Trility was hired to help this client with two problems. The client teams were deploying existing and new AWS resources that were non-compliant and lacked the required tags for cost reporting.
The client had also implemented Prisma, a third-party security scanning tool to auto-remediate issues discovered in AWS accounts. Due to the client’s organizational structure, they had two separate teams configuring and maintaining Prisma and the AWS environment, which led to a disconnect of the data shared, synced, and documented between the teams, Prisma, and environments.
In addition, Prisma required administrative-level access to those accounts, which was not feasible for the client’s government contracts that fell under classified and national security standards.
To address non-compliant resources, the team created an on-demand reporting script that scans and logs resources without the required tags and removes them. By using Service Control Policies, the team prevented the creation of EC2, RDS, and other resources. Trility also used AWS Config to create rules and events to remediate tagging issues of S3 resources.
For the Prisma customization, the chosen solution was to build a Lambda function inside AWS that receives and reads the alerts, and then it takes corrective action inside the account. For the client’s lower-level accounts, it was decided to allow Lambda to fix issues such as user accounts and security groups – Prisma’s recommended approach. For the higher-level accounts under the government contracts, it was restricted to a specific set of functions.
The client achieved verifiable compliance and cost-control reporting by enforcing AWS tagging across the organization. The solution enabled development teams to keep working by remediating the tagging issues in a timely fashion. A tiered customization of Prisma allowed the client to realize the business value and achieve a return on investment for the security scanning and auto-remediation tool.
The tiered solution allowed for:
Auto-remediate issues as much as possible
Receive alerts when “human review and action” is needed
Leverage a targeted way to address each AWS account based on security level
Read about other projects Trility has delivered.
Explore the latest insights, ideas, and perspectives from Trility's team.