CIS AWS Foundations Benchmark

Achieve and maintain compliance with the CIS AWS Foundations Benchmark recommendations.

Compliance in Days, Not Months

The CIS AWS Foundations Benchmark is an objective, consensus-driven guideline for establishing secure infrastructure on AWS. Gruntwork's production-grade, battle-tested infrastructure as code modules are built for compliance. Leverage them to achieve compliance with the Benchmark quickly and repeatably, avoiding the burden of a complex, drawn-out compliance project.

Grunty

Get a Detailed Walkthrough for compliance with the AWS Foundations Benchmark

See our guide: How to achieve compliance with the CIS AWS Foundations Benchmark Benchmark

Gruntwork Reference Architecture
An example AWS Reference Architecture. GCP Reference Architecture also available.
How It Works

How It Works

Review the guide

Read the How to achieve compliance with the CIS AWS Foundations Benchmark guide to get a handle on the concepts and process.

Use the compliance modules

Use the compliance modules to configure your account according to the recommendations in the Benchmark:
  • Create compliant IAM users, groups, roles, and policies
  • Require multi-factor authentication for accessing AWS
  • Enable AWS Config across all regions
  • Remove default VPCs and unnecessary default security groups
  • Configure CloudTrail integration with S3, KMS, and CloudWatch Logs
  • Establish metrics and alarms for compliance violations
  • Configure VPCs with flow logs and a minimal set of peering connections
  • Avoid overly permissive inbound security group rules
Get an End-to-End CIS Compliant Production-Grade Architecture

Request a Gruntwork Reference Architecture to get an end to end production-grade environment, certified by CIS for the AWS Foundations Benchmark, deployed into your AWS accounts, and fully managed as code—all in about 1 day!

Pass an audit

After using the modules to configure your AWS accounts, your infrastructure will pass muster with the CIS audit steps. Take a bow after your security team inspects your account for compliance.

Stay current

Our tests ensure that the modules remain compliant over time. We'll update the modules when new versions of the Benchmark are released, and the updates are included with the subscription.

Have another compliance objective?

Are you looking to achieve compliance with PCI DSS, HIPAA, NIST, or another standard? Contact us to discuss your project!

CIS AWS Foundations Benchmark Compliance Features

Pricing

Contact sales for pricing. Please note that to use the compliance modules, you must be a Gruntwork Subscriber.

Ready to hand off the Gruntwork?