Benchmark: CIS v1.0.0
To obtain the latest version of the official guide, please visit http://benchmarks.cisecurity.org.
Overview
This security configuration benchmark covers foundational elements of Alibaba Cloud. The recommendations detailed here provides prescriptive guidance for configuring security options for a subset of Alibaba Cloud services with an emphasis on foundational, testable, and architecture agnostic settings. Specific Alibaba Cloud Services in scope for this document include:
- Elastic Compute Service (ECS)
- Virtual Private Cloud (VPC)
- Object Storage Service (OSS)
- Relational Database Service (RDS)
- Container Service for Kubernetes (ACS)
- Key Management Service (KMS)
- Resource Access Management (RAM)
- ActionTrail
- Security Center
Profiles
The following configuration profiles are defined by this Benchmark:
Level 1
Items in this profile intend to:
- be practical and prudent;
- provide security focused best practice hardening of a technology; and
- limit impact to the utility of the technology beyond acceptable means.
Level 2 (extends Level 1)
This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:
- are intended for environments or use cases where security is more critical than manageability and usability
- acts as defense in depth measure
- may impact the utility or performance of the technology
- may include additional licensing, cost, or addition of third party software
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-alicloud-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select CIS v1.0.0.
Run this benchmark in your terminal:
powerpipe benchmark run alicloud_compliance.benchmark.cis_v100
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run alicloud_compliance.benchmark.cis_v100 --share
Benchmarks
- 1 Identity and Access Management
- 2 Logging and Monitoring
- 3 Networking
- 4 Virtual Machines
- 5 Storage
- 6 Relational Database Services
- 7 Kubernetes Engine
- 8 Security Center