Mod: aws
The aws mod consists of 5 resource types, 117 policies and 13 controls.
Recommended Version
Resource Types
Controls
- AWS > Account > Budget > Budget
- AWS > Account > CMDB
- AWS > Account > Stack
- AWS > Region > Discovery
- AWS > Region > Stack
- AWS > Turbot
- AWS > Turbot > Audit Trail
- AWS > Turbot > Event Handlers
- AWS > Turbot > Event Handlers [Global]
- AWS > Turbot > Event Poller
- AWS > Turbot > Logging
- AWS > Turbot > Logging > Bucket
- AWS > Turbot > Service Roles
IAM Roles
Policies
- AWS > Account > Approved Regions [Default]
- AWS > Account > Budget > Enabled
- AWS > Account > Budget > State
- AWS > Account > Budget > Target
- AWS > Account > CMDB
- AWS > Account > Partition
- AWS > Account > Regions
- AWS > Account > Stack
- AWS > Account > Stack > Secret Variables
- AWS > Account > Stack > Source
- AWS > Account > Stack > Terraform Version
- AWS > Account > Stack > Variables
- AWS > Account > Tags Template [Default]
- AWS > Account > Trusted Accounts [Default]
- AWS > Account > Trusted Identity Providers [Default]
- AWS > Account > Trusted Organizations [Default]
- AWS > Account > Trusted Services [Default]
- AWS > Account > Turbot IAM Access Key ID
- AWS > Account > Turbot IAM Credential Type
- AWS > Account > Turbot IAM Role
- AWS > Account > Turbot IAM Role > Assume Role Timeout
- AWS > Account > Turbot IAM Role > External ID
- AWS > Account > Turbot IAM Role > External ID > Protection
- AWS > Account > Turbot IAM Secret Access Key
- AWS > Region > Discovery
- AWS > Region > Discovery > Connection Region
- AWS > Region > Logging Bucket [Default]
- AWS > Region > Stack
- AWS > Region > Stack > Secret Variables
- AWS > Region > Stack > Source
- AWS > Region > Stack > Terraform Version
- AWS > Region > Stack > Variables
- AWS > Turbot
- AWS > Turbot > Audit Trail
- AWS > Turbot > Audit Trail > CloudTrail
- AWS > Turbot > Audit Trail > CloudTrail > Trail
- AWS > Turbot > Audit Trail > CloudTrail > Trail > CloudWatch Role
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Enabled
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Encryption Key
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Event Selectors
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Global Region
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Include Global Service Events
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Log File Validation
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Name
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Name Prefix
- AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 Bucket
- AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 Key Prefix
- AWS > Turbot > Audit Trail > CloudTrail > Trail > SNS Topic
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Tags
- AWS > Turbot > Audit Trail > CloudTrail > Trail > Type
- AWS > Turbot > Audit Trail > Source
- AWS > Turbot > Audit Trail > Terraform Version
- AWS > Turbot > Event Handlers
- AWS > Turbot > Event Handlers [Global]
- AWS > Turbot > Event Handlers [Global] > Events
- AWS > Turbot > Event Handlers [Global] > Events > Rules
- AWS > Turbot > Event Handlers [Global] > Events > Rules > Name Prefix
- AWS > Turbot > Event Handlers [Global] > Events > Rules > Tags
- AWS > Turbot > Event Handlers [Global] > Events > Target
- AWS > Turbot > Event Handlers [Global] > Events > Target > IAM Role ARN
- AWS > Turbot > Event Handlers [Global] > Primary Region
- AWS > Turbot > Event Handlers [Global] > SNS
- AWS > Turbot > Event Handlers [Global] > SNS > Topic
- AWS > Turbot > Event Handlers [Global] > SNS > Topic > Customer Managed Key
- AWS > Turbot > Event Handlers [Global] > SNS > Topic > Name Prefix
- AWS > Turbot > Event Handlers [Global] > SNS > Topic > Tags
- AWS > Turbot > Event Handlers [Global] > Source
- AWS > Turbot > Event Handlers [Global] > Terraform Version
- AWS > Turbot > Event Handlers > Events
- AWS > Turbot > Event Handlers > Events > Rules
- AWS > Turbot > Event Handlers > Events > Rules > Account Filter
- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns
- AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > Billing Console
- AWS > Turbot > Event Handlers > Events > Rules > Event Sources
- AWS > Turbot > Event Handlers > Events > Rules > Name Prefix
- AWS > Turbot > Event Handlers > Events > Rules > Tags
- AWS > Turbot > Event Handlers > SNS
- AWS > Turbot > Event Handlers > SNS > Topic
- AWS > Turbot > Event Handlers > SNS > Topic > Customer Managed Key
- AWS > Turbot > Event Handlers > SNS > Topic > Name Prefix
- AWS > Turbot > Event Handlers > SNS > Topic > Tags
- AWS > Turbot > Event Handlers > Source
- AWS > Turbot > Event Handlers > Terraform Version
- AWS > Turbot > Event Poller
- AWS > Turbot > Event Poller > Excluded Events
- AWS > Turbot > Event Poller > Interval
- AWS > Turbot > Event Poller > Window
- AWS > Turbot > Logging
- AWS > Turbot > Logging > Bucket
- AWS > Turbot > Logging > Bucket > Access Logging
- AWS > Turbot > Logging > Bucket > Access Logging > Bucket
- AWS > Turbot > Logging > Bucket > Access Logging > Bucket > Key Prefix
- AWS > Turbot > Logging > Bucket > Default Encryption [Deprecated]
- AWS > Turbot > Logging > Bucket > Encryption in Transit
- AWS > Turbot > Logging > Bucket > Name
- AWS > Turbot > Logging > Bucket > Name > Prefix
- AWS > Turbot > Logging > Bucket > Regions
- AWS > Turbot > Logging > Bucket > Source
- AWS > Turbot > Logging > Bucket > Tags
- AWS > Turbot > Logging > Bucket > Versioning
- AWS > Turbot > Logging > Terraform Version
- AWS > Turbot > Service Roles
- AWS > Turbot > Service Roles > Configuration Recording
- AWS > Turbot > Service Roles > Configuration Recording > Name
- AWS > Turbot > Service Roles > Default EC2 Instance
- AWS > Turbot > Service Roles > Default EC2 Instance > Name
- AWS > Turbot > Service Roles > Default EC2 Instance > SSM Permissions
- AWS > Turbot > Service Roles > Event Handlers [Global]
- AWS > Turbot > Service Roles > Event Handlers [Global] > Name
- AWS > Turbot > Service Roles > Flow Logging
- AWS > Turbot > Service Roles > Flow Logging > Name
- AWS > Turbot > Service Roles > Name Path
- AWS > Turbot > Service Roles > Name Prefix
- AWS > Turbot > Service Roles > Source
- AWS > Turbot > Service Roles > SSM Notifications
- AWS > Turbot > Service Roles > SSM Notifications > Name
- AWS > Turbot > Service Roles > Terraform Version
Policy Packs
- AWS CIS v3.0.0 - Section 1 - Identity and Access Management
- AWS CIS v3.0.0 - Section 3 - Logging
- AWS CIS v3.0.0 - Section 4 - Monitoring
- Enable AWS IAM Service Roles
- Enable Event Poller for AWS Accounts
- Enable Global Event Handlers for AWS Accounts
- Enable Multi-Region CloudTrail Trails for AWS Accounts
- Enable Regional Event Handlers for AWS Accounts