AWS Roles Anywhere trust anchor created with an external CA
Description
AlphaSOC detected the creation of an AWS Roles Anywhere trust anchor that uses an external Certificate Authority (CA). This configuration enables AWS to accept certificates issued by an external CA for authentication purposes. While this can be a valid security setup, it may introduce potential security risks if misused.
Impact
An unauthorized trust anchor could severely compromise AWS environment security. If a malicious actor gains control of a trust anchor, they could generate fraudulent certificates and compromise authentication mechanisms, potentially leading to unauthorized access across AWS services.
Severity
Severity | Condition |
---|---|
Informational | Roles Anywhere trust anchor created with an external CA |
Investigation and Remediation
Verify the legitimacy of the AWS Roles Anywhere trust anchor creation by identifying and confirming the responsible party. Assess the external CA's security controls and credibility. If the trust anchor was created without authorization, remove it immediately and revoke all associated credentials. Review AWS CloudTrail logs for any related suspicious activities.