AWS Account Security settings

Configure AWS Account Security settings for the DuploCloud Portal

Configuring Account Security Settings

To configure AWS Account Security settings, navigate to Administrator -> System Settings in the DuploCloud Portal and click the AWS Account Security tab.

Enable the settings listed in the table below by clicking the setting switch.

Settings Name Description

Settings Name	Description
Enable Security Hub	Enables AWS Security Hub in all AWS regions managed by DuploCloud
Enable Guard Duty	Enables AWS Guard Duty in all AWS regions managed by DuploCloud
Enable IAM Password Policy	Enables an account-level IAM User password policy, according to these password requirements: Minimum password length is 14 characters At least one uppercase letter from the Latin alphabet (A-Z) At least one lowercase letter from the Latin alphabet (a-z) At least one number (0-9) At least one non-alphanumeric character (*! @ # $ % ^ & ( ) _ + - = [ ] { } \| '**) Passwords expire in 90 days Users may change their passwords The last twenty-four (24) passwords are remembered by the system, to prevent reuse
Enable CloudTrail	Enables a multi-region CloudTrail for an AWS account. Enabling this feature: Creates and manages a multi-region CloudTrail for the AWS account in DuploCloud. Creates a CloudWatch log group named `/cloudtrail/duplo` that receives CloudTrail events. Creates and manages an S3 bucket that receives CloudTrail log files.
Enable Inspector	Enables AWS Inspector in any region where there is a public cloud infrastructure managed by DuploCloud
Ignore Default EBS Encryption	By default, DuploCloud enables EBS Default Encryption for all regions in which you deploy infrastructure. Enabling this setting allows DuploCloud to override the EBS Default Encryption settings when creating new Infrastructures. Note that you can still edit the `EBS Encryption by Default` setting to enable EBS encryption by default for your Infrastructure, for the entire AWS region, if needed.
Enable VPC Flow Logs	Enables VPC flow logs for all VPCs created by DuploCloud
Delete Default NACL Rule(s)	Deletes default NACL rules for all VPCs created by DuploCloud
Delete Default VPC(s)	Deletes default VPCs in all AWS regions managed by DuploCloud
Revoke Default Security Group Rule(s)	Revokes default Security Group rules for all VPCs created by DuploCloud
Globally Block Public Access to S3	Restricts Public access to S3 buckets
Configure SSL Policy to LBs	Contact a DuploCloud Administrator to configure this setting at the AWS system level.

Enable Security Hub

Enables AWS Security Hub in all AWS regions managed by DuploCloud

Enable Guard Duty

Enables AWS Guard Duty in all AWS regions managed by DuploCloud

Enable IAM Password Policy

Enables an account-level IAM User password policy, according to these password requirements:

Minimum password length is 14 characters
At least one uppercase letter from the Latin alphabet (A-Z)
At least one lowercase letter from the Latin alphabet (a-z)
At least one number (0-9)
At least one non-alphanumeric character (! @ # $ % ^ & * ( ) _ + - = [ ] { } | ')
Passwords expire in 90 days
Users may change their passwords
The last twenty-four (24) passwords are remembered by the system, to prevent reuse

Enable CloudTrail

Enables a multi-region CloudTrail for an AWS account. Enabling this feature:

Creates and manages a multi-region CloudTrail for the AWS account in DuploCloud.
Creates a CloudWatch log group named /cloudtrail/duplo that receives CloudTrail events.
Creates and manages an S3 bucket that receives CloudTrail log files.

Enable Inspector

Enables AWS Inspector in any region where there is a public cloud infrastructure managed by DuploCloud

Ignore Default EBS Encryption

By default, DuploCloud enables EBS Default Encryption for all regions in which you deploy infrastructure.

Enabling this setting allows DuploCloud to override the EBS Default Encryption settings when creating new Infrastructures. Note that you can still edit the EBS Encryption by Default setting to enable EBS encryption by default for your Infrastructure, for the entire AWS region, if needed.

Enable VPC Flow Logs

Enables VPC flow logs for all VPCs created by DuploCloud

Delete Default NACL Rule(s)

Deletes default NACL rules for all VPCs created by DuploCloud

Delete Default VPC(s)

Deletes default VPCs in all AWS regions managed by DuploCloud

Revoke Default Security Group Rule(s)

Revokes default Security Group rules for all VPCs created by DuploCloud

Globally Block Public Access to S3

Restricts Public access to S3 buckets

Configure SSL Policy to LBs

Contact a DuploCloud Administrator to configure this setting at the AWS system level.

PreviousSystem Security settings NextVanta Compliance Controls

Last updated 7 months ago

Settings Name	Description
Enable Security Hub	Enables AWS Security Hub in all AWS regions managed by DuploCloud
Enable Guard Duty	Enables AWS Guard Duty in all AWS regions managed by DuploCloud
Enable IAM Password Policy	Enables an account-level IAM User password policy, according to these password requirements: Minimum password length is 14 characters At least one uppercase letter from the Latin alphabet (A-Z) At least one lowercase letter from the Latin alphabet (a-z) At least one number (0-9) At least one non-alphanumeric character (*! @ # $ % ^ & ( ) _ + - = [ ] { } \| '**) Passwords expire in 90 days Users may change their passwords The last twenty-four (24) passwords are remembered by the system, to prevent reuse
Enable CloudTrail	Enables a multi-region CloudTrail for an AWS account. Enabling this feature: Creates and manages a multi-region CloudTrail for the AWS account in DuploCloud. Creates a CloudWatch log group named `/cloudtrail/duplo` that receives CloudTrail events. Creates and manages an S3 bucket that receives CloudTrail log files.
Enable Inspector	Enables AWS Inspector in any region where there is a public cloud infrastructure managed by DuploCloud
Ignore Default EBS Encryption	By default, DuploCloud enables EBS Default Encryption for all regions in which you deploy infrastructure. Enabling this setting allows DuploCloud to override the EBS Default Encryption settings when creating new Infrastructures. Note that you can still edit the `EBS Encryption by Default` setting to enable EBS encryption by default for your Infrastructure, for the entire AWS region, if needed.
Enable VPC Flow Logs	Enables VPC flow logs for all VPCs created by DuploCloud
Delete Default NACL Rule(s)	Deletes default NACL rules for all VPCs created by DuploCloud
Delete Default VPC(s)	Deletes default VPCs in all AWS regions managed by DuploCloud
Revoke Default Security Group Rule(s)	Revokes default Security Group rules for all VPCs created by DuploCloud
Globally Block Public Access to S3	Restricts Public access to S3 buckets
Configure SSL Policy to LBs	Contact a DuploCloud Administrator to configure this setting at the AWS system level.

Settings Name

Description