Policy Settings
The AWS CIS v3.0.0 - Section 2 - Storage policy pack has 16 policy settings:
| Policy | Setting | Note |
|---|---|---|
| AWS > EC2 > Account Attributes > EBS Encryption by Default | Check: AWS managed key or higher | AWS CIS v3.0.0 - Control: 2.2.1 |
| AWS > EC2 > Instance > Approved | Check: Approved | AWS CIS v3.0.0 - Control: 2.2.1 |
| AWS > EC2 > Instance > Approved > Root Volume Encryption at Rest | AWS managed key or higher | AWS CIS v3.0.0 - Control: 2.2.1 |
| AWS > EC2 > Volume > Approved | Check: Approved | AWS CIS v3.0.0 - Control: 2.2.1 |
| AWS > EC2 > Volume > Approved > Encryption at Rest | AWS managed key or higher | AWS CIS v3.0.0 - Control: 2.2.1 |
| AWS > EFS > FileSystem > Approved | Check: Approved | AWS CIS v3.0.0 - Control: 2.4.1 |
| AWS > EFS > FileSystem > Approved > Encryption at Rest | AWS managed key or higher | AWS CIS v3.0.0 - Control: 2.4.1 |
| AWS > EFS > Mount Target > Approved | Check: Approved | AWS CIS v3.0.0 - Control: 2.4.1 |
| AWS > EFS > Mount Target > Approved > Custom | Calculated | AWS CIS v3.0.0 - Control: 2.4.1 |
| AWS > RDS > DB Instance > Approved | Check: Approved | AWS CIS v3.0.0 - Control: 2.3.1 |
| AWS > RDS > DB Instance > Approved > Encryption at Rest | AWS managed key or higher | AWS CIS v3.0.0 - Control: 2.3.1 |
| AWS > RDS > DB Instance > Auto Minor Version Upgrade | Check: Enabled | AWS CIS v3.0.0 - Control: 2.3.2 |
| AWS > RDS > DB Instance > Publicly Accessible | Check: DB Instance is not publicly accessible | AWS CIS v3.0.0 - Control: 2.3.3 |
| AWS > S3 > Bucket > Encryption in Transit | Check: Enabled | AWS CIS v3.0.0 - Control: 2.1.1 |
| AWS > S3 > Bucket > Public Access Block | Check: Per `Public Access Block > Settings` | AWS CIS v3.0.0 - Control: 2.1.4 |
| AWS > S3 > Bucket > Public Access Block > Settings | - Block Public ACLs - Block Public Bucket Policies - Ignore Public ACLs - Restrict Public Bucket Policies | AWS CIS v3.0.0 - Control: 2.1.4 |