AWS Security Blog

Introducing SRA Verify – an AWS Security Reference Architecture assessment tool

The AWS Security Reference Architecture (AWS SRA) provides prescriptive guidance for deploying AWS security services in a multi-account environment. However, validating that your implementation aligns with these best practices can be challenging and time-consuming.

Today, we’re announcing the open source release of SRA Verify, a security assessment tool that helps you assess your organization’s alignment to the AWS SRA.

The AWS SRA is a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. You can use it to design, implement, and manage AWS security services so that they align with AWS recommended practices. The recommendations are built around a single-page architecture that includes AWS security serviceshow they help achieve security objectives, where they can be best deployed and managed in your AWS accounts, and how they interact with other security services. This overall architectural guidance complements detailed, service-specific recommendations such as those found in AWS Security Documentation.

SRA Verify directly maps to these recommendations by providing automated checks that validate your implementation against the AWS SRA guidance. The tool helps you verify that security services are properly configured according to the reference architecture. To assist with remediation and implementing the guidance in the AWS SRA, review the infrastructure as code (IaC) examples in the AWS Security Reference Architecture Github repo.

SRA Verify includes checks across multiple AWS services including AWS CloudTrail, Amazon GuardDuty, AWS IAM Access Analyzer, AWS Config, AWS Security Hub, Amazon Simple Storage Service (Amazon S3), Amazon Inspector, and Amazon Macie. We plan to expand its capabilities over time to cover additional AWS security services and evolving AWS SRA best practices. To contribute to SRA Verify, review the Contributing Guidelines on Github.

If you have any feedback about this post, submit comments in the Comments section below.
 

Jeremy Schiefer Jeremy Schiefer
Jeremy is a Principal Security Specialist at Amazon Web Services. He helps customers improve their cloud security posture by using data and recommendations to adopt AWS security best practices and services, enabling them to better protect against, prevent, and respond to cyber threats.
Matt Nispel Matt Nispel
Matt is an Enterprise Solutions Architect at AWS. He has more than 10 years of experience building cloud architectures for large enterprise companies. At AWS, Matt helps customers rearchitect their applications to take full advantage of the cloud. Matt lives in Minneapolis, Minnesota, and in his free time enjoys spending time with friends and family.
Justin Kontny Justin Kontny
Justin is a Sr. Security Engineer at AWS who combines his passion for software development with expertise in cloud security. He focuses on transforming security from a barrier to a business enabler through innovative AI-driven automation. When not pushing the boundaries of cloud security, Justin enjoys time with his children and being active outdoors.