In the Cloud, security should be your top concern. If your company is using AWS, you’re probably aware of the endless possibilities for implementing security controls. With these possibilities, there is a lot of room for gaps and mistakes.
One of the most important areas to secure is the AWS account itself. Is is also important to ensure that changes made in the account meet security controls with a compliance dashboard. Many customers choose to implement security monitoring and mitigation manually, which is time consuming and error-prone.
There is a better way. AWS provides an automated implementation of the CIS Benchmark (https://www.cisecurity.org/cis-benchmarks/). This combination of monitoring and dashboards can be deployed using a CloudFormation template, and can be launched directly from the AWS documentation found here: https://aws.amazon.com/quickstart/architecture/compliance-cis-benchmark/. Click on “How to Deploy” and select your region (either GovCloud or other regions), and follow the directions.
What resources are created by deploying this template?
AWS Config Rules
CloudWatch Alarms
CloudWatch Events
Customizable Lambda functions
In addition, AWS provides a security controls matrix (as a Microsoft Excel spreadsheet) that maps the deployed resources to specific CIS controls.
By deploying this benchmark using automated methods, you can test this in your own account, and remove all of the above resources with a few mouse clicks if required. We recommend that every AWS account have security controls implemented and monitored, and enabling termination protection on the deployed CloudFormation template will help protect these resources.
Happy deploying!