detailed report showing

  • An Account Summary
  • Region usage (Map)
  • Graphs Summary
  • Findings

AWS Compliance Report Header

AWS Compliance Reporting - Region Usage

The region usage section of the AWS compliance reports display a world map with the locations of the regions detected in your AWS account configuration. 

The report also displays a table of all known available regions and indicates whether your network configuration is using them or not. Given the importance of load speed and latency this section of the report can highlight where gains can be made when comparing to the location of your application users.

The region report will also demonstrate that your data is stored in appropriate geographical locations in line with local data security compliance regimes like GDPR. 

Havas AWS Compliance Report Regions Map

AWS Compliance Reporting - Graph Summary

Hava's AWS compliance report includes a number of interactive graphs. The first of which is the Resources by Region.

This graph details and totals the resources found in each active region in your AWS configuration.

Hava AWS Compliance Report Resources by Region

The check boxes beneath the graph enable you to turn on/off inclusion of particular resource type in the graph.

Hovering over coloured sections of the bars will pop out an information box with details that relate to that section of the graph.

AWS Compliance Report Resources Chart

In the top right hand corner of each graph is a dotted icon that allows you to export just the selected graph to your choice of xls, csv, png or jpeg formats.

Export AWS Compliance Report

 

AWS Compliance Reporting - Total Resources Graph

As the name suggest the next graph on the report the "Total Resources" graph details resources totalled by resource type.  The same hover and export functionality is available for this graph.

Hava AWS Best Practice Compliance Report

IAM Users and Roles

The final AWS Compliance graph in the series details the number of active and inactive IAM users and roles discovered in your AWS source account.

No account specific details are displayed, only the number of user and roles found and whether they are active or not. From an AWS best practice and security perspective, removing inactive or unused IAM credentials assists in the overall security of your cloud infrastructure.

AWS Compliance Report showing IAM Users and Roles

As with the other interactive graphs, you are able to toggle on/off visibility of both active and inactive users and roles.

AWS Compliance Reporting - Best Practice Findings

The next section of the report runs through your resources and applies AWS Trusted Advisor style analysis which is visualised as either Informational, or a Low, Medium or High concern level.

This report section starts with a pie chart visualization of the resource types and the percentage of concern levels associated with each resource group.

AWS Compliance Reporting Best Practice Findings Graph

This chart is also interactive and exportable.  Selecting a section of the chart will reveal details about the number, size and gravity of the findings. On the example above, the centre wheel represents the overall number of findings.

Selecting the "Medium" segment for instance, reveals that 4 medium level findings (22.2% of the overall findings) were discovered.

AWS Compliance Findings Graph in Detail

The remainder of the report goes into detail on the nature of each of the findings that make up the above graph. 

If we take a look at one of the four medium level findings we can see a summary of a "IMDSv2 not enforced" finding. Clicking the "more..." option reveals the configuration/policy that caused the warning. 

AWS Compliance Reporting Detailed Medium Findings

An example of a critical "High" level finding is reported in this example against EC2

AWS Compliance Reporting High Level Findings

Low level findings typically make up the bulk of discovered potential configuration improvements like the following:

AWS Compliance Reporting Low Level Best Practice Findings For presentation, audit and archive purposes the entire compliance report can be exported to PDF by selecting the 'Export' function in the top right of the report.

How to Export AWS Compliance Report PDFThe details in the findings revealed by the 'more...' option in the report will be expanded in the exported PDF document.

Resources / Services reported on

Hava's Compliance reporting currently includes the following services:

Service / Resource Name
Access Analyzer
API Gateway
Autoscaling
Cloudformation
Cloudfront
Cloudsearch
Cloudtrail
Cloudwatch
Config
Directconnect
EC2
ECR
ECS
EFS
EKS
ElastiCache
Elastic Beanstalk
ELB
ELBv2
ES
Events
Firehose
Glacier
GuardDuty
IAM
KMS
Lambda
Lightsail
Logs
Organizations
RDS
RedShift
Route53
S3
Secrets Manager
SNS
SQS
STS

 

The AWS compliance reporting tool is now generally available as part of as part of the suite of Hava's automated network topology diagramming and security visualization tools that enable cloud engineers and DevOps teams to easily visualize their AWS, Azure and GCP cloud environments.

Hava's automated methodology not only ensures your network topology documentation is always up to date, it also detects changes and records a full version history that is fully interactive and can be inspected in detail as soon as you connect your cloud accounts to Hava.

Available in both an easy hands-free SaaS version or as a fully self-hosted enterprise solution Hava continues to be the hands-free cloud documentation choice of top dev teams across the globe.

You can check out the new reporting module starting with the AWS compliance report as well as all the automated diagrams, unique AWS security visualization and version history by contacting us or taking Hava for a free 14 day trial here:

Try Hava For Free Today!

 

Team Hava

Written by Team Hava

Featured