Benchmark: 3 Lightsail
Lightsail
Amazon Lightsail offers easy-to-use virtual private server (VPS) instances, containers, storage, databases, to create a website or application in just a few clicks. Automatically configure networking, access, and security environments. Easily scale as you grow—or migrate your resources to the broader AWS ecosystem, such as Amazon EC2.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 3 Lightsail.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.cis_compute_service_v100_3Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.cis_compute_service_v100_3 --shareControls
- 3.1 Apply updates to any apps running in Lightsail
- 3.2 Change default Administrator login names and passwords for applications
- 3.3 Disable SSH and RDP ports for Lightsail instances when not needed
- 3.4 Ensure SSH is restricted to only IP address that should have this access
- 3.5 Ensure RDP is restricted to only IP address that should have this access
- 3.6 Disable IPv6 Networking if not in use within your organization
- 3.7 Ensure you are using an IAM policy to manage access to buckets in Lightsail
- 3.8 Ensure Lightsail instances are attached to the buckets
- 3.9 Ensure that your Lightsail buckets are not publicly accessible
- 3.10 Enable storage bucket access logging
- 3.11 Ensure your Windows Server based lightsail instances are updated with the latest security patches
- 3.12 Change the auto-generated password for Windows based instances