Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/turbot/steampipe-mod-aws-compliance
Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
https://github.com/turbot/steampipe-mod-aws-compliance
aws cis cis-benchmark compliance hacktoberfest hipaa nist-csf pci pci-dss powerpipe powerpipe-mod rbi security sql steampipe steampipe-mod
Last synced: 6 days ago
JSON representation
Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
- Host: GitHub
- URL: https://github.com/turbot/steampipe-mod-aws-compliance
- Owner: turbot
- License: apache-2.0
- Created: 2021-05-19T21:38:55.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-10-24T08:34:58.000Z (11 days ago)
- Last Synced: 2024-10-25T03:37:25.820Z (10 days ago)
- Topics: aws, cis, cis-benchmark, compliance, hacktoberfest, hipaa, nist-csf, pci, pci-dss, powerpipe, powerpipe-mod, rbi, security, sql, steampipe, steampipe-mod
- Language: Puppet
- Homepage: https://hub.steampipe.io/mods/turbot/aws_compliance
- Size: 10.8 MB
- Stars: 371
- Watchers: 18
- Forks: 61
- Open Issues: 12
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Audit: audit_manager_control_tower/audit_manager_control_tower.pp
Awesome Lists containing this project
- DevSecOps - https://github.com/turbot/steampipe-mod-aws-compliance - mod-aws-compliance)](https://github.com/turbot/steampipe-mod-aws-compliance/stargazers) | (AWS)
README
# AWS Compliance Mod for Powerpipe
540+ checks covering industry defined security best practices across all AWS regions. Includes full support for multiple best practice benchmarks including **the latest (v4.0.0) CIS benchmark**, CIS AWS Compute Services, PCI DSS, AWS Foundational Security, CISA Cyber Essentials, FedRAMP, FFIEC, GxP 21 CFR Part 11, GxP EU Annex 11, HIPAA Final Omnibus Security Rule 2013, HIPAA Security Rule 2003, NIST 800-53, NIST CSF, NIST 800-172, Reserve Bank of India, Audit Manager Control Tower, Australian Cyber Security Center (ACSC) Essential Eight, and more!
Run checks in a dashboard:
Or in a terminal:
## Documentation
- **[Benchmarks and controls →](https://hub.powerpipe.io/mods/turbot/aws_compliance/controls)**
- **[Named queries →](https://hub.powerpipe.io/mods/turbot/aws_compliance/queries)**
## Getting Started
### Installation
Install Powerpipe (https://powerpipe.io/downloads), or use Brew:
```sh
brew install turbot/tap/powerpipe
```
This mod also requires [Steampipe](https://steampipe.io) with the [AWS plugin](https://hub.steampipe.io/plugins/turbot/aws) as the data source. Install Steampipe (https://steampipe.io/downloads), or use Brew:
```sh
brew install turbot/tap/steampipe
steampipe plugin install aws
```
Steampipe will automatically use your default AWS credentials. Optionally, you can [setup multiple accounts](https://hub.steampipe.io/plugins/turbot/aws#multi-account-connections) or [customize AWS credentials](https://hub.steampipe.io/plugins/turbot/aws#configuring-aws-credentials).
Finally, install the mod:
```sh
mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
```
### Browsing Dashboards
Start Steampipe as the data source:
```sh
steampipe service start
```
Start the dashboard server:
```sh
powerpipe server
```
Browse and view your dashboards at **http://localhost:9033**.
### Running Checks in Your Terminal
Instead of running benchmarks in a dashboard, you can also run them within your
terminal with the `powerpipe benchmark` command:
List available benchmarks:
```sh
powerpipe benchmark list
```
Run a benchmark:
```sh
powerpipe benchmark run aws_compliance.benchmark.cis_v400
```
Different output formats are also available, for more information please see
[Output Formats](https://powerpipe.io/docs/reference/cli/benchmark#output-formats).
### Common and Tag Dimensions
The benchmark queries use common properties (like `account_id`, `connection_name` and `region`) and tags that are defined in the form of a default list of strings in the `variables.sp` file. These properties can be overwritten in several ways:
It's easiest to setup your vars file, starting with the sample:
```sh
cp powerpipe.ppvars.example powerpipe.ppvars
vi powerpipe.ppvars
```
Alternatively you can pass variables on the command line:
```sh
powerpipe benchmark run aws_compliance.benchmark.cis_v400 --var 'tag_dimensions=["Environment", "Owner"]'
```
Or through environment variables:
```sh
export PP_VAR_common_dimensions='["account_id", "connection_name", "region"]'
export PP_VAR_tag_dimensions='["Environment", "Owner"]'
powerpipe benchmark run aws_compliance.benchmark.cis_v400
```
## Open Source & Contributing
This repository is published under the [Apache 2.0 license](https://www.apache.org/licenses/LICENSE-2.0). Please see our [code of conduct](https://github.com/turbot/.github/blob/main/CODE_OF_CONDUCT.md). We look forward to collaborating with you!
[Steampipe](https://steampipe.io) and [Powerpipe](https://powerpipe.io) are products produced from this open source software, exclusively by [Turbot HQ, Inc](https://turbot.com). They are distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our [Open Source FAQ](https://turbot.com/open-source).
## Get Involved
**[Join #powerpipe on Slack →](https://turbot.com/community/join)**
Want to help but don't know where to start? Pick up one of the `help wanted` issues:
- [Powerpipe](https://github.com/turbot/powerpipe/labels/help%20wanted)
- [AWS Compliance Mod](https://github.com/turbot/steampipe-mod-aws-compliance/labels/help%20wanted)