A deep dive into surfacing and fixing gaps in AWS data perimeter policies

In AWS environments, data perimeters serve as a protective measure to ensure that cloud identities access only trusted resources from authorized networks, with controls applied at various infrastructure levels. Despite the potential of organization-level solutions like resource control policies (RCPs) and service control policies (SCPs), many organizations still rely on per-resource controls, which can create security gaps. The text discusses how these gaps can be tested using Stratus Red Team, an open-source threat emulation tool, and highlights scenarios such as visibility, identity, network, and resource perimeters. It emphasizes the importance of organization-level controls to close these gaps, illustrating how per-resource policies can be vulnerable to attacks such as policy drift or unauthorized access. Additionally, the text provides examples of how to configure and use Stratus Red Team to simulate attacks, underscoring the need for robust logging and monitoring to detect unauthorized activities and address potential security risks effectively.