1. Assessment Phase

  • AWS Public Exposure Assessment Execution
20 Credits

AWS Public Resource Exposure Report

Overview

This report identifies publicly accessible AWS resources that may expose your environment to unauthorized access, data leakage, or malicious activity. Public access to services—whether intentional or misconfigured—represents one of the most critical security risks in cloud environments.

This assessment helps you:

  • Detect and remediate unintended public exposure of critical services and data
  • Protect against privilege escalation, data exfiltration, and infrastructure compromise
  • Improve your zero-trust posture and cloud perimeter security
  • Comply with security frameworks and audit requirements

Each finding includes resource-level details to support swift investigation and action.

Services and Evaluation Criteria

AWS IAM

  • No Publicly Assumable IAM Roles

Amazon S3

  • No Public Buckets

Amazon ECR

  • No Public Repositories

AWS KMS

  • No Public KMS Keys

AWS Lambda

  • No Public Functions
  • No Public Lambda URLs Without Authentication

Amazon OpenSearch (Elasticsearch)

  • No Public Elasticsearch Clusters

AWS Glue

  • No Public Glue Dev Endpoints

Amazon SNS

  • No Public SNS Topics

Amazon SQS

  • No Public SQS Queues

Amazon EC2

  • No Public EC2 Instances
  • No Public AMIs
  • No Public EBS Snapshots

Amazon ECS

  • No Public ECS/Fargate Services

Amazon RDS

  • No Public RDS Instances/Clusters
  • No Public RDS Snapshots

Amazon API Gateway

  • No Public API Gateway Endpoints
  • API Gateway Endpoints Protected by WAF

AWS AppSync

  • AppSync Endpoints Protected by WAF

Amazon Redshift

  • No Public Redshift Clusters

AWS Backup

  • No Public Backup Vaults

AWS Load Balancers

  • No Public Classic Load Balancers
  • ALBs Protected by WAF

Amazon EMR

  • No Public EMR Instances

Amazon SES

  • No Publicly Accessible SES Identities

Amazon CloudFront

  • CloudFront Protected by WAF

AWS Systems Manager (SSM)

  • No Public SSM Documents (Customer-Owned)

Application Migration Service (AMS)

  • No Public Replication Instances

AWS Database Migration Service (DMS)

  • No Public Replication Instances

Amazon EKS

  • No Public EKS Clusters (Control Plane)

Amazon EFS

  • No Public EFS Mount Targets

Amazon DocumentDB

  • No Public DocumentDB Snapshots

Amazon Neptune

  • No Public Neptune Clusters

Amazon MQ

  • No Public Amazon MQ Brokers

This report helps you lock down your environment, remediate risky configurations, and move toward a more secure, least-privilege-based infrastructure model.