Risk Level: Low
Description
This plugin ensures that Amazon Organizations service is currently in use to gain central control over the use of AWS services across multiple AWS accounts (using Service Control Policies) in order to help you comply with the security and compliance policies within your company.
About the Service
AWS Organizations: AWS Organizations helps organize and control multiple AWS accounts of your organization under the same service. As per the AWS documentation, it also gets integrated with other AWS services so you can define central configurations, security mechanisms, audit requirements, and resource sharing across accounts in your organization.
Impact
AWS Organizations provide required control to manage and audit resource usage across multiple accounts. It is recommended that AWS Organization is in use for your account with “All Features Enabled” to make sure your organization is following compliance standards.
Steps to Reproduce
Using AWS Console-
- Log In to your AWS Console.
- Open the Amazon Organizations Console. You can use this link (https://console.aws.amazon.com/organizations/) to navigate directly if already logged in.
- If the Getting Started page is displayed, the vulnerability exists.
- Repeat steps for all the accounts you wish to examine.
Steps for Remediation
Create an organization (with All features set enabled) using your current AWS account as the master account then invite other accounts to join your organization.
- Log In to your AWS Console.
- Open the Amazon Organizations Console. You can use this link (https://console.aws.amazon.com/organizations/) to navigate directly if already logged in.
- Click on Create Organization from the Getting Started page.
- Follow the steps to create a new organization and add other accounts by sending them invites. Make sure to Enable All Features to get the complete benefit of AWS Organization.
- For further details, refer to this documentation of AWS.