Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/turbot/steampipe-mod-aws-compliance

Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
https://github.com/turbot/steampipe-mod-aws-compliance

aws cis cis-benchmark compliance hacktoberfest hipaa nist-csf pci pci-dss powerpipe powerpipe-mod rbi security sql steampipe steampipe-mod

Last synced: 27 days ago
JSON representation

Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.

Lists

README 

        
# AWS Compliance Mod for Powerpipe



> [!IMPORTANT]  

> [Powerpipe](https://powerpipe.io) is now the preferred way to run this mod! [Migrating from Steampipe →](https://powerpipe.io/blog/migrating-from-steampipe)

>

> All v0.x versions of this mod will work in both Steampipe and Powerpipe, but v1.0.0 onwards will be in Powerpipe format only.



540+ checks covering industry defined security best practices across all AWS regions. Includes full support for multiple best practice benchmarks including **the latest (v3.0.0) CIS benchmark**, PCI DSS, AWS Foundational Security, CISA Cyber Essentials, FedRAMP, FFIEC, GxP 21 CFR Part 11, GxP EU Annex 11, HIPAA Final Omnibus Security Rule 2013, HIPAA Security Rule 2003, NIST 800-53, NIST CSF, Reserve Bank of India, Audit Manager Control Tower, and more!



Run checks in a dashboard:

![image](https://raw.githubusercontent.com/turbot/steampipe-mod-aws-compliance/main/docs/aws_cis_v300_dashboard.png)



Or in a terminal:

![image](https://raw.githubusercontent.com/turbot/steampipe-mod-aws-compliance/main/docs/aws_cis_v300_console.png)



## Documentation



- **[Benchmarks and controls →](https://hub.powerpipe.io/mods/turbot/aws_compliance/controls)**

- **[Named queries →](https://hub.powerpipe.io/mods/turbot/aws_compliance/queries)**



## Getting Started



### Installation



Install Powerpipe (https://powerpipe.io/downloads), or use Brew:



```sh

brew install turbot/tap/powerpipe

```



This mod also requires [Steampipe](https://steampipe.io) with the [AWS plugin](https://hub.steampipe.io/plugins/turbot/aws) as the data source. Install Steampipe (https://steampipe.io/downloads), or use Brew:



```sh

brew install turbot/tap/steampipe

steampipe plugin install aws

```



Steampipe will automatically use your default AWS credentials. Optionally, you can [setup multiple accounts](https://hub.steampipe.io/plugins/turbot/aws#multi-account-connections) or [customize AWS credentials](https://hub.steampipe.io/plugins/turbot/aws#configuring-aws-credentials).



Finally, install the mod:



```sh

mkdir dashboards

cd dashboards

powerpipe mod init

powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

```



### Browsing Dashboards



Start Steampipe as the data source:



```sh

steampipe service start

```



Start the dashboard server:



```sh

powerpipe server

```



Browse and view your dashboards at **http://localhost:9033**.



### Running Checks in Your Terminal



Instead of running benchmarks in a dashboard, you can also run them within your

terminal with the `powerpipe benchmark` command:



List available benchmarks:



```sh

powerpipe benchmark list

```



Run a benchmark:



```sh

powerpipe benchmark run aws_compliance.benchmark.cis_v300

```



Different output formats are also available, for more information please see

[Output Formats](https://powerpipe.io/docs/reference/cli/benchmark#output-formats).



### Common and Tag Dimensions



The benchmark queries use common properties (like `account_id`, `connection_name` and `region`) and tags that are defined in the form of a default list of strings in the `variables.sp` file. These properties can be overwritten in several ways:



It's easiest to setup your vars file, starting with the sample:



```sh

cp steampipe.spvars.example steampipe.spvars

vi steampipe.spvars

```



Alternatively you can pass variables on the command line:



```sh

powerpipe benchmark run aws_compliance.benchmark.cis_v300 --var 'tag_dimensions=["Environment", "Owner"]'

```



Or through environment variables:



```sh

export PP_VAR_common_dimensions='["account_id", "connection_name", "region"]'

export PP_VAR_tag_dimensions='["Environment", "Owner"]'

powerpipe benchmark run aws_compliance.benchmark.cis_v300

```



## Open Source & Contributing



This repository is published under the [Apache 2.0 license](https://www.apache.org/licenses/LICENSE-2.0). Please see our [code of conduct](https://github.com/turbot/.github/blob/main/CODE_OF_CONDUCT.md). We look forward to collaborating with you!



[Steampipe](https://steampipe.io) and [Powerpipe](https://powerpipe.io) are products produced from this open source software, exclusively by [Turbot HQ, Inc](https://turbot.com). They are distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our [Open Source FAQ](https://turbot.com/open-source).



## Get Involved



**[Join #powerpipe on Slack →](https://turbot.com/community/join)**



Want to help but don't know where to start? Pick up one of the `help wanted` issues:



- [Powerpipe](https://github.com/turbot/powerpipe/labels/help%20wanted)

- [AWS Compliance Mod](https://github.com/turbot/steampipe-mod-aws-compliance/labels/help%20wanted)