Read our newest book, Fundamentals of DevOps and Software Delivery, for free!

CIS AWS v1.4 is out!

Headshot of Marina Limeira

Marina Limeira

SEP 17, 2021 | 2 min read
Featured Image of CIS AWS v1.4 is out!

In February, we launched an update to our CIS-compliant modules with the new version 1.3. In May, CIS announced a new version of the AWS Benchmark, version 1.4.0. Today, we announce the update of our CIS-compliant modules with the new version of the benchmark.

These recommendations were introduced in the latest version of the benchmark:
  • [2.1.3] Ensure MFA Delete is enabled on S3 buckets: All S3 buckets need to have MFA Delete enabled. This ensures that the bucket owner must include an MFA token in any request to delete an object version or change the versioning state of a bucket.
  • [2.1.4] Ensure all data in Amazon S3 has been discovered, classified and secured when required: All S3 buckets now need to be analyzed by Amazon Macie, which uses machine learning and pattern matching to find sensitive data automatically in buckets.
  • [2.3.1] Ensure that encryption is enabled for RDS Instances: All RDS instances now need to have storage encrypted by default.
Besides the new additions, we also updated one recommendation:
  • [1.12] Ensure credentials unused for 45 days or greater are disabled: All IAM users with passwords that haven’t signed into the AWS Console in the last 45 days and Access keys that are older than 45 days need to be disabled. The previous recommendation required unused credentials older than 90 days to be disabled. In addition, we also fixed a bug that was expiring all IAM passwords after 90 days regardless of whether they were used.
To learn more about CIS and for a step-by-step deployment guide that will help you achieve compliance with this benchmark, check out our guide on How to achieve compliance with the CIS AWS Foundations Benchmark.If you are looking to upgrade from version 1.3.0, check out the migration guide: How to update to CIS AWS Foundations Benchmark v1.4.0.
Share
Grunty
Resources

Explore our latest blog

Get the most up-to-date information and trends from our DevOps community.
TerraformResouces Image

Promotion Workflows with Terraform

How to configure GitOps-driven, immutable infrastructure workflows for Terraform using Gruntwork Patcher.
avatar

Jason Griffin

October 3, 2023 7 min read
TerraformResouces Image

The Impact of the HashiCorp License Change on Gruntwork Customers

How to configure GitOps-driven, immutable infrastructure workflows for Terraform using Gruntwork Patcher.
avatar

Josh Padnick

October 3, 2023 7 min read