Mod: aws

The aws mod consists of 8 resource types, 162 policies and 26 controls.

Recommended Version

Resource Types

• AWS
• AWS > Account
• AWS > Account > Budget
• AWS > Organization
• AWS > Organization Root
• AWS > Organizational Unit
• AWS > Permission Map
• AWS > Region

Controls

• AWS > Account > Budget > Budget
• AWS > Account > CMDB
• AWS > Account > Discovery
• AWS > Account > Intelligent Assessment
• AWS > Account > Stack
• AWS > Account > Stack [Native]
• AWS > Organization > CMDB
• AWS > Organization > Intelligent Assessment
• AWS > Organization Root > CMDB
• AWS > Organization Root > Discovery
• AWS > Organization Root > Intelligent Assessment
• AWS > Organizational Unit > CMDB
• AWS > Organizational Unit > Discovery
• AWS > Organizational Unit > Intelligent Assessment
• AWS > Region > Discovery
• AWS > Region > Stack
• AWS > Region > Stack [Native]
• AWS > Turbot
• AWS > Turbot > Audit Trail
• AWS > Turbot > Event Handlers
• AWS > Turbot > Event Handlers [Global]
• AWS > Turbot > Event Poller
• AWS > Turbot > Logging
• AWS > Turbot > Logging > Bucket
• AWS > Turbot > Organization Event Poller
• AWS > Turbot > Service Roles

IAM Roles

• AWS/Admin
• AWS/Metadata
• AWS/Owner

Policies

• AWS > Account > Allowed Regions [Default]
• AWS > Account > Approved Regions [Default]
• AWS > Account > Budget > Enabled
• AWS > Account > Budget > State
• AWS > Account > Budget > Target
• AWS > Account > CMDB
• AWS > Account > Connection Region [Default]
• AWS > Account > Intelligent Assessment
• AWS > Account > Intelligent Assessment > Context
• AWS > Account > Intelligent Assessment > User Prompt
• AWS > Account > Partition
• AWS > Account > Regions
• AWS > Account > Stack
• AWS > Account > Stack [Native]
• AWS > Account > Stack [Native] > Drift Detection
• AWS > Account > Stack [Native] > Drift Detection > Interval
• AWS > Account > Stack [Native] > Modifier
• AWS > Account > Stack [Native] > Secret Variables
• AWS > Account > Stack [Native] > Source
• AWS > Account > Stack [Native] > Timeout
• AWS > Account > Stack [Native] > Variables
• AWS > Account > Stack [Native] > Version
• AWS > Account > Stack > Secret Variables
• AWS > Account > Stack > Source
• AWS > Account > Stack > Terraform Version
• AWS > Account > Stack > Variables
• AWS > Account > Tags Template [Default]
• AWS > Account > Trusted Accounts [Default]
• AWS > Account > Trusted Identity Providers [Default]
• AWS > Account > Trusted Organizations [Default]
• AWS > Account > Trusted Services [Default]
• AWS > Account > Turbot IAM Access Key ID
• AWS > Account > Turbot IAM Credential Type
• AWS > Account > Turbot IAM Role
• AWS > Account > Turbot IAM Role > Assume Role Timeout
• AWS > Account > Turbot IAM Role > External ID
• AWS > Account > Turbot IAM Role > External ID [Default]
• AWS > Account > Turbot IAM Role > External ID > Protection
• AWS > Account > Turbot IAM Role > Name [Default]
• AWS > Account > Turbot IAM Secret Access Key
• AWS > Organization > CMDB
• AWS > Organization > CMDB > Exclude
• AWS > Organization > Intelligent Assessment
• AWS > Organization > Intelligent Assessment > Context
• AWS > Organization > Intelligent Assessment > User Prompt
• AWS > Organization > Turbot IAM Role
• AWS > Organization > Turbot IAM Role > External ID
• AWS > Organization Root > CMDB
• AWS > Organization Root > Intelligent Assessment
• AWS > Organization Root > Intelligent Assessment > Context
• AWS > Organization Root > Intelligent Assessment > User Prompt
• AWS > Organizational Unit > CMDB
• AWS > Organizational Unit > Intelligent Assessment
• AWS > Organizational Unit > Intelligent Assessment > Context
• AWS > Organizational Unit > Intelligent Assessment > User Prompt
• AWS > Region > Connection Region
• AWS > Region > Discovery
• AWS > Region > Discovery > Connection Region [Deprecated]
• AWS > Region > Logging Bucket [Default]
• AWS > Region > Stack
• AWS > Region > Stack [Native]
• AWS > Region > Stack [Native] > Drift Detection
• AWS > Region > Stack [Native] > Drift Detection > Interval
• AWS > Region > Stack [Native] > Modifier
• AWS > Region > Stack [Native] > Secret Variables
• AWS > Region > Stack [Native] > Source
• AWS > Region > Stack [Native] > Timeout
• AWS > Region > Stack [Native] > Variables
• AWS > Region > Stack [Native] > Version
• AWS > Region > Stack > Secret Variables
• AWS > Region > Stack > Source
• AWS > Region > Stack > Terraform Version
• AWS > Region > Stack > Variables
• AWS > Turbot
• AWS > Turbot > Audit Trail
• AWS > Turbot > Audit Trail > CloudTrail
• AWS > Turbot > Audit Trail > CloudTrail > Trail
• AWS > Turbot > Audit Trail > CloudTrail > Trail > CloudWatch Role
• AWS > Turbot > Audit Trail > CloudTrail > Trail > Enabled
• AWS > Turbot > Audit Trail > CloudTrail > Trail > Encryption Key
• AWS > Turbot > Audit Trail > CloudTrail > Trail > Event Selectors
• AWS > Turbot > Audit Trail > CloudTrail > Trail > Global Region
• AWS > Turbot > Audit Trail > CloudTrail > Trail > Include Global Service Events
• AWS > Turbot > Audit Trail > CloudTrail > Trail > Log File Validation
• AWS > Turbot > Audit Trail > CloudTrail > Trail > Name
• AWS > Turbot > Audit Trail > CloudTrail > Trail > Name Prefix
• AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 Bucket
• AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 Key Prefix
• AWS > Turbot > Audit Trail > CloudTrail > Trail > SNS Topic
• AWS > Turbot > Audit Trail > CloudTrail > Trail > Tags
• AWS > Turbot > Audit Trail > CloudTrail > Trail > Type
• AWS > Turbot > Audit Trail > Source
• AWS > Turbot > Audit Trail > Terraform Version
• AWS > Turbot > Event Handlers
• AWS > Turbot > Event Handlers [Global]
• AWS > Turbot > Event Handlers [Global] > Events
• AWS > Turbot > Event Handlers [Global] > Events > Rules
• AWS > Turbot > Event Handlers [Global] > Events > Rules > Name Prefix
• AWS > Turbot > Event Handlers [Global] > Events > Rules > Tags
• AWS > Turbot > Event Handlers [Global] > Events > Target
• AWS > Turbot > Event Handlers [Global] > Events > Target > IAM Role ARN
• AWS > Turbot > Event Handlers [Global] > Primary Region
• AWS > Turbot > Event Handlers [Global] > SNS
• AWS > Turbot > Event Handlers [Global] > SNS > Topic
• AWS > Turbot > Event Handlers [Global] > SNS > Topic > Customer Managed Key
• AWS > Turbot > Event Handlers [Global] > SNS > Topic > Name Prefix
• AWS > Turbot > Event Handlers [Global] > SNS > Topic > Tags
• AWS > Turbot > Event Handlers [Global] > Source
• AWS > Turbot > Event Handlers [Global] > Terraform Version
• AWS > Turbot > Event Handlers > Events
• AWS > Turbot > Event Handlers > Events > Rules
• AWS > Turbot > Event Handlers > Events > Rules > Account Filter
• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns
• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws
• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > Billing Console
• AWS > Turbot > Event Handlers > Events > Rules > Event Sources
• AWS > Turbot > Event Handlers > Events > Rules > Name Prefix
• AWS > Turbot > Event Handlers > Events > Rules > Tags
• AWS > Turbot > Event Handlers > SNS
• AWS > Turbot > Event Handlers > SNS > Topic
• AWS > Turbot > Event Handlers > SNS > Topic > Customer Managed Key
• AWS > Turbot > Event Handlers > SNS > Topic > Name Prefix
• AWS > Turbot > Event Handlers > SNS > Topic > Tags
• AWS > Turbot > Event Handlers > Source
• AWS > Turbot > Event Handlers > Terraform Version
• AWS > Turbot > Event Poller
• AWS > Turbot > Event Poller > Excluded Events
• AWS > Turbot > Event Poller > Interval
• AWS > Turbot > Event Poller > Window
• AWS > Turbot > Logging
• AWS > Turbot > Logging > Bucket
• AWS > Turbot > Logging > Bucket > Access Logging
• AWS > Turbot > Logging > Bucket > Access Logging > Bucket
• AWS > Turbot > Logging > Bucket > Access Logging > Bucket > Key Prefix
• AWS > Turbot > Logging > Bucket > Default Encryption [Deprecated]
• AWS > Turbot > Logging > Bucket > Encryption in Transit
• AWS > Turbot > Logging > Bucket > Name
• AWS > Turbot > Logging > Bucket > Name > Prefix
• AWS > Turbot > Logging > Bucket > Regions
• AWS > Turbot > Logging > Bucket > Source
• AWS > Turbot > Logging > Bucket > Tags
• AWS > Turbot > Logging > Bucket > Versioning
• AWS > Turbot > Logging > Terraform Version
• AWS > Turbot > Organization Event Poller
• AWS > Turbot > Organization Event Poller > Interval
• AWS > Turbot > Organization Event Poller > Window
• AWS > Turbot > Service Roles
• AWS > Turbot > Service Roles > Configuration Recording
• AWS > Turbot > Service Roles > Configuration Recording > Name
• AWS > Turbot > Service Roles > Default EC2 Instance
• AWS > Turbot > Service Roles > Default EC2 Instance > Name
• AWS > Turbot > Service Roles > Default EC2 Instance > SSM Permissions
• AWS > Turbot > Service Roles > Event Handlers [Global]
• AWS > Turbot > Service Roles > Event Handlers [Global] > Name
• AWS > Turbot > Service Roles > Flow Logging
• AWS > Turbot > Service Roles > Flow Logging > Name
• AWS > Turbot > Service Roles > Name Path
• AWS > Turbot > Service Roles > Name Prefix
• AWS > Turbot > Service Roles > Source
• AWS > Turbot > Service Roles > SSM Notifications
• AWS > Turbot > Service Roles > SSM Notifications > Name
• AWS > Turbot > Service Roles > Terraform Version

Policy Packs

• AWS CIS v3.0.0 - Section 1 - Identity and Access Management
• AWS CIS v3.0.0 - Section 3 - Logging
• AWS CIS v3.0.0 - Section 4 - Monitoring
• Enable AWS IAM Service Roles
• Enable Event Poller for AWS Accounts
• Enable Global Event Handlers for AWS Accounts
• Enable Multi-Region CloudTrail Trails for AWS Accounts
• Enable Regional Event Handlers for AWS Accounts