AWS Security Audit Checklist: What to Check in Your Account
The checks that actually matter. How to run them without the noise.
Most AWS security issues aren't zero-day exploits. They're misconfigurations. Port 22 open to the internet. Root account with no MFA. An S3 bucket that should be private but isn't.
The checks aren't complicated. The problem is there are a lot of them. AWS surfaces findings across GuardDuty, Security Hub, Trusted Advisor, IAM, and more. By the time you've read through all of it, you don't know what's actually a problem and what's just noise.
What actually matters
Root account MFA. If it's off, nothing else matters. Turn it on first.
Security groups with 0.0.0.0/0 on port 22 or 3389. SSH and RDP open to the entire internet. This is how accounts get brute-forced. Restrict to your IP or use SSM Session Manager instead.
IAM access keys older than 90 days. Old keys are forgotten keys. Forgotten keys are risk. Rotate or deactivate.
Public S3 buckets. Check the Access column in S3. Any showing "Public" should be intentional. Enable Block Public Access at the account level to prevent accidents.
CloudTrail off. Without it, you have no record of what happened if something goes wrong. Should be on for all regions.
GuardDuty disabled. It watches for suspicious activity across your account automatically. First 30 days free. Worth enabling.
The problem with doing this manually
You can check all of this yourself. IAM console for the keys and MFA. EC2 console for security groups. S3 for bucket permissions. CloudTrail console. GuardDuty console. Trusted Advisor.
That's 6 different places. Trusted Advisor alone might show 20+ items, most of them low priority. You end up spending more time reading findings than fixing things.
How to do this in Liberra
Connect your AWS account. Go to the Security page in Liberra. It scans your account and pulls all the findings together in one place.
Then just ask the AI: "What are the actual security issues I should care about?" It cuts through the noise. It knows your account. It can tell you which findings are critical, which ones are low risk, and what to fix first.
"Any security groups open to the internet?" Instant answer with the specific group names and rules. "Is my root account secure?" Checks MFA, checks whether root is being used at all. "What IAM issues do I have?" Surfaces the keys, the overpowered users, the missing MFA.
Same checks. No jumping between consoles. No reading through 20 findings to find the 2 that matter.
— Founder, LiberraAI