CIS AWS Benchmark v1.2.0¶
Deprecated Framework
This framework has been superseded by CIS AWS Benchmark v1.4.0 and later versions. Organizations should migrate to newer versions for updated security controls and best practices.
The Center for Internet Security (CIS) AWS Foundations Benchmark version 1.2.0 provides prescriptive guidance for establishing a secure baseline configuration of Amazon Web Services environments. Developed through consensus by cybersecurity experts worldwide, this benchmark addresses foundational security controls for AWS accounts. It is applicable to all organizations using AWS infrastructure.
Terraform Registry Subdomain: cisv120¶
module "..." {
source = "cisv120.compliance.tf/terraform-aws-modules/<module>/aws"
version = "<version>"
}
module "..." {
source = "https://cisv120.compliance.tf/terraform-aws-modules/<module>/aws"
}
Refer to the Terraform Registry Endpoints section for more details.
Implemented Controls¶
The following controls are implemented as part of this framework.
- CloudWatch alarm should have an action configured
- S3 bucket MFA delete should be enabled
- AWS WAF rules should have CloudWatch metrics enabled
Enable/Disable Controls¶
You can customize the Terraform module for the desired compliance requirements by enabling/disabling individual controls.
Examples¶
S3 bucket module with CIS AWS Benchmark v1.2.0 compliance framework controls enabled, and a couple of controls disabled¶
module "..." {
source = "https://cisv120.compliance.tf/terraform-aws-modules/s3-bucket/aws?disable=cloudwatch_alarm_action_enabled,s3_bucket_mfa_delete_enabled"
}