Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-well-architected
Overview
3Dashboards
205Benchmarks
24Queries
6Variables
GitHub

Benchmark: BP05 Define permission guardrails for your organization

Description

Establish common controls that restrict access to all identities in your organization. For example, you can restrict access to specific AWS Regions, or prevent your operators from deleting common resources, such as an IAM role used for your central security team.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-well-architected

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select BP05 Define permission guardrails for your organization.

Run this benchmark in your terminal:

powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec03_bp05

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec03_bp05 --share

Controls

Tags

category = Compliance
choice_id = sec_permissions_define_guardrails
pillar_id = security
plugin = aws
question_id = permissions
risk = medium
service = AWS
type = Benchmark