In this section we will look at how to monitor privileged actions as you build your certificate management infrastructure. We will study two scenerios. The creation of a CA Certificate and mass revocation of end entity certificates.
-
Assume the role named CaAdminRole by using switch role on the AWS console in the AWS account that you are currently logged into
-
If you are not familiar with switching roles, follow this tutorial if needed: Assume Role in Console
Creating a CA Certificate is a privileged action that should only be taken by authorized personnel within the CA Hierarchy Management team. For this reason we want to monitor the creation of any CA Certificate within our hierarchy.
To do this we will check the findings within Security Hub: View results.
This scenario shows a developer revoking many end-entity certificates within a short period of time. We want to monitor and notify the security team if this type of privileged action takes place in order to investigate.
First we will act as the Developer by creating and then revoking many certificates at once: Mass revocation
5. Quiz time. Open this link in a new browser tab : Quiz
We will navigate to Security Hub in order to monitor revocation of certificates: View results