This control helps ensure devices, applications, and services are set up securely from the start and maintained that way over time. It reduces the ways an attacker can get in by disabling what is not needed, changing default credentials, and limiting exposed functionality.
SSH Keys that are available in an AWS account allow for provisioning of OpenSSH server and provide metadata information that can be utilised for research
AWS S3 Bucket Website Endpoints have been superseded by better architectural patterns bringing greater control and data protection
AWS S3 Buckets without a Bucket Policy are prone to insecure behaviour that does not meet modern security standards
Invalid AWS S3 Bucket Policies require replacement to a functioning policy to ensure that they provide provable security protection
Instances using SSH Keys are configured to run OpenSSH server leaving them exposed to OpenSSH attacks, lacking the features of other access methods and reinforcing the use of pet style infrastructure.
EC2 instances that do not exclusively utilise the IMDSv2 endpoints utilise a weaker version of IMDS issued credentials that lack a number of protections against theft and misuse.
Allowing public access to the EKS hosted Kubernetes API endpoint is a substantially worse security posture than utilising private API endpoints
Default VPCs are often insecure cloud environments providing ease of access rather than a secure posture, enabling implicit configurations with insecure defaults
