Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Policy Packs
AWS CIS v3.0.0 - Section 1 - Identity and Access Management
  • AWS > EC2 > Instance > Instance Profile
  • AWS > EC2 > Instance > Instance Profile > Name
  • AWS > IAM > Access Key > Active
  • AWS > IAM > Access Key > Active > Age
  • AWS > IAM > Access Key > Active > Last Modified
  • AWS > IAM > Access Key > Active > Latest
  • AWS > IAM > Access Key > Active > Recently Used
  • AWS > IAM > Account Password Policy > Settings
  • AWS > IAM > Account Password Policy > Settings > Minimum Length
  • AWS > IAM > Account Password Policy > Settings > Reuse Prevention
  • AWS > IAM > Group > Inline Policy > Statements > Approved
  • AWS > IAM > Group > Inline Policy > Statements > Approved > Administrator Access
  • AWS > IAM > Policy > Statements > Approved
  • AWS > IAM > Policy > Statements > Approved > Rules
  • AWS > IAM > Role > Inline Policy > Statements > Approved
  • AWS > IAM > Role > Inline Policy > Statements > Approved > Administrator Access
  • AWS > IAM > Server Certificate > Active
  • AWS > IAM > Server Certificate > Active > Expired
  • AWS > IAM > Stack
  • AWS > IAM > Stack > Source
  • AWS > IAM > Stack > Terraform Version
  • AWS > IAM > User > Inline Policy > Approved
  • AWS > IAM > User > Inline Policy > Approved > Usage
  • AWS > IAM > User > Inline Policy > Statements > Approved
  • AWS > IAM > User > Inline Policy > Statements > Approved > Administrator Access
  • AWS > IAM > User > Login Profile
  • AWS > IAM > User > Policy Attachments > Approved
  • AWS > IAM > User > Policy Attachments > Approved > Rules
  • AWS > Region > Stack
  • AWS > Region > Stack > Source

Policy Settings

The AWS CIS v3.0.0 - Section 1 - Identity and Access Management policy pack has 30 policy settings:

PolicySettingNote
AWS > EC2 > Instance > Instance ProfileCheck: Instance profile attachedAWS CIS v3.0.0 - Controls: 1.18
AWS > EC2 > Instance > Instance Profile > NameorgDefaultInstanceProfileAWS CIS v3.0.0 - Controls: 1.18
AWS > IAM > Access Key > ActiveCheck: ActiveAWS CIS v3.0.0 - Controls: 1.12, 1.13 and 1.14
AWS > IAM > Access Key > Active > AgeForce inactive if age > 90 daysAWS CIS v3.0.0 - Controls: 1.14
AWS > IAM > Access Key > Active > Last ModifiedForce active if last modified <= 7 daysPrevents newly created access keys from being deleted for not having been used recently.
AWS > IAM > Access Key > Active > LatestForce inactive if not latestAWS CIS v3.0.0 - Controls: 1.13
AWS > IAM > Access Key > Active > Recently UsedForce active if recently used <= 30 daysAWS CIS v3.0.0 - Controls: 1.12
AWS > IAM > Account Password Policy > SettingsCheck: ConfiguredAWS CIS v3.0.0 - Controls: 1.8 & 1.9
AWS > IAM > Account Password Policy > Settings > Minimum Length14AWS CIS v3.0.0 - Controls: 1.8
AWS > IAM > Account Password Policy > Settings > Reuse Prevention24AWS CIS v3.0.0 - Controls: 1.9
AWS > IAM > Group > Inline Policy > Statements > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Controls: 1.16
AWS > IAM > Group > Inline Policy > Statements > Approved > Administrator AccessDisabled: Disallow Administrator Access ('*:*') policiesAWS CIS v3.0.0 - Controls: 1.16
AWS > IAM > Policy > Statements > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Controls: 1.16
AWS > IAM > Policy > Statements > Approved > RulesREJECT $.Effect:"Allow" $.Action:"*" $.Resource:"*" APPROVE * AWS CIS v3.0.0 - Controls: 1.16
AWS > IAM > Role > Inline Policy > Statements > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Controls: 1.16
AWS > IAM > Role > Inline Policy > Statements > Approved > Administrator AccessDisabled: Disallow Administrator Access ('*:*') policiesAWS CIS v3.0.0 - Controls: 1.16
AWS > IAM > Server Certificate > ActiveCheck: ActiveAWS CIS v3.0.0 - Controls: 1.19
AWS > IAM > Server Certificate > Active > ExpiredForce inactive if expiredAWS CIS v3.0.0 - Controls: 1.19
AWS > IAM > StackCheck: ConfiguredAWS CIS v3.0.0 - Controls: 1.17
AWS > IAM > Stack > SourceCalculatedAWS CIS v3.0.0 - Controls: 1.17
AWS > IAM > Stack > Terraform Version0.15.*AWS CIS v3.0.0 - Controls: 1.17
AWS > IAM > User > Inline Policy > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Controls: 1.15
AWS > IAM > User > Inline Policy > Approved > UsageNot approvedAWS CIS v3.0.0 - Controls: 1.15
AWS > IAM > User > Inline Policy > Statements > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Controls: 1.16
AWS > IAM > User > Inline Policy > Statements > Approved > Administrator AccessDisabled: Disallow Administrator Access ('*:*') policiesAWS CIS v3.0.0 - Controls: 1.16
AWS > IAM > User > Login ProfileCalculatedAWS CIS v3.0.0 - Controls: 1.10 & 1.11
AWS > IAM > User > Policy Attachments > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Controls: 1.15
AWS > IAM > User > Policy Attachments > Approved > RulesREJECT *AWS CIS v3.0.0 - Controls: 1.15
AWS > Region > StackCheck: ConfiguredAWS CIS v3.0.0 - Controls: 1.20
AWS > Region > Stack > Sourceresource "aws_accessanalyzer_analyzer" "cis_access_analyzer" { analyzer_name = "access_analyzer" type = "ACCOUNT" } AWS CIS v3.0.0 - Controls: 1.20
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy