Member-only story
Cloud Custodian Policies for CIS AWS Foundations Benchmark (Part-4)
3 min readOct 14, 2021
CIS AWS Foundations Benchmark v1.4.0–05–28–2021
The Cloud Custodian Policies covering the CIS Benchmark version 1.4.0 checks are continued below from Part-3. This story covers from 3.9 through 5.4
3.9 Ensure VPC flow logging is enabled in all VPCs— Level 2 (Automated)
policies:
- name: cis-vpc-flow-log-is-not-enabled
resource: aws.vpc
comment: |
CIS Amazon Web Services Foundations v1.4.0 (3.9).VPC Flow Logs
is a feature that enables you to capture information about the
IP traffic going to and from network interfaces in your VPC.
After you've created a flow log, you can view and retrieve its
data in Amazon CloudWatch Logs. It is recommended that VPC Flow
Logs be enabled for packet "Rejects" for VPCs. VPC Flow Logs
provide visibility into network traffic that traverses the VPC
and can be used to detect anomalous traffic or insight during
security workflows.
filters:
— not:
- type: flow-logs
enabled: true
mode:
schedule: “rate(24 hours)”
type: periodic
execution-options:
output_dir: s3://s3bucket/path/{account_id}/
runtime: python3.83.10 Ensure that Object-level logging for write events is enabled for S3 bucket— Level 2 (Automated) — inprogress
