Terraform

AWS Configuration

Default Configurations

By default, SSH 22 and RDP 3389 are closed, but these are suggested to be opened when creaing them, warning how dangeroud this is. What’s traffic mirroring? Using this functionality with open-source tools.

Custom Config

If SSM is enabled (System Manager Service), then activity is logged in CloudTrail. At least, AmazonSSMManagedInstanceCore needs to be attached to the instance profile role. Look at the policies and which users are granted the access. Also, commands run can be also restricted.