Usecase Universe

A collective of use cases for DevOps teams

Browse a variety of 300+ predefined templates to automate all your AWS actions

Create Template
Solutions
All Categories

CIS-AWS

24 Times Used
22 MAY 2019
IAM Users - Admin Access and MFA Check
IAM
Security
Security
CIS-AWS

Sends a report of IAM users which have Admin access. Administrator access should be given to trusted users only.

Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
CloudTrail
CIS-AWS

Checks if a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs

AWS config configuration recorder not enabled
CIS-AWS
Config

Checks if AWS config configuration recorder not enabled

Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
CloudTrail
CloudWatch
CIS-AWS

Checks for log metric filter and Management Console sign-in without MFA alarm in your aws account

Ensure a log metric filter and alarm exist for changes to network gateways
CloudTrail
CIS-AWS

Checks if a log metric filter and alarm exist for changes to network gateways

Ensure IAM password policy require expire passwords within 90 days
IAM
CIS-AWS

Checks if IAM password policy require expire passwords within 90 days

Ensure a log metric filter and alarm exist for VPC changes
IAM
CIS-AWS

Checks if a log metric filter and alarm exist for VPC changes

Expired IAM Access Keys (90 Days)
IAM
CIS-AWS

Ensure credentials unused for 90 days or greater are disabled

Ensure IAM password policy prevents password reuse
CIS-AWS
IAM

Checks if IAM password policy prevents password reuse

Ensure IAM password policy require at least one number
CIS-AWS
IAM

Checks if IAM password policy require at least one number

Ensure CloudTrail trails are integrated with CloudWatch Logs
CIS-AWS
CloudTrail

Checks if CloudTrail trails are integrated with CloudWatch Logs

Ensure a log metric filter and alarm exist for security group changes
CIS-AWS
CloudTrail

checks if a log metric filter and alarm exist for security group changes

Ensure IAM password policy require min length of 14
CIS-AWS
IAM

Checks if IAM password policy require min length of 14

IAM Users with Unused Console Credentials
CIS-AWS
IAM

Ensure console credentials are rotated every 90 days or less

Ensure a log metric filter and alarm exist for AWS Config configuration changes
CIS-AWS
CloudTrail
CIS-AWS

checks if a log metric filter and alarm exist for AWS Config configuration changes