turbot/aws_compliance

Benchmark: CIS AWS Compute Services Benchmark v1.0.0

To obtain the latest version of the official guide, please visit http://benchmarks.cisecurity.org.

Overview

All CIS Benchmarks focus on technical configuration settings used to maintain and/or increase the security of the addressed technology, and they should be used in conjunction with other essential cyber hygiene tasks like:

  • Monitoring the base operating system for vulnerabilities and quickly updating with the latest security patches
  • Monitoring applications and libraries for vulnerabilities and quickly updating with the latest security patches

In the end, the CIS Benchmarks are designed as a key component of a comprehensive cybersecurity program.

This document provides prescriptive guidance for configuring security options for the services within the Compute category in AWS. This Benchmark is intended to be used in conjunction with the CIS Amazon Web Services Foundations Benchmark. For more information about this approach see the Introduction section of this document.

The specific AWS Services in scope for this document include:

  • Amazon Elastic Cloud Compute (EC2)
  • Amazon Lightsail
  • AWS Lambda
  • AWS Batch
  • AWS Elastic Beanstalk
  • AWS Serverless Application Repository
  • AWS Outposts
  • EC2 Image Builder
  • AWS App Runner
  • AWS SimSpace Weaver

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select CIS AWS Compute Services Benchmark v1.0.0.

Run this benchmark in your terminal:

powerpipe benchmark run aws_compliance.benchmark.cis_compute_service_v100

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_compliance.benchmark.cis_compute_service_v100 --share

Benchmarks

Tags