No problem. One of our customers was kind enough to grant permission for us to freely share a censored report for their AWS account.
Their account hosts online commerce solutions with server-less functions handling payment processing and customer list management and AWS Cloudfront handling all other traffic.
Whilst the account is not strictly insecure, the report highlights several ways to improve the security posture and the relevant resources.
Most importantly, it provides the reasoning behind these improvements and simple guidance for fixes:
I had no idea there were easy security solutions we could just add on or that we were sharing our content in places we don’t even operate. Finding out that we have infrastructure all over the world was a huge surprise. The visibility and clarity is just what I needed
Simply let us know where you want the report emailed and we’ll direct you to a link!