Securing Your AWS Infrastructure: Deploying AWS Security Services with Terraform

wilklins

Wilklins Nyatteng

Posted on March 15, 2023

Securing Your AWS Infrastructure: Deploying AWS Security Services with Terraform

In today's digital age, security is of paramount importance. This is especially true when it comes to cloud-based services, such as those offered by Amazon Web Services (AWS). Thankfully, AWS provides a wide range of security services to help protect your organization's data and applications.
One way to deploy these security services is by using Terraform.
Terraform is an open-source infrastructure as code software tool that allows you to provision and manage your infrastructure resources using code. In this article, we'll take a closer look at how we can use Terraform to deploy AWS security services.

Before we begin, we'll need to ensure that you have Terraform and the AWS CLI installed on your local machine. Once you've done that, you can start by creating a new Terraform configuration file.

Configuring AWS Security Services Using Terraform

Let's start with an example of deploying an AWS security service using Terraform. In this example, we'll deploy Amazon GuardDuty, which is a threat detection service that continuously monitors your AWS environment for malicious activity.
To get started, create a new file named main.tf and add the following code:

From the code examples I've used wm as my name initials

provider "aws" {
  region = "us-east-1"
}

resource "aws_guardduty_detector" "wm" {
  enable = true

  tags = {
    Name = "wm-guardduty-detector"
  }
}
Enter fullscreen mode Exit fullscreen mode

In this code, we're telling Terraform to use the AWS provider for the us-east-1 region, and to create a new GuardDuty detector resource with the name "wm-guardduty-detector". Note that we've set the enable attribute to true to ensure that the detector is enabled.
Next, we need to initialize Terraform by running the following command:

terraform init
Enter fullscreen mode Exit fullscreen mode

This will download the necessary providers and plugins to deploy our configuration.
Now, let's apply the configuration by running the following command:

terraform apply
Enter fullscreen mode Exit fullscreen mode

Terraform will prompt you to confirm that you want to apply the changes. Type "yes" to proceed.
Once the command completes, you should see the following output:

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Enter fullscreen mode Exit fullscreen mode

Congratulations.... You've successfully deployed a GuardDuty detector using Terraform.

Deploying Other AWS Security Services

Now that you have an idea of how to deploy AWS security services using Terraform, let's take a look at a few more examples.

AWS Config

AWS Config is a service that provides a detailed inventory of your AWS resources and their current configuration. This can be useful for monitoring compliance and detecting configuration drift.
To deploy AWS Config, add the following code to your main.tf file:

resource "aws_config_configuration_recorder" "wm" {
  name = "wm-recorder"

  recording_group {
    all_supported = true
  }
}

resource "aws_config_delivery_channel" "wm" {
  name                 = "wm-channel"
  s3_bucket_name       = "wm-bucket"
  sns_topic_arn        = "wm-topic"
  snapshot_delivery_properties {
    delivery_frequency = "One_Hour"
  }
}
Enter fullscreen mode Exit fullscreen mode

We're creating a new AWS Config recorder and delivery channel. Note that you'll need to replace the values for s3_bucket_name and sns_topic_arn with your own bucket and topic ARNs.

AWS WAF

AWS WAF is a web application firewall that can be used to protect your web applications from common web exploits.
To deploy using Terraform, add this code to your main.tf file:

resource "aws_waf_web_acl" "wm" {
name = "wm-web-acl"

default_action {
type = "ALLOW"
}

rule {
name = "wm-rule"
priority = 1
action = "BLOCK"
block {
type = "REGULAR"
}
statement {
byte_match_statement {
field_to_match {
type = "URI"
}
positional_constraint = "CONTAINS"
search_string = "wm.com"
}
}
}
Enter fullscreen mode Exit fullscreen mode

Here we're creating a new AWS WAF web ACL with a rule that blocks requests containing the string "example.com" in the URI. You can modify this rule to suit your specific security requirements. 

AWS Security Hub 

AWS Security Hub is a security service that aggregates and prioritizes security alerts from various AWS services and third-party providers. To deploy AWS Security Hub using Terraform, add the following code to your main.tf file:

resource "aws_securityhub_account" "wm" {
enable_security_hub = true
}

resource "aws_securityhub_standards_subscription" "example" {
standards_arn = "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v1.0.0"
}
Enter fullscreen mode Exit fullscreen mode

We are enabling Security Hub for our AWS account and subscribing to the AWS Foundational Security Best Practices standard.
Note that you can subscribe to additional standards as needed.
Terraform provides several benefits, including:-
Infrastructure as code: Terraform allows you to define and manage your infrastructure resources using code, making it easy to version control, test, and automate your deployments.
Consistency: Terraform ensures that your infrastructure resources are consistently deployed across all environments, reducing the risk of configuration drift and human error.
Scalability: Terraform allows you to scale your infrastructure resources up or down as needed, making it easy to keep up with changing business needs.

Using Terraform to manage your AWS security services, you can take advantage of these benefits and more. AWS provides a wide range of security services to help protect your organization's data and applications. Using Terraform to deploy and manage these security services can help ensure that they are consistently and securely configured across your entire organization. By following AWS security best practices and regularly reviewing and updating your security configurations, you can stay ahead of the latest threats and keep your organization protected.

References
https://aws.amazon.com/security/
https://www.terraform.io/
https://aws.amazon.com/waf/
https://aws.amazon.com/security-hub/
https://registry.terraform.io/providers/hashicorp/aws/latest/docs
AWS Security Best Practices: https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf

💖 💪 🙅 🚩
wilklins
Wilklins Nyatteng

Posted on March 15, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related