turbot/alicloud_compliance

Benchmark: CIS v1.0.0

To obtain the latest version of the official guide, please visit http://benchmarks.cisecurity.org.

Overview

This security configuration benchmark covers foundational elements of Alibaba Cloud. The recommendations detailed here provides prescriptive guidance for configuring security options for a subset of Alibaba Cloud services with an emphasis on foundational, testable, and architecture agnostic settings. Specific Alibaba Cloud Services in scope for this document include:

  • Elastic Compute Service (ECS)
  • Virtual Private Cloud (VPC)
  • Object Storage Service (OSS)
  • Relational Database Service (RDS)
  • Container Service for Kubernetes (ACS)
  • Key Management Service (KMS)
  • Resource Access Management (RAM)
  • ActionTrail
  • Security Center

Profiles

The following configuration profiles are defined by this Benchmark:

Level 1

Items in this profile intend to:

  • be practical and prudent;
  • provide security focused best practice hardening of a technology; and
  • limit impact to the utility of the technology beyond acceptable means.

Level 2 (extends Level 1)

This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:

  • are intended for environments or use cases where security is more critical than manageability and usability
  • acts as defense in depth measure
  • may impact the utility or performance of the technology
  • may include additional licensing, cost, or addition of third party software

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-alicloud-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select CIS v1.0.0.

Run this benchmark in your terminal:

powerpipe benchmark run alicloud_compliance.benchmark.cis_v100

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run alicloud_compliance.benchmark.cis_v100 --share

Benchmarks

Tags