- Notifications
You must be signed in to change notification settings - Fork68
Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
License
turbot/steampipe-mod-aws-compliance
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
540+ checks covering industry defined security best practices across all AWS regions. Includes full support for multiple best practice benchmarks includingthe latest (v4.0.0) CIS benchmark, CIS AWS Compute Services, PCI DSS V3.2.1, PCI DSS V4.0, AWS Foundational Security, CISA Cyber Essentials, FedRAMP, FFIEC, GxP 21 CFR Part 11, GxP EU Annex 11, HIPAA Final Omnibus Security Rule 2013, HIPAA Security Rule 2003, NIST 800-53, NIST CSF, NIST 800-172, NYDFS 23, Reserve Bank of India, Audit Manager Control Tower, Australian Cyber Security Center (ACSC) Essential Eight, and more!
Run checks in a dashboard:
Or in a terminal:
Install Powerpipe (https://powerpipe.io/downloads), or use Brew:
brew install turbot/tap/powerpipe
This mod also requiresSteampipe with theAWS plugin as the data source. Install Steampipe (https://steampipe.io/downloads), or use Brew:
brew install turbot/tap/steampipesteampipe plugin install aws
Steampipe will automatically use your default AWS credentials. Optionally, you cansetup multiple accounts orcustomize AWS credentials.
Finally, install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart Steampipe as the data source:
steampipe service start
Start the dashboard server:
powerpipe server
Browse and view your dashboards athttp://localhost:9033.
Instead of running benchmarks in a dashboard, you can also run them within yourterminal with thepowerpipe benchmark command:
List available benchmarks:
powerpipe benchmark list
Run a benchmark:
powerpipe benchmark run aws_compliance.benchmark.cis_v400
Different output formats are also available, for more information please seeOutput Formats.
The benchmark queries use common properties (likeaccount_id,connection_name andregion) and tags that are defined in the form of a default list of strings in thevariables.sp file. These properties can be overwritten in several ways:
It's easiest to setup your vars file, starting with the sample:
cp powerpipe.ppvars.example powerpipe.ppvarsvi powerpipe.ppvars
Alternatively you can pass variables on the command line:
powerpipe benchmark run aws_compliance.benchmark.cis_v400 --var'tag_dimensions=["Environment", "Owner"]'Or through environment variables:
export PP_VAR_common_dimensions='["account_id", "connection_name", "region"]'export PP_VAR_tag_dimensions='["Environment", "Owner"]'powerpipe benchmark run aws_compliance.benchmark.cis_v400
This repository is published under theApache 2.0 license. Please see ourcode of conduct. We look forward to collaborating with you!
Steampipe andPowerpipe are products produced from this open source software, exclusively byTurbot HQ, Inc. They are distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in ourOpen Source FAQ.
Want to help but don't know where to start? Pick up one of thehelp wanted issues:
About
Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
Topics
Resources
License
Code of conduct
Security policy
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Uh oh!
There was an error while loading.Please reload this page.