![]() ![]() Please feel free to open issues (and include any output/stack trace), or submit PRs.įinally, this was a project designed to help me learn the Go language, so, sorry if the code makes your eyes bleed, I'm sure it's highly non-idiomatic.įor more info, contact the author adamstigian. This scanner currently features very little error checking or recovery, and works through checks linearly. The link to the license terms can be found at Notes This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License. This scanner requires the following (read only) API permissions: This benchmark serves as a set of security configuration best practices for AWS. It will also respect environment variables/etc - it is built with the AWS SDK, so all of that should aws-cis-scanner > aws-cis-scanner -r us-gov-west-1 > report.html Permissions Required The Center for Internet Security (CIS) is a nonprofit that developed the CIS AWS Foundations Benchmark. The scanner will use your ~/.aws/credentials and/or ~/.aws/config files for access keys automatically. AWS C2S region is also unsupported (due to lack of support in SDK).Īn example output file is included at report.html For example, the AWS Marketplace offers free trials for specific instances of CIS. ![]() CIS Benchmarks are host hardening guidelines designed to safeguard your Amazon EC2 instance by improving your security posture. tool and the CIS benchmarks in PDF format. AWS China (Beijing - cn-north-1) is NOT yet supported (I have no way to test in CN region, and it's missing a few of the required services, such as MFA support). You can now run Inspector CIS assessments on Amazon Linux 2 distributions to check the configuration of your Amazon EC2 instances against the security configuration best practices developed by CIS. AWS US GovCloud ( us-gov-west-1) region is supported as well. All commercial regions (as of September 5, 2016) are supported. CIS benchmarks provide two levels of security settings: L1, or Level 1, recommends essential basic security requirements that can be configured on any system and should cause little or no interruption of service or reduced functionality. Use the -r or -region flags to tell the scanner which region to use for non-commercial / generally available regions (such as GovCloud or China). The content is using the Benchmark Version 1.0.0 - 02-29-2016. (Manual) 1.2 Ensure security contact information is registered. This scanner assesses your AWS Account for compliance with the CIS Benchmark for AWS. The CIS AWS Foundations Benchmark is composed of five sections with a total of 55 controls known as recommendations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |