Benchmark: ACSC-EE-ML2-8.8: Regular backups ML2
Description
Privileged accounts (excluding backup administrator accounts) are prevented from modifying and deleting backups.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select ACSC-EE-ML2-8.8: Regular backups ML2.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight_ml_2_8_8Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight_ml_2_8_8 --shareControls
- Backup recovery points manual deletion should be disabled
- Ensure the S3 bucket CloudTrail logs to is not publicly accessible
- CodeBuild project environments should not have privileged mode enabled
- DMS replication instances should not be publicly accessible
- Amazon DocumentDB manual cluster snapshots should not be public
- EBS snapshots should not be publicly restorable
- ECS containers should run as non-privileged
- ECS containers should be limited to read-only access to root filesystems
- ECS task definitions should not use root user.
- EFS access points should enforce a root directory
- EFS access points should enforce a user identity
- EMR public access should be blocked at account level
- EventBridge custom event buses should have a resource-based policy attached
- Ensure managed IAM policies should not allow blocked actions on KMS keys
- Ensure inline policies attached to IAM users, roles, and groups should not allow blocked actions on KMS keys
- IAM policy should not have statements with admin access
- IAM root user should not have access keys
- Lambda functions should restrict public access
- Neptune DB cluster snapshots should not be public
- RDS DB instances should prohibit public access
- RDS snapshots should prohibit public access
- Redshift clusters should prohibit public access
- S3 access points should have block public access settings enabled
- Ensure MFA Delete is enabled on S3 buckets
- S3 buckets should prohibit public read access
- S3 buckets should prohibit public write access
- S3 public access should be blocked at account level
- S3 public access should be blocked at bucket levels
- SageMaker notebook instances should not have direct internet access
- SageMaker notebook instances root access should be disabled
- SSM documents should not be public