To obtain the latest version of the official guide, please visit http://benchmarks.cisecurity.org.

Overview

The CIS Amazon Web Services Foundations Benchmark provides prescriptive guidance for configuring security options for a subset of Amazon Web Services with an emphasis on foundational, testable, and architecture agnostic settings. Specific Amazon Web Services in scope include:

• AWS Identity and Access Management (IAM)
• AWS Config
• AWS CloudTrail
• AWS CloudWatch
• AWS Simple Notification Service (SNS)
• AWS Simple Storage Service (S3)
• AWS VPC (Default)

Profiles

Level 1

Items in this profile intend to:

• be practical and prudent;
• provide a clear security benefit; and
• not inhibit the utility of the technology beyond acceptable means.

Level 2 (extends Level 1)

This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:

• are intended for environments or use cases where security is paramount
• acts as defense in depth measure
• may negatively inhibit the utility or performance of the technology.