Benchmark: AWS Account Security Top 10
Overview
The AWS Security Blog post Top 10 security items to improve in your AWS account" contains tips for improving your cloud security contains helpful tips to help you improve security in your AWS accounts.
In Build a custom benchmark for the top 10 AWS security tips we show one approach to mapping the items from the blog post to Steampipe controls. This benchmark can be used as an example that we encourage you to reuse and remix based on your security requirements.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-top-10Start the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select AWS Account Security Top 10.
Run this benchmark in your terminal:
powerpipe benchmark run aws_top_10.benchmark.account_securitySnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_top_10.benchmark.account_security --shareBenchmarks
- 1. Accurate account information
- 2. Use multi-factor authentication (MFA)
- 3. No hard-coding secrets
- 4. Limit security groups
- 5. Intentional data policies
- 6. Centralize CloudTrail logs
- 7. Validate IAM roles
- 8. Take action on findings
- 9. Rotate keys
- 10. Be involved in the dev cycle