Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
36Dashboards
1598Benchmarks
674Queries
9Variables
GitHub

Benchmark: AWS CIS v1.2.0

To obtain the latest version of the official guide, please visit http://benchmarks.cisecurity.org.

Overview

The CIS Amazon Web Services Foundations Benchmark provides prescriptive guidance for configuring security options for a subset of Amazon Web Services with an emphasis on foundational, testable, and architecture agnostic settings. Specific Amazon Web Services in scope include:

  • AWS Identity and Access Management (IAM)
  • AWS Config
  • AWS CloudTrail
  • AWS CloudWatch
  • AWS Simple Notification Service (SNS)
  • AWS Simple Storage Service (S3)
  • AWS VPC (Default)

Profiles

Level 1

Items in this profile intend to:

  • be practical and prudent;
  • provide a clear security benefit; and
  • not inhibit the utility of the technology beyond acceptable means.

Level 2

This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:

  • are intended for environments or use cases where security is paramount
  • acts as defense in depth measure
  • may negatively inhibit the utility or performance of the technology.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select AWS CIS v1.2.0.

Run this benchmark in your terminal:

powerpipe benchmark run aws_compliance.benchmark.cis_v120

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_compliance.benchmark.cis_v120 --share

Benchmarks

Tags

category = Compliance
cis = true
cis_version = v1.2.0
plugin = aws
service = AWS
type = Benchmark