security-assessment

# Security Assessment ## Step 1: Gather context Ask the user: > What workload or AWS environment would you like me to assess for security? Please share: > - **Architecture overview** (services, accounts, network topology) > - **Compliance requirements** (SOC2, HIPAA, PCI-DSS, FedRAMP, GDPR, etc.) > - **Current security tooling** (GuardDuty, Security Hub, WAF, etc.) > - **Known concerns** (optional) If context is already provided, proceed directly. ## Step 2: Assess Identity and Access Management Evaluate: - Is there a centralized identity provider? (IAM Identity Center, federation) - Are IAM policies following least privilege? (wildcards, overly broad permissions) - Are service roles scoped per function? - Is MFA enforced for human access? - Are long-lived credentials eliminated? (access keys vs roles) - Is cross-account access managed via Organizations and SCPs? ## Step 3: Assess Detection and Monitoring Evaluate: - Is CloudTrail enabled in all regions with log file validation? - Is GuardDuty active with findings routed to a response workflow? - Is Security Hub aggregating findings across accounts? - Are VPC Flow Logs, DNS logs, and S3 access logs enabled? - Are security-relevant CloudWatch alarms configured? (root login, unauthorized API calls) - Is there automated alerting for configuration drift? (Config Rules) ## Step 4: Assess Infrastructure Protection Evaluate: - Are VPCs segmented with private subnets for workloads? - Are security groups and NACLs following ...