Benchmark: D3.PC.Im.B.1

Usage

Browse dashboards and select D3.PC.Im.B.1:

steampipe dashboard

Or run the benchmarks in your terminal:

steampipe check aws_compliance.benchmark.ffiec_d_3_pc_im_b_1

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share aws_compliance.benchmark.ffiec_d_3_pc_im_b_1

Controls

• ACM certificates should not expire within 30 days
• API Gateway stage should be associated with waf
• Auto Scaling launch config public IP should be disabled
• DMS replication instances should not be publicly accessible
• EBS snapshots should not be publicly restorable
• EC2 instances should be in a VPC
• EC2 instances should not have a public IP address
• ELB application load balancers should have Web Application Firewall (WAF) enabled
• EMR cluster master nodes should not have public IP addresses
• ES domains should be in a VPC
• Lambda functions should be in a VPC
• Lambda functions should restrict public access
• RDS DB instances should prohibit public access
• RDS snapshots should prohibit public access
• AWS Redshift enhanced VPC routing should be enabled
• Redshift clusters should prohibit public access
• S3 buckets should prohibit public read access
• S3 buckets should prohibit public write access
• S3 public access should be blocked at account level
• S3 public access should be blocked at account and bucket levels
• SageMaker notebook instances should not have direct internet access
• VPC default security group should not allow inbound and outbound traffic
• VPC route table should restrict public access to IGW
• VPC security groups should restrict ingress access on ports 20, 21, 22, 3306, 3389, 4333 from 0.0.0.0/0
• VPC security groups should restrict ingress SSH access from 0.0.0.0/0
• VPC security groups should restrict ingress TCP and UDP access from 0.0.0.0/0
• VPC subnet auto assign public IP should be disabled

Tags