Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Policy Packs
AWS CIS v3.0.0 - Section 2 - Storage
  • AWS > EC2 > Account Attributes > EBS Encryption by Default
  • AWS > EC2 > Instance > Approved
  • AWS > EC2 > Instance > Approved > Root Volume Encryption at Rest
  • AWS > EC2 > Volume > Approved
  • AWS > EC2 > Volume > Approved > Encryption at Rest
  • AWS > EFS > FileSystem > Approved
  • AWS > EFS > FileSystem > Approved > Encryption at Rest
  • AWS > EFS > Mount Target > Approved
  • AWS > EFS > Mount Target > Approved > Custom
  • AWS > RDS > DB Instance > Approved
  • AWS > RDS > DB Instance > Approved > Encryption at Rest
  • AWS > RDS > DB Instance > Auto Minor Version Upgrade
  • AWS > RDS > DB Instance > Publicly Accessible
  • AWS > S3 > Bucket > Encryption in Transit
  • AWS > S3 > Bucket > Public Access Block
  • AWS > S3 > Bucket > Public Access Block > Settings

Policy Settings

The AWS CIS v3.0.0 - Section 2 - Storage policy pack has 16 policy settings:

PolicySettingNote
AWS > EC2 > Account Attributes > EBS Encryption by DefaultCheck: AWS managed key or higherAWS CIS v3.0.0 - Control: 2.2.1
AWS > EC2 > Instance > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Control: 2.2.1
AWS > EC2 > Instance > Approved > Root Volume Encryption at RestAWS managed key or higherAWS CIS v3.0.0 - Control: 2.2.1
AWS > EC2 > Volume > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Control: 2.2.1
AWS > EC2 > Volume > Approved > Encryption at RestAWS managed key or higherAWS CIS v3.0.0 - Control: 2.2.1
AWS > EFS > FileSystem > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Control: 2.4.1
AWS > EFS > FileSystem > Approved > Encryption at RestAWS managed key or higherAWS CIS v3.0.0 - Control: 2.4.1
AWS > EFS > Mount Target > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Control: 2.4.1
AWS > EFS > Mount Target > Approved > CustomCalculatedAWS CIS v3.0.0 - Control: 2.4.1
AWS > RDS > DB Instance > ApprovedCheck: ApprovedAWS CIS v3.0.0 - Control: 2.3.1
AWS > RDS > DB Instance > Approved > Encryption at RestAWS managed key or higherAWS CIS v3.0.0 - Control: 2.3.1
AWS > RDS > DB Instance > Auto Minor Version UpgradeCheck: EnabledAWS CIS v3.0.0 - Control: 2.3.2
AWS > RDS > DB Instance > Publicly AccessibleCheck: DB Instance is not publicly accessibleAWS CIS v3.0.0 - Control: 2.3.3
AWS > S3 > Bucket > Encryption in TransitCheck: EnabledAWS CIS v3.0.0 - Control: 2.1.1
AWS > S3 > Bucket > Public Access BlockCheck: Per `Public Access Block > Settings`AWS CIS v3.0.0 - Control: 2.1.4
AWS > S3 > Bucket > Public Access Block > Settings- Block Public ACLs - Block Public Bucket Policies - Ignore Public ACLs - Restrict Public Bucket Policies AWS CIS v3.0.0 - Control: 2.1.4
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy