{"id":21878300,"url":"https://github.com/pepabo/control-controls","last_synced_at":"2025-04-15T03:04:33.313Z","repository":{"id":37105069,"uuid":"481033008","full_name":"pepabo/control-controls","owner":"pepabo","description":"control-controls control controls of AWS Security Hub across all regions.","archived":false,"fork":false,"pushed_at":"2024-10-02T05:34:49.000Z","size":127,"stargazers_count":10,"open_issues_count":1,"forks_count":3,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-04-15T03:04:21.608Z","etag":null,"topics":["aws","aws-security-hub","security-hub"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pepabo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-13T01:45:56.000Z","updated_at":"2024-10-02T05:34:38.000Z","dependencies_parsed_at":"2024-06-21T00:11:02.062Z","dependency_job_id":"58ee92fb-245d-4a3f-b77e-1aeca2879f50","html_url":"https://github.com/pepabo/control-controls","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Fcontrol-controls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Fcontrol-controls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Fcontrol-controls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Fcontrol-controls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pepabo","download_url":"https://codeload.github.com/pepabo/control-controls/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248997083,"owners_count":21195798,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-security-hub","security-hub"],"created_at":"2024-11-28T08:12:14.221Z","updated_at":"2025-04-15T03:04:33.284Z","avatar_url":"https://github.com/pepabo.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# control-controls\n\ncontrol-controls control controls of AWS Security Hub across all regions.\n\n## Usage\n\nExport current security standards controls as a controls.yml.\n\n``` console\n$ control-controls export \u003e controls.yml\n2022-04-14T15:08:59+09:00 INF Fetching controls from eu-north-1\n2022-04-14T15:09:04+09:00 INF Fetching controls from ap-south-1\n2022-04-14T15:09:07+09:00 INF Fetching controls from eu-west-3\n2022-04-14T15:09:12+09:00 INF Fetching controls from eu-west-2\n2022-04-14T15:09:16+09:00 INF Fetching controls from eu-west-1\n2022-04-14T15:09:21+09:00 INF Fetching controls from ap-northeast-3\n2022-04-14T15:09:22+09:00 INF Fetching controls from ap-northeast-2\n2022-04-14T15:09:24+09:00 INF Fetching controls from ap-northeast-1\n2022-04-14T15:09:25+09:00 INF Fetching controls from sa-east-1\n2022-04-14T15:09:30+09:00 INF Fetching controls from ca-central-1\n2022-04-14T15:09:34+09:00 INF Fetching controls from ap-southeast-1\n2022-04-14T15:09:36+09:00 INF Fetching controls from ap-southeast-2\n2022-04-14T15:09:39+09:00 INF Fetching controls from eu-central-1\n2022-04-14T15:09:43+09:00 INF Fetching controls from us-east-1\n2022-04-14T15:09:47+09:00 INF Fetching controls from us-east-2\n2022-04-14T15:09:50+09:00 INF Fetching controls from us-west-1\n2022-04-14T15:09:53+09:00 INF Fetching controls from us-west-2\n$\n```\n\n\u003cdetails\u003e\n\n\u003csummary\u003eexported controls.yml is here\u003c/summary\u003e\n\n``` yaml\nautoEnable: true\nstandards:\n  aws-foundational-security-best-practices/v/1.0.0:\n    enable: true\n    controls:\n      enable: [APIGateway.5, AutoScaling.1, AutoScaling.2, CloudTrail.1, CloudTrail.2, CloudTrail.4, CloudTrail.5, Config.1, DynamoDB.1, EC2.19, EC2.2, EC2.21, EC2.6, ECR.3, ELB.10, ELB.5, ELB.7, ES.4, ES.5, ES.6, ES.7, ES.8, IAM.1, IAM.2, IAM.3, IAM.5, IAM.6, IAM.7, IAM.8, NetworkFirewall.6, RDS.11, RDS.17, RDS.18, RDS.19, RDS.2, RDS.20, RDS.21, RDS.22, RDS.23, RDS.25, RDS.3, RDS.5, Redshift.4, Redshift.6, Redshift.8, S3.1, S3.10, S3.11, S3.12, S3.2, S3.3, S3.4, S3.5, S3.6, S3.9, SQS.1, SSM.1, SSM.4]\n  cis-aws-foundations-benchmark/v/1.2.0:\n    enable: true\n    controls:\n      enable: [CIS.1.1, CIS.1.10, CIS.1.11, CIS.1.13, CIS.1.14, CIS.1.16, CIS.1.2, CIS.1.22, CIS.1.3, CIS.1.4, CIS.1.5, CIS.1.6, CIS.1.7, CIS.1.8, CIS.1.9, CIS.2.1, CIS.2.2, CIS.2.3, CIS.2.4, CIS.2.5, CIS.2.6, CIS.2.7, CIS.2.8, CIS.2.9, CIS.3.1, CIS.3.10, CIS.3.11, CIS.3.12, CIS.3.13, CIS.3.14, CIS.3.2, CIS.3.3, CIS.3.4, CIS.3.5, CIS.3.6, CIS.3.7, CIS.3.8, CIS.3.9, CIS.4.3]\n  pci-dss/v/3.2.1:\n    enable: false\nregions:\n  ap-northeast-1:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  ap-northeast-2:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  ap-northeast-3:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [RDS.16, RDS.24]\n  ap-south-1:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  ap-southeast-1:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  ap-southeast-2:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  ca-central-1:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  eu-central-1:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  eu-north-1:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  eu-west-1:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  eu-west-2:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  eu-west-3:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  sa-east-1:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.13, RDS.4, RDS.6, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  us-east-1:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CloudFront.1, CloudFront.2, CloudFront.3, CloudFront.4, CloudFront.5, CloudFront.6, CloudFront.7, CloudFront.8, CloudFront.9, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4, WAF.1]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  us-east-2:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  us-west-1:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n  us-west-2:\n    standards:\n      aws-foundational-security-best-practices/v/1.0.0:\n        controls:\n          enable: [ACM.1, APIGateway.1, APIGateway.2, APIGateway.3, APIGateway.4, Autoscaling.5, CodeBuild.1, CodeBuild.2, CodeBuild.4, CodeBuild.5, DMS.1, DynamoDB.2, DynamoDB.3, EC2.1, EC2.10, EC2.15, EC2.16, EC2.17, EC2.18, EC2.20, EC2.22, EC2.3, EC2.4, EC2.7, EC2.8, EC2.9, ECS.1, ECS.2, EFS.1, EFS.2, ELB.2, ELB.3, ELB.4, ELB.6, ELB.8, ELB.9, ELBv2.1, EMR.1, ES.1, ES.2, ES.3, ElasticBeanstalk.1, ElasticBeanstalk.2, GuardDuty.1, IAM.21, IAM.4, KMS.1, KMS.2, KMS.3, Lambda.1, Lambda.2, Lambda.5, Opensearch.1, Opensearch.2, Opensearch.3, Opensearch.4, Opensearch.5, Opensearch.6, Opensearch.8, RDS.1, RDS.10, RDS.12, RDS.13, RDS.14, RDS.15, RDS.16, RDS.24, RDS.4, RDS.6, RDS.7, RDS.8, RDS.9, Redshift.1, Redshift.2, Redshift.3, Redshift.7, S3.8, SNS.1, SSM.2, SSM.3, SageMaker.1, SecretsManager.1, SecretsManager.2, SecretsManager.3, SecretsManager.4]\n      cis-aws-foundations-benchmark/v/1.2.0:\n        controls:\n          enable: [CIS.1.12, CIS.1.20, CIS.4.1, CIS.4.2]\n```\n\n\u003c/details\u003e\n\nFor example, disable controls (Redshift.4, Redshift.6, Redshift.8).\n\n``` yaml\nautoEnable: true\nstandards:\n  aws-foundational-security-best-practices/v/1.0.0:\n    enable: true\n    controls:\n      enable: [APIGateway.5, AutoScaling.1, AutoScaling.2, CloudTrail.1, CloudTrail.2, CloudTrail.4, CloudTrail.5, Config.1, DynamoDB.1, EC2.19, EC2.2, EC2.21, EC2.6, ECR.3, ELB.10, ELB.5, ELB.7, ES.4, ES.5, ES.6, ES.7, ES.8, IAM.1, IAM.2, IAM.3, IAM.5, IAM.6, IAM.7, IAM.8, NetworkFirewall.6, RDS.11, RDS.17, RDS.18, RDS.19, RDS.2, RDS.20, RDS.21, RDS.22, RDS.23, RDS.25, RDS.3, RDS.5, S3.1, S3.10, S3.11, S3.12, S3.2, S3.3, S3.4, S3.5, S3.6, S3.9, SQS.1, SSM.1, SSM.4]\n      disable:\n        Redshift.4: Redshift is not running.\n        Redshift.6: Redshift is not running.\n        Redshift.8: Redshift is not running.\n[...]\n```\n\nDry run.\n\n``` console\n$ control-controls plan controls.yml\n2022-04-14T15:16:54+09:00 INF Checking eu-north-1\n2022-04-14T15:17:02+09:00 INF Checking ap-south-1\n2022-04-14T15:17:08+09:00 INF Checking eu-west-3\n2022-04-14T15:17:15+09:00 INF Checking eu-west-2\n2022-04-14T15:17:23+09:00 INF Checking eu-west-1\n2022-04-14T15:17:31+09:00 INF Checking ap-northeast-3\n2022-04-14T15:17:34+09:00 INF Checking ap-northeast-2\n2022-04-14T15:17:37+09:00 INF Checking ap-northeast-1\n2022-04-14T15:17:40+09:00 INF Checking sa-east-1\n2022-04-14T15:17:49+09:00 INF Checking ca-central-1\n2022-04-14T15:17:55+09:00 INF Checking ap-southeast-1\n2022-04-14T15:17:59+09:00 INF Checking ap-southeast-2\n2022-04-14T15:18:05+09:00 INF Checking eu-central-1\n2022-04-14T15:18:13+09:00 INF Checking us-east-1\n2022-04-14T15:18:19+09:00 INF Checking us-east-2\n2022-04-14T15:18:25+09:00 INF Checking us-west-1\n2022-04-14T15:18:31+09:00 INF Checking us-west-2\n- eu-north-1::standards::aws-foundational-security-best-practices/v/1.0.0::controls::Redshift.4 (disabled reason: Redshift is not running.)\n- eu-north-1::standards::aws-foundational-security-best-practices/v/1.0.0::controls::Redshift.6 (disabled reason: Redshift is not running.)\n- eu-north-1::standards::aws-foundational-security-best-practices/v/1.0.0::controls::Redshift.8 (disabled reason: Redshift is not running.)\n- ap-south-1::standards::aws-foundational-security-best-practices/v/1.0.0::controls::Redshift.4 (disabled reason: Redshift is not running.)\n- ap-south-1::standards::aws-foundational-security-best-practices/v/1.0.0::controls::Redshift.6 (disabled reason: Redshift is not running.)\n[...]\n- us-west-1::standards::aws-foundational-security-best-practices/v/1.0.0::controls::Redshift.6 (disabled reason: Redshift is not running.)\n- us-west-1::standards::aws-foundational-security-best-practices/v/1.0.0::controls::Redshift.8 (disabled reason: Redshift is not running.)\n- us-west-2::standards::aws-foundational-security-best-practices/v/1.0.0::controls::Redshift.4 (disabled reason: Redshift is not running.)\n- us-west-2::standards::aws-foundational-security-best-practices/v/1.0.0::controls::Redshift.6 (disabled reason: Redshift is not running.)\n- us-west-2::standards::aws-foundational-security-best-practices/v/1.0.0::controls::Redshift.8 (disabled reason: Redshift is not running.)\n\nPlan: 0 to enable, 51 to disable\n```\n\nApply changes.\n\n``` console\n$ control-controls apply controls.yml\n2022-04-14T15:43:37+09:00 INF Applying to eu-north-1\n2022-04-14T15:43:46+09:00 INF Disable control Control=Redshift.4 Reason=\"Redshift is not running.\" Region=eu-north-1 Standard=aws-foundational-security-best-practice\ns/v/1.0.0\n2022-04-14T15:43:47+09:00 INF Disable control Control=Redshift.6 Reason=\"Redshift is not running.\" Region=eu-north-1 Standard=aws-foundational-security-best-practice\ns/v/1.0.0\n2022-04-14T15:43:49+09:00 INF Disable control Control=Redshift.8 Reason=\"Redshift is not running.\" Region=eu-north-1 Standard=aws-foundational-security-best-practice\ns/v/1.0.0\n2022-04-14T15:43:51+09:00 INF Applying to ap-south-1\n2022-04-14T15:43:56+09:00 INF Disable control Control=Redshift.4 Reason=\"Redshift is not running.\" Region=ap-south-1 Standard=aws-foundational-security-best-practice\ns/v/1.0.0\n2022-04-14T15:43:57+09:00 INF Disable control Control=Redshift.6 Reason=\"Redshift is not running.\" Region=ap-south-1 Standard=aws-foundational-security-best-practice\ns/v/1.0.0\n[...]\n2022-04-14T15:46:18+09:00 INF Disable control Control=Redshift.6 Reason=\"Redshift is not running.\" Region=us-west-1 Standard=aws-foundational-security-best-practices\n/v/1.0.0\n2022-04-14T15:46:19+09:00 INF Disable control Control=Redshift.8 Reason=\"Redshift is not running.\" Region=us-west-1 Standard=aws-foundational-security-best-practices\n/v/1.0.0\n2022-04-14T15:46:20+09:00 INF Applying to us-west-2\n2022-04-14T15:46:26+09:00 INF Disable control Control=Redshift.4 Reason=\"Redshift is not running.\" Region=us-west-2 Standard=aws-foundational-security-best-practices\n/v/1.0.0\n2022-04-14T15:46:27+09:00 INF Disable control Control=Redshift.6 Reason=\"Redshift is not running.\" Region=us-west-2 Standard=aws-foundational-security-best-practices\n/v/1.0.0\n2022-04-14T15:46:29+09:00 INF Disable control Control=Redshift.8 Reason=\"Redshift is not running.\" Region=us-west-2 Standard=aws-foundational-security-best-practices\n/v/1.0.0\n\nApply complete\n```\n\n## Configuration\n\n### `autoEnable`\n\nAutomatically enabling new controls across all regions.\n\nref: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-auto-enable.html\n\n``` yaml\nautoEnable: true\n```\n\n### `standards.\u003cstandard\u003e.enable`\n\nEnabling a security standard across all regions.\n\nref: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html\n\n``` yaml\nstandards:\n  aws-foundational-security-best-practices/v/1.0.0:\n    enable: true\n  cis-aws-foundations-benchmark/v/1.2.0:\n    enable: true\n  pci-dss/v/3.2.1:\n    enable: false\n```\n\n### `standards.\u003cstandard\u003e.controls.enable`\n\nEnabling individual controls across all regions.\n\nref: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable-controls.html\n\n``` yaml\nstandards:\n  aws-foundational-security-best-practices/v/1.0.0:\n    enable: true\n    controls:\n      enable: [APIGateway.5, AutoScaling.1, AutoScaling.2, CloudTrail.1, CloudTrail.2, CloudTrail.4, CloudTrail.5, Config.1, DynamoDB.1, EC2.19, EC2.2, EC2.21, EC2.6, ECR.3, ELB.10, ELB.5, ELB.7, ES.4, ES.5, ES.6, ES.7, ES.8, IAM.1, IAM.2, IAM.3, IAM.5, IAM.6, IAM.7, IAM.8, NetworkFirewall.6, RDS.11, RDS.17, RDS.18, RDS.19, RDS.2, RDS.20, RDS.21, RDS.22, RDS.23, RDS.25, RDS.3, RDS.5, Redshift.4, Redshift.6, Redshift.8, S3.1, S3.10, S3.11, S3.12, S3.2, S3.3, S3.4, S3.5, S3.6, S3.9, SQS.1, SSM.1, SSM.4]\n```\n\n### `standards.\u003cstandard\u003e.controls.disable`\n\nDisabling individual controls across all regions.\n\nref: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable-controls.html\n\n``` yaml\nstandards:\n  aws-foundational-security-best-practices/v/1.0.0:\n    enable: true\n    controls:\n      disable:\n        Redshift.4: Redshift is not running.\n        Redshift.6: Redshift is not running.\n        Redshift.8: Redshift is not running.\n```\n\n### `standards.\u003cstandard\u003e.findings.\u003ccontrol_id\u003e.\u003ctarget_arn\u003e.status`\n\nSet workflow status to individual findings across all regions.\n\nref: https://docs.aws.amazon.com/securityhub/latest/userguide/finding-workflow-status.html\n\n``` yaml\nstandards:\n  aws-foundational-security-best-practices/v/1.0.0:\n    findings:\n      S3.2:\n        arn:aws:s3:::static.example.com:\n          status: SUPPRESSED\n          note: Use as simple web hosting\n```\n\n### `standards.\u003cstandard\u003e.findings.\u003ccontrol_id\u003e.\u003ctarget_arn\u003e.note`\n\nSet note to individual findings across all regions.\n\nref: https://docs.aws.amazon.com/securityhub/latest/userguide/asff-note.html\n\n### `regions.\u003cregion\u003e.standards.*`\n\nSet override settings for each region.\n\n## Overlay\n\nIt is possible to override the settings with `--overlay` option.\n\n``` console\n$ control-controls plan base.yml --overlay custom.yml\n[...]\n$ control-controls apply base.yml --overlay custom.yml\n[...]\n```\n\n## Required permissions\n\n- `ec2:DescribeRegions`\n- `securityhub:*`\n\n## Install\n\n**homebrew tap:**\n\n```console\n$ brew install pepabo/tap/control-controls\n```\n\n**manually:**\n\nDownload binany from [releases page](https://github.com/pepabo/control-controls/releases)\n\n**go install:**\n\n```console\n$ go install github.com/pepabo/control-controls@latest\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpepabo%2Fcontrol-controls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpepabo%2Fcontrol-controls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpepabo%2Fcontrol-controls/lists"}