CIS AWS Benchmark v1.3.0¶
Deprecated Framework
This framework has been superseded by CIS AWS Benchmark v1.4.0 and later versions. Organizations should migrate to newer versions for updated security controls and best practices.
The Center for Internet Security (CIS) AWS Foundations Benchmark version 1.3.0 provides prescriptive guidance for establishing a secure baseline configuration of Amazon Web Services environments. This version includes updated controls and recommendations reflecting evolving AWS security best practices. It is applicable to all organizations using AWS infrastructure.
Terraform Registry Subdomain: cisv130¶
module "..." {
source = "cisv130.compliance.tf/terraform-aws-modules/<module>/aws"
version = "<version>"
}
module "..." {
source = "https://cisv130.compliance.tf/terraform-aws-modules/<module>/aws"
}
Refer to the Terraform Registry Endpoints section for more details.
Implemented Controls¶
The following controls are implemented as part of this framework.
- Attached EBS volumes should have encryption enabled
- S3 bucket logging should be enabled
- S3 buckets should prohibit public write access
Enable/Disable Controls¶
You can customize the Terraform module for the desired compliance requirements by enabling/disabling individual controls.
Examples¶
S3 bucket module with CIS AWS Benchmark v1.3.0 compliance framework controls enabled, and a couple of controls disabled¶
module "..." {
source = "https://cisv130.compliance.tf/terraform-aws-modules/s3-bucket/aws?disable=ebs_attached_volume_encryption_enabled,s3_bucket_logging_enabled"
}