CIS AWS Foundations Benchmark

Achieve and maintain compliance with the CIS AWS Foundations Benchmark recommendations.

Contact Sales

Compliance in days, not months

The CIS AWS Foundations Benchmark is an objective, consensus-driven guideline for establishing secure infrastructure on AWS. Gruntwork's production-grade, battle-tested infrastructure as code modules are built for compliance. Leverage them to achieve compliance with the Benchmark quickly and repeatably, avoiding the burden of a complex, drawn-out compliance project.

Get a Detailed Walkthrough for compliance with the AWS Foundations Benchmark
See our guide: How to achieve compliance with the CIS AWS Foundations Benchmark.

CIS Compliance An AWS account configured for compliance with the AWS CIS Foundations Benchmark.

How It Works

Review the guide

Read the How to achieve compliance with the CIS AWS Foundations Benchmark guide to get a handle on the concepts and process.

Use the compliance modules

Use the compliance modules to configure your account according to the recommendations in the Benchmark:

  • Create compliant IAM users, groups, roles, and policies
  • Require multi-factor authentication for accessing AWS
  • Enable AWS Config across all regions
  • Remove default VPCs and unnecessary default security groups
  • Configure CloudTrail integration with S3, KMS, and CloudWatch Logs
  • Establish metrics and alarms for compliance violations
  • Configure VPCs with flow logs and a minimal set of peering connections
  • Avoid overly permissive inbound security group rules

Get an End-to-End CIS Compliant Production-Grade Architecture
Request a Gruntwork Reference Architecture to get an end to end production-grade environment, certified by CIS for the AWS Foundations Benchmark, deployed into your AWS accounts, and fully managed as code—all in about 1 day!

Pass an audit

After using the modules to configure your AWS accounts, your infrastructure will pass muster with the CIS audit steps. Take a bow after your security team inspects your account for compliance.

Stay current

Our tests ensure that the modules remain compliant over time. We'll update the modules when new versions of the Benchmark are released, and the updates are included with the subscription.

Have another compliance objective?

Are you looking to achieve compliance with PCI DSS, HIPAA, NIST, or another standard? Contact us to discuss your project!

CIS AWS Foundations Benchmark Compliance Features

Compliance modules

Compliance modules

Exclusive access to a set of CIS-compliant infrastructure code, including modules for AWS Config, CloudTrail, VPC Flow Logs, & more.

CIS certified

CIS certified

The Gruntwork compliance modules are certified compliant by the Center for Internet Security.



Achieve a compliant infrastructure in a fraction of the time it would take to do it from scratch.



Use the compliance modules across multiple AWS accounts, regions, and environments.



Built for the security minded. Even AWS agrees!

Documented and tested

Documented and tested

Thorough docs and automated tests make compliance easy.


Contact sales for pricing. Please note that to use the compliance modules, you must be a Gruntwork Subscriber.