Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Policy Packs
AWS CIS v3.0.0 - Section 3 - Logging
  • AWS > CloudTrail > Trail > Encryption at Rest
  • AWS > CloudTrail > Trail > Encryption at Rest > Customer Managed Key
  • AWS > CloudTrail > Trail > Log File Validation
  • AWS > Config > Configuration Recording
  • AWS > KMS > Key > Rotation
  • AWS > S3 > Bucket > Access Logging
  • AWS > S3 > Bucket > Access Logging > Bucket
  • AWS > Turbot > Audit Trail
  • AWS > Turbot > Audit Trail > CloudTrail > Trail > Encryption Key
  • AWS > Turbot > Audit Trail > CloudTrail > Trail > Event Selectors
  • AWS > Turbot > Audit Trail > CloudTrail > Trail > Global Region
  • AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 Bucket
  • AWS > Turbot > Audit Trail > CloudTrail > Trail > Type
  • AWS > Turbot > Logging > Bucket
  • AWS > Turbot > Logging > Bucket > Encryption in Transit
  • AWS > VPC > VPC > Flow Logging

Policy Settings

The AWS CIS v3.0.0 - Section 3 - Logging policy pack has 16 policy settings:

PolicySettingNote
AWS > CloudTrail > Trail > Encryption at RestCheck: Encryption at Rest > Customer Managed KeyAWS CIS v3.0.0 - Controls: 3.5
AWS > CloudTrail > Trail > Encryption at Rest > Customer Managed Keyalias/turbot/defaultAWS CIS v3.0.0 - Controls: 3.5
AWS > CloudTrail > Trail > Log File ValidationCheck: EnabledAWS CIS v3.0.0 - Controls: 3.2
AWS > Config > Configuration RecordingCheck: ConfiguredAWS CIS v3.0.0 - Controls: 3.3
AWS > KMS > Key > RotationCheck: EnabledAWS CIS v3.0.0 - Controls: 3.6
AWS > S3 > Bucket > Access LoggingCheck: Enabled to Access Logging > BucketAWS CIS v3.0.0 - Controls: 3.4
AWS > S3 > Bucket > Access Logging > BucketCalculatedAWS CIS v3.0.0 - Controls: 3.4
AWS > Turbot > Audit TrailCheck: ConfiguredAWS CIS v3.0.0 - Controls: 3.1
AWS > Turbot > Audit Trail > CloudTrail > Trail > Encryption KeyCalculatedAWS CIS v3.0.0 - Controls: 3.1
AWS > Turbot > Audit Trail > CloudTrail > Trail > Event Selectorsevent_selector { read_write_type = "All" include_management_events = true data_resource { type = "AWS::S3::Object" values = ["arn:aws:s3"] } } AWS CIS v3.0.0 - Controls: 3.1 & 3.8 & 3.9
AWS > Turbot > Audit Trail > CloudTrail > Trail > Global Regionus-east-1AWS CIS v3.0.0 - Controls: 3.1
AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 BucketCalculatedAWS CIS v3.0.0 - Controls: 3.1
AWS > Turbot > Audit Trail > CloudTrail > Trail > TypeA multi-region trail in the `Trail > Global Region` in each accountAWS CIS v3.0.0 - Controls: 3.1
AWS > Turbot > Logging > BucketCheck: ConfiguredAWS CIS v3.0.0 - Controls: 3.1
AWS > Turbot > Logging > Bucket > Encryption in TransitEnabledAWS CIS v3.0.0 - Controls: 3.1
AWS > VPC > VPC > Flow LoggingCheck: Configured per `Flow Logging > *`AWS CIS v3.0.0 - Controls: 3.7
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy