Detections
Analytics

2.2 Maintain current AWS account contact details

Information

Ensure contact email and telephone details for AWS accounts are current and mapped to more than one individual in your organization.

An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of the Acceptable Use Policy or indicative of a likely security compromise is observed by the AWS Abuse team. Contact details should not be associated with a single individual, as circumstances may arise where that individual is unavailable. Email contact details should point to a mail alias that forwards messages to multiple individuals within the organization; where feasible, phone contact details should point to a PABX hunt group or other call-forwarding system. In AWS Organizations environments, this applies to all member accounts, not just the management account.

If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the listed contact details. If this is unsuccessful and the account behavior requires urgent mitigation, proactive measures may be taken, including throttling traffic between the account exhibiting suspicious behavior and AWS API endpoints or the Internet. This may result in impaired service to and from the affected account. Therefore, it is in both the customer's and AWS's best interests to ensure that prompt contact can be established. This is best achieved by configuring AWS account contact details to point to resources that reach multiple individuals, such as email aliases and PABX hunt groups.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

This activity can only be performed via the AWS Console, with a user who has permission to read and write Billing information (aws-portal:*Billing).

From Console:

 - Sign in to the AWS Management Console and open the Billing and Cost Management console at https://console.aws.amazon.com/billing/home#/.
 - On the navigation bar, choose your account name, and then choose Account.
 - On the Account Settings page, next to Account Settings, choose Edit.
 - Next to the field that you need to update, choose Edit.
 - After you have entered your changes, choose Save changes.
 - After you have made your changes, choose Done.
 - To edit your contact information, under Contact Information, choose Edit.
 - For the fields that you want to change, type your updated information, and then choose Update.

From Command Line:

 - Run the following command:

aws account get-contact-information '{
"AddressLine1": "<AddressLine 1>",
"AddressLine2": "<AddressLine 2>",
"City": "<City>",
"CompanyName": "<Company Name>",
"CountryCode": "<Country Code>",
"FullName": "<Full Name>",
"PhoneNumber": "<Phone Number>",
"PostalCode": "<Postal Code>",
"StateOrRegion": "<State or Region>"
}'

Impact:

Outdated contact details may delay incident response and lead to service disruption.

See Also

https://workbench.cisecurity.org/benchmarks/24575

Item Details

Category: INCIDENT RESPONSE

References: 800-53|IR-6, 800-53|IR-6(3), CSCv7|19.3

Plugin: amazon_aws

Control ID: 104ee69263a6802ca01fca7413d862f685cc6deeeeba06e72729c19dcff706e0