Member-only story
Cloud Custodian Policies for CIS AWS Foundations Benchmark (Part 1)
Version 1.4.0–05–28–2021
Center for Internet Security (CIS) Benchmarks is a huge community effort at a greater scale from volunteers, developers, subject matter experts, technology vendors, cloud providers, private, and public companies. It defines the best practices for secure configuring your public cloud resources. It is widely accepted by government, business, industry, and academia. The benchmark guidelines are specific to vendor products. They would recommend specific settings in the vendor product i.e., where to check for that configuration setting and how to modify it to make it secure.
CIS Benchmark has worked with the community to publish a benchmark for various cloud providers like Alibaba, AWS, Google Cloud, IBM Cloud, Azure, Oracle Cloud, and others. In this story, we will discuss how to write the Cloud Custodian policies to do those recommendation checks. Download the free copy of CIS AWS Foundation Benchmark from cisecurity.org
CIS Amazon Web Services Foundations Benchmark v1.4.0 has two profile levels- Level 1 and Level 2. The level 1 items are defined to reduce the attack surface without making major changes to the business functionality. The level 2 item extends the level 1 profile and is considered to be layered defense and intended where security is serious…
