Benchmark: CIS AWS Compute Services Benchmark v1.0.0
To obtain the latest version of the official guide, please visit http://benchmarks.cisecurity.org.
Overview
All CIS Benchmarks focus on technical configuration settings used to maintain and/or increase the security of the addressed technology, and they should be used in conjunction with other essential cyber hygiene tasks like:
- Monitoring the base operating system for vulnerabilities and quickly updating with the latest security patches
- Monitoring applications and libraries for vulnerabilities and quickly updating with the latest security patches
In the end, the CIS Benchmarks are designed as a key component of a comprehensive cybersecurity program.
This document provides prescriptive guidance for configuring security options for the services within the Compute category in AWS. This Benchmark is intended to be used in conjunction with the CIS Amazon Web Services Foundations Benchmark. For more information about this approach see the Introduction section of this document.
The specific AWS Services in scope for this document include:
- Amazon Elastic Cloud Compute (EC2)
- Amazon Lightsail
- AWS Lambda
- AWS Batch
- AWS Elastic Beanstalk
- AWS Serverless Application Repository
- AWS Outposts
- EC2 Image Builder
- AWS App Runner
- AWS SimSpace Weaver
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select CIS AWS Compute Services Benchmark v1.0.0.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.cis_compute_service_v100
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.cis_compute_service_v100 --share
Benchmarks
- 2 Elastic Cloud Compute (EC2)
- 3 Lightsail
- 4 Lambda
- 5 Batch
- 6 Elastic Beanstalk
- 10 AWS App Runner
- 11 AWS SimSpace Weaver