Home
Security Hardening
CIS Amazon Web Services Foundations L1 1.4.0

CIS Amazon Web Services Foundations L1 1.4.0

Do not setup access keys during initial user setup for all IAM users that have a console password
Details AWS console defaults to no check boxes selected when creating a new IAM user. When cerating the IAM User...
Eliminate use of the ‘root’ user for administrative and daily tasks
Details With the creation of an AWS account, a ‘root user’ is created that cannot be disabled or deleted. That...
Ensure access keys are rotated every 90 days or less
Details Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests...
Ensure a log metric filter and alarm exist for CloudTrail configuration changes – ‘alarm exists’
Details Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric...
Ensure a log metric filter and alarm exist for CloudTrail configuration changes – ‘metric filter exists’
Details Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric...
Ensure a log metric filter and alarm exist for CloudTrail configuration changes – ‘subscription exists’
Details Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric...
Ensure a log metric filter and alarm exist for unauthorized API calls – ‘alarm exists’
Details Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric...
Ensure a log metric filter and alarm exist for unauthorized API calls – ‘metric filter exists’
Details Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric...
Ensure a log metric filter and alarm exist for unauthorized API calls – ‘subscription exists’
Details Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric...
Ensure a log metric filter and alarm exist for usage of ‘root’ account – ‘alarm exists’
Details Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric...

CIS Amazon Web Services Foundations L1 1.4.0

Do not setup access keys during initial user setup for all IAM users that have a console password

Eliminate use of the ‘root’ user for administrative and daily tasks

Ensure access keys are rotated every 90 days or less

Ensure a log metric filter and alarm exist for CloudTrail configuration changes – ‘alarm exists’

Ensure a log metric filter and alarm exist for CloudTrail configuration changes – ‘metric filter exists’

Ensure a log metric filter and alarm exist for CloudTrail configuration changes – ‘subscription exists’

Ensure a log metric filter and alarm exist for unauthorized API calls – ‘alarm exists’

Ensure a log metric filter and alarm exist for unauthorized API calls – ‘metric filter exists’

Ensure a log metric filter and alarm exist for unauthorized API calls – ‘subscription exists’

Ensure a log metric filter and alarm exist for usage of ‘root’ account – ‘alarm exists’