Benchmark: 6.3.3: All system components are protected from known vulnerabilities by installing applicable security patches/updates
Description
New exploits are constantly being discovered, and these can permit attacks against systems that have previously been considered secure.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 6.3.3: All system components are protected from known vulnerabilities by installing applicable security patches/updates.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_6_3_3
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_6_3_3 --share
Controls
- ECS fargate services should run on the latest fargate platform version
- EKS clusters should run on a supported Kubernetes version
- Elastic Beanstalk environment should have managed updates enabled
- Minor version upgrades should be automatically applied to ElastiCache for Redis cache clusters
- Lambda functions should use latest runtimes
- OpenSearch domains should be updated to the latest service software version
- RDS DB instance automatic minor version upgrade should be enabled
- AWS Redshift should have required maintenance settings
- SSM managed instance patching should be compliant