Benchmark: Annex I (7.1)
Description
Disallow administrative rights on end-user workstations/PCs/laptops and provide access rights on a ‘need to know’ and ‘need to do’ basis.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Annex I (7.1).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.rbi_cyber_security_annex_i_7_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.rbi_cyber_security_annex_i_7_1 --shareControls
- Ensure IAM policy should not grant full access to service
- IAM groups, users, and roles should not have any inline policies
- IAM policy should not have statements with admin access
- IAM root user should not have access keys
- IAM user should not have any inline or attached policies