Dashboard: AWS Audit Manager Control Tower Guardrails
Overview
AWS Control Tower offers a straightforward way to set up and govern an AWS multi-account environment, following prescriptive best practices. AWS Control Tower orchestrates the capabilities of several other AWS services, including AWS Organizations, AWS Service Catalog, and AWS Single Sign-on, to build a landing zone in less than an hour. Resources are set up and managed on your behalf.
AWS Control Tower orchestration extends the capabilities of AWS Organizations. To help keep your organizations and accounts from drift, which is divergence from best practices, AWS Control Tower applies preventive and detective controls (guardrails). For example, you can use guardrails to ensure that security logs and necessary cross-account access permissions are created, and not altered.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select AWS Audit Manager Control Tower Guardrails dashboard.
You could also snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe benchmark run aws_compliance.benchmark.audit_manager_control_tower --share
Benchmark
This dashboard is automatically generated from the following benchmark:
benchmark.audit_manager_control_tower