Introduction

As cloud computing platforms like AWS become increasingly widespread, organisations are embracing them for their flexibility and autonomy in managing workloads and services. AWS, in particular, offers a robust infrastructure, flexible migration services that allows businesses to take control of their infrastructure destiny either on-site, hybrid or in the cloud. However, with the growing adoption of cloud services, the threat landscape also expands, necessitating effective vulnerability management tools.

Most existing vulnerability management tools require manual intervention, where engineers must address each vulnerability individually. As workloads grows, the more effort is required to perform these actions. AWS provides tools like AWS Inspector and AWS Systems Manager (SSM) amongst to assess and manage software vulnerabilities and unintended network exposures. Amazon Inspector, for instance, uses the SSM agent to collect software inventory from connected resources (EC2, ECR, and Lambda), scans this data, and identifies software vulnerabilities, a crucial step in vulnerability management.

The Need for Automation

In today's fast-paced digital environment, manual vulnerability management is not only time-consuming but also prone to human error. As organizations scale their cloud infrastructure, the number of vulnerabilities that need to be managed grows exponentially, this is where automation becomes essential. Automating the vulnerability remediation process ensures that security patches are applied consistently and promptly, reducing the risk of exploitation.

Introducing vulne-soldier

Here we present vulne-soldier, an AWS EC2 vulnerability remediation tool designed to automate the process of patching nodes managed by AWS Systems Manager. With a cup of coffee in hand, we package vulne-soldier as a gift to every organization and cloud professional concerned about the security of their systems.
Take for example security issues like the CrowdStrike outage (due to software updates) or Log4j vulnerability (CVE-2021-44228), they were critical vulnerabilities that affected many applications, and the need to patch then were urgent. With a tool like vulne-soldier via Amazon Inspector, the process of identifying and remediating such vulnerabilities would have been automated, reducing the risk of exploitation.

vulne-soldier leverages Amazon Inspector findings for EC2 instances, using resource tags and finding severity to group and address vulnerabilities. It automates the remediation process by applying patches only to the affected EC2 instances, making vulnerability management as simple as possible.

Key Features

• Automated Remediation: Uses AWS Systems Manager Patch Manager to automate the patching process.
• Integration with Amazon Inspector: Gathers findings from Amazon Inspector and groups them by severity.
• Targeted Patching: Applies patches only to affected EC2 instances based on resource tags and severity levels.
• Terraform Integration: Provisions all necessary resources using Terraform, ensuring a seamless deployment process.

How It Works

1. AWS Inspector Findings: Amazon Inspector scans EC2 instances and identifies vulnerabilities.
2. Grouping by Severity: vulne-soldier groups the findings by severity levels (e.g., CRITICAL, HIGH).
3. Automated Patching: Uses AWS Systems Manager Patch Manager to apply patches to the affected instances.
4. Terraform Provisioning: Deploys the necessary resources using Terraform, ensuring a consistent and repeatable setup.

Using vulne-soldier

Download lambda

To apply the terraform module, the compiled lambdas (.zip files) need to be available locally. They can either be downloaded from the GitHub release page or built locally.

The lambdas can be downloaded manually from the release page or by building the Lambda folder using Node.

For local development you can build the lambdas at once using /lambda or individually using npm zip.

Here is an example configuration for deploying the vulne-soldier module:

module "remediation" {
  source  = "iKnowJavaScript/vulne-soldier/aws"
  version = "1.0.2"

  name             = "vulne-soldier-compliance-remediate"
  environment      = "dev"
  aws_region       = "us-east-1"
  account_id       = "2132323212"
  lambda_log_group = "/aws/lambda/vulne-soldier-compliance-remediate"
  lambda_zip       = "../../lambda.zip"
  remediation_options = {
    region                                     = "us-east-1"
    reboot_option                              = "NoReboot"
    target_ec2_tag_name                        = "AmazonECSManaged"
    target_ec2_tag_value                       = "true"
    vulnerability_severities                   = ["CRITICAL", "HIGH"]
    override_findings_for_target_instances_ids = []
  }
}

provider "aws" {
  region = "us-east-1"
}

Triggers Remediation Process

On successful deployment, navigate to the AWS Systems Manager console and search for the SSM document created by the module (vulne-soldier-compliance-remediate-inspector-findings) or similar. You can trigger the remediation process by running the document on the affected EC2 instances. You can also create an AWS CloudWatch event rule to automate the process based on AWS Inspector findings.

Conclusion

vulne-soldier simplifies the process of managing and remediating vulnerabilities in AWS EC2 instances. By automating the patching process and integrating seamlessly with AWS Inspector, it enables you to scale your cloud security as your infrastructure grows with minimal manual intervention. Deploy vulne-soldier today and take control of your cloud security.

Links;

• GitHub repository
• GitHub Releases
• vulne-soldier Terraform Module
• Terraform Installation guide