CIS AWS Foundations 1.4.0

5min
Policy Pack based on the AWS Foundations 1.4.0 benchmark provided by the Center for Internet Security (CIS).
First StepsInstall Cloud Graph CLI.
Set up the AWS Provider for CG with the cg init aws command.
Add Policy Pack for AWS PCI DSS benchmark using cg policy add aws-cis-1.4.0 command.
Execute the ruleset using the scan command cg scan aws.
Query the findings using the different options:
Use the CloudGraph Policy Pack for AWS CIS 1.4 to query all of your CIS findings for all of your AWS Accounts:
GraphQL
|
query {
  queryawsCISFindings {
    id
    resourceId
    result
    rule {
      id
      severity
      title
      description
      audit
      rationale
      remediation
      references
    }
  }
}
query {
  queryawsCISFindings {
    id
    resourceId
    result
    rule {
      id
      severity
      title
      description
      audit
      rationale
      remediation
      references
    }
  }
}
﻿
If you want to query several different compliance findings for a given provider like AWS at once, you can request them like this:
GraphQL
|
query {
  queryawsFindings {
    CISFindings {
      id
      resourceId
      result
      rule {
        id
        severity
        title
        description
        audit
        rationale
        remediation
        references
      }
    }
  }
}
query {
  queryawsFindings {
    CISFindings {
      id
      resourceId
      result
      rule {
        id
        severity
        title
        description
        audit
        rationale
        remediation
        references
      }
    }
  }
}
﻿
For each CIS rule, get the resources that the rule is associated with, in this case we are quering IAM user's data to see which pass and fail:
GraphQL
|
query {
  queryawsCISFindings {
    id
    resourceId
    result
    rule {
      id
      severity
      title
      description
      audit
      rationale
      remediation
      references
    }
    iamUser {
      id
      arn
      name
    }
  }
}
query {
  queryawsCISFindings {
    id
    resourceId
    result
    rule {
      id
      severity
      title
      description
      audit
      rationale
      remediation
      references
    }
    iamUser {
      id
      arn
      name
    }
  }
}
﻿
If you wanted to understand the CIS rules that apply to a particular IAM User you could use the following query:
GraphQL
|
query {
  getawsIamUser(id: "123456789") {
    name
    CISFindings {
      id
      resourceId
      result
      rule {
        id
        severity
        title
        description
        audit
        rationale
        remediation
        references
      }
    }
  }
}
query {
  getawsIamUser(id: "123456789") {
    name
    CISFindings {
      id
      resourceId
      result
      rule {
        id
        severity
        title
        description
        audit
        rationale
        remediation
        references
      }
    }
  }
}
﻿
Available RulesetPlease see the CIS 1.4 README for a table of available rules.
Updated 03 Mar 2023
Did this page help you?
Yes
CIS AWS Foundations 1.3.0
PCI Data Security Standard V 3.2.1 for AWS
Docs powered by archbee
TABLE OF CONTENTS
First Steps
Available Ruleset