aws_compliance

This control checks whether an AWS Elastic Beanstalk environment is configured to send logs to CloudWatch Logs. The control fails if the environment isn't configured to send logs to CloudWatch Logs.

elastic_beanstalk_environment_logs_to_cloudwatch

pci_dss_v40_requirement_10_2_1_1

10.2.1.1: Audit logs capture all individual user access to cardholder data

pci_dss_v40_requirement_10_2_1_2

10.2.1.2: Audit logs capture all actions taken by any individual with administrative access, including any interactive use of application or system accounts

pci_dss_v40_requirement_10_2_1_3

10.2.1.3: Audit logs capture all access to audit logs

pci_dss_v40_requirement_10_2_1_4

10.2.1.4: Audit logs capture all invalid logical access attempts

pci_dss_v40_requirement_10_2_1_5

10.2.1.5: Audit logs capture all changes to identification and authentication credentials including, but not limited

pci_dss_v40_requirement_10_2_1_6

10.2.1.6: Records of all changes to audit log activity status are captured

pci_dss_v40_requirement_10_2_1_7

10.2.1.7: Audit logs capture all creation and deletion of system-level objects

pci_dss_v40_requirement_10_2_2

10.2.2: Sufficient data to be able to identify successful and failed attempts and who, what, when, where, and how for each event listed in requirement 10.2.2 are captured

pci_dss_v40_requirement_10_3_1

10.3.1: Read access to audit logs files is limited to those with a job-related need

pci_dss_v40_requirement_10_6_3

10.6.3: Time synchronization settings and data are protected

pci_dss_v40_appendix_a1_2_1

A1.2.1: Audit log capability is enabled for each customer's environment that is consistent

acsc_essential_eight_ml_2_1_3

ACSC-EE-ML2-1.3: Application control ML2

acsc_essential_eight_ml_2_5_11

ACSC-EE-ML2-5.11: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_12

ACSC-EE-ML2-5.12: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_7_7

ACSC-EE-ML2-7.7: Multi-factor authentication ML2

all_controls_elasticbeanstalk

Elastic Beanstalk

Elastic Beanstalk environments should have enhanced health reporting enabled

cis_compute_service_v100_6_2

foundational_security_elasticbeanstalk_3

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: Elastic Beanstalk environments should have enhanced health reporting enabled

Description

Usage

SQL

Tags