AWS Compliance Mod
Run individual configuration, compliance and security controls or full compliance benchmarks for
Audit Manager Control Tower,
AWS Foundational Security Best Practices,
RBI Cyber Security Framework and
SOC 2 across all your AWS accounts.
AWS provides on-demand cloud computing platforms and APIs to authenticated customers on a metered pay-as-you-go basis.
AWS Foundational Security Best Practices is a set of controls that detect when your deployed accounts and resources deviate from security best practices.
CIS AWS Benchmarks provide a predefined set of compliance and security best-practice checks for AWS accounts.
Audit Manager Control Tower provide the easiest way to set up and govern a secure, multi-account AWS environment.
FedRAMP is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services.
GDPR provides a set of robust requirements that raise and harmonize standards for data protection, security, and compliance throughout the European Union (EU).
HIPAA Compliance provides a set of general-purpose security standards for the U.S. Health Insurance Portability and Accountability Act (HIPAA).
NIST 800-53 provides minimum baselines of security controls for U.S. federal information systems except those related to national security.
NIST CSF provides security standards for managing and reducing cybersecurity risk.
PCI DSS provides security standards for the payment card industry.
RBI Cyber Security Framework provides a cyber security framework for Urban Cooperative Banks (UCB) in India.
SOC 2 provides an auditing procedure that ensures a company's data is securely managed.
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
Steampipe Mods are collections of
named queries, and codified
controls that can be used to test current configuration of your cloud resources against a desired configuration.
Download and install Steampipe (https://steampipe.io/downloads). Or use Brew:
brew tap turbot/tapbrew install steampipe
Install the AWS plugin with Steampipe:
steampipe plugin install aws
git clone https://github.com/turbot/steampipe-mod-aws-compliance.gitcd steampipe-mod-aws-compliance
Before running any benchmarks, it's recommended to generate your AWS credential report:
aws iam generate-credential-report
Start your dashboard server to get started:
By default, the dashboard interface will then be launched in a new browser window at https://localhost:9194. From here, you can run benchmarks by selecting one or searching for a specific one.
Instead of running benchmarks in a dashboard, you can also run them within your
terminal with the
steampipe check command:
Run all benchmarks:
steampipe check all
Run a single benchmark:
steampipe check benchmark.cis_v140
Run a specific control:
steampipe check control.cis_v140_2_1_1
Different output formats are also available, for more information please see Output Formats.
This mod uses the credentials configured in the Steampipe AWS plugin.
No extra configuration is required.
If you have an idea for additional controls or just want to help maintain and extend this mod (or others) we would love you to join the community and start contributing.
- Join our Slack community → and hang out with other Mod developers.
Want to help but not sure where to start? Pick up one of the
help wanted issues: