Collection of resources related to security benchmark frameworks. Currently covered frameworks:
- CIS Amazon Web Services Foundations Benchmark 1.1
Contents:
aws-security-benchmark/
├── LICENSE
├── README.md
├── architecture
│ ├── README.md
│ ├── assets
│ │ └── cis-benchmark-architecture.jpg
│ ├── cis-benchmark-matrix.xlsx
│ ├── create-benchmark-rules.yaml
└── aws_cis_foundation_framework
├── CIS_Amazon_Web_Services_Foundations_Benchmark_v1.1.0.pdf
├── README.md
├── aws-cis-foundation-benchmark-checklist-lambdarole.json
└── aws-cis-foundation-benchmark-checklist.py
There are two parts of this package.
- CloudFormation template to configure AWS Config, Amazon CloudWatch to analyse against the CIS benchmarks and AWS Lambda to respond. Located under the architecture directory
- Python script to run all of the CIS Benchmark checks from the command line and output the results to an HTML file. Located under the aws_cis_foundation_framework directory
See the REAMDME.md files for the install instructions for each part.
Prerequisites for part 1 (automated benchmarking):
- AWS Config must be running in the region where this template will be run. This is needed for Config Rules.
- Amazon CloudTrail must be delivering logs to CloudWatch Logs. This is needed for CloudWatch metrics and alarms.
- AWS Lambda must be supported in the region where this template will be launched. See this page for region support.
Prerequisites for part 2 (python script)
- Python version 2.7
- Configured AWS CLI
- IAM permissions as defined in (aws-cis-foundation-benchmark-checklist-lambdarole.json)