turbot/aws_compliance

AWS Compliance Mod

Run individual configuration, compliance and security controls or full compliance benchmarks for Audit Manger Control Tower, AWS Foundational Security Best Practices, CIS, GDPR, HIPAA, NIST 800-53, NIST CSF, PCI DSS, RBI Cyber Security Framework and SOC 2 across all your AWS accounts.

image

References

AWS provides on-demand cloud computing platforms and APIs to authenticated customers on a metered pay-as-you-go basis.

AWS Foundational Security Best Practices is a set of controls that detect when your deployed accounts and resources deviate from security best practices.

CIS AWS Benchmarks provide a predefined set of compliance and security best-practice checks for AWS accounts.

Audit Manger Control Tower provide the easiest way to set up and govern a secure, multi-account AWS environment.

GDPR provides a set of robust requirements that raise and harmonize standards for data protection, security, and compliance throughout the European Union (EU).

HIPAA Compliance provides a set of general-purpose security standards for the U.S. Health Insurance Portability and Accountability Act (HIPAA).

NIST 800-53 provides minimum baselines of security controls for U.S. federal information systems except those related to national security.

NIST CSF provides security standards for managing and reducing cybersecurity risk.

PCI DSS provides security standards for the payment card industry.

RBI Cyber Security Framework provides a cyber security framework for Urban Cooperative Banks (UCB) in India.

SOC 2 provides an auditing procedure that ensures a company's data is securely managed.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Steampipe Mods are collections of named queries, and codified controls that can be used to test current configuration of your cloud resources against a desired configuration.

Documentation

Get started

Install the AWS plugin with Steampipe:

steampipe plugin install aws

Clone:

git clone https://github.com/turbot/steampipe-mod-aws-compliance.git
cd steampipe-mod-aws-compliance

Run all benchmarks:

steampipe check all

Run a single benchmark:

steampipe check benchmark.cis_v140

Run a specific control:

steampipe check control.cis_v140_2_1_1

Credentials

This mod uses the credentials configured in the Steampipe AWS plugin.

Configuration

No extra configuration is required.

Get involved