Usecase Universe

A collective of use cases for DevOps teams

Browse a variety of 300+ predefined templates to automate all your AWS actions

Create Template
Solutions
All Categories

CIS-AWS

24 Times Used
22 MAY 2019
aws config delivery channel not enabled
CIS-AWS
Config

Checks if aws config delivery channel not enabled

Ensure CloudTrail trails are integrated with CloudWatch Logs
CIS-AWS
CloudTrail

Checks if CloudTrail trails are integrated with CloudWatch Logs

Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
CIS-AWS
CloudTrail

Checks if a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)

Ensure a log metric filter and alarm exist for usage of "root" account
CIS-AWS
CloudTrail

Checks if a log metric filter and alarm exist for usage of "root" account

Ensure IAM password policy require at least one symbol
IAM
CIS-AWS

Checks if IAM password policy require at least one symbol

Ensure CloudTrail is enabled in all regions
CIS-AWS
CloudTrail

Checks if CloudTrail is enabled in all regions

Ensure a log metric filter and alarm exist for CloudTrail configuration changes
CIS-AWS
CloudTrail

Checks if a log metric filter and alarm exist for CloudTrail configuration changes

Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
CIS-AWS
CloudTrail

Checks if a log metric filter and alarm exist for AWS Management Console authentication failures

Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
CloudWatch
CIS-AWS

Checks for log metric filter and Management Console sign-in without MFA alarm in your aws account.

Unrestricted Https Access
EC2
Security
Security
CIS-AWS

It is AWS best practice to get aware of Security Groups which allows HTTPS access from public IP to reduce possibility of breach. Allowing unrestricted HTTPs access can increase threats like hacking, denial-of-service (DoS) attacks and loss of data.

IAM Users - Admin Access and MFA Check
IAM
Security
Security
CIS-AWS

Sends a report of IAM users which have Admin access. Administrator access should be given to trusted users only.

Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
CloudTrail
CIS-AWS

Checks if a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs

AWS config configuration recorder not enabled
CIS-AWS
Config

Checks if AWS config configuration recorder not enabled

Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
CloudTrail
CloudWatch
CIS-AWS

Checks for log metric filter and Management Console sign-in without MFA alarm in your aws account

Ensure a log metric filter and alarm exist for changes to network gateways
CloudTrail
CIS-AWS

Checks if a log metric filter and alarm exist for changes to network gateways