Policy Settings
The AWS CIS v3.0.0 - Section 5 - Networking policy pack has 7 policy settings:
| Policy | Setting | Note |
|---|---|---|
| AWS > EC2 > Account Attributes > Instance Metadata Service Defaults | Check: Enabled for V2 only | AWS CIS v3.0.0 - Controls: 5.6 |
| AWS > VPC > Network ACL > Ingress Rules > Approved | Check: Approved | AWS CIS v3.0.0 - Controls: 5.1 |
| AWS > VPC > Network ACL > Ingress Rules > Approved > Rules | # Reject port range sizes -1 (all traffic) REJECT \ $.turbot.portRangeSize:-1 \ $.turbot.cidr:0.0.0.0/0 # Reject prohibited ports REJECT \ $.turbot.ports.+:22,3389 \ $.IpProtocol:tcp,udp \ $.turbot.cidr:0.0.0.0/0 # Approve any unmatched rules APPROVE * | AWS CIS v3.0.0 - Controls: 5.1 |
| AWS > VPC > Security Group > Egress Rules > Approved | Check: Approved | AWS CIS v3.0.0 - Controls: 5.4 |
| AWS > VPC > Security Group > Egress Rules > Approved > Rules | Calculated | AWS CIS v3.0.0 - Controls: 5.4 |
| AWS > VPC > Security Group > Ingress Rules > Approved | Check: Approved | AWS CIS v3.0.0 - Controls: 5.2, 5.3, 5.4 |
| AWS > VPC > Security Group > Ingress Rules > Approved > Rules | Calculated | AWS CIS v3.0.0 - Controls: 5.2, 5.3, 5.4 |