Benchmark: BP02 Reduce attack surface
Description
Reduce your exposure to unintended access by hardening operating systems and minimizing the components, libraries, and externally consumable services in use. Start by reducing unused components, whether they are operating system packages or applications, for Amazon Elastic Compute Cloud (Amazon EC2)-based workloads, or external software modules in your code, for all workloads. You can find many hardening and security configuration guides for common operating systems and server software. For example, you can start with the Center for Internet Security and iterate.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-well-architectedStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select BP02 Reduce attack surface.
Run this benchmark in your terminal:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec06_bp02Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec06_bp02 --shareControls
- Lambda functions should be in a VPC
- ECS clusters should have container insights enabled
- ECS fargate services should run on the latest fargate platform version