Read our newest book, Fundamentals of DevOps and Software Delivery, for free!

Introducing: CIS Service Catalog and CIS Reference Architecture 2.0

Headshot of Ana Krivokapić

Ana Krivokapić

JUN 2, 2021 | 3 min read
Featured Image of Introducing: CIS Service Catalog and CIS Reference Architecture 2.0
After a few months of diligent work, we’re happy to announce the general availability of the CIS Service Catalog and CIS Reference Architecture 2.0! This is the fastest way to launch infrastructure in AWS that is compliant with the CIS AWS Foundations Benchmark.

For the last few years, we’ve provided customers with low-level Terraform modules that are compliant with the CIS AWS Foundations Benchmark out of the box: for example, we have one module that creates compliant Network ACLs (which met AWS CIS Benchmark recommendation 5.1), another module that creates compliant Security Groups (recommendation 5.2), and another one that creates the VPCs themselves. These modules were great, but it took a lot of work to assemble them into a production-grade infrastructure. With the addition of the CIS Service Catalog, we’ve added high-level services, an opinionated way to combine multiple modules into a single unit designed to be deployed directly to production, with almost no code to write.For example, you can now use our Landing Zone services to deploy a CIS-compliant AWS Landing Zone in a few minutes. The Landing Zone services combine modules for CloudTrail, AWS Config, GuardDuty, EBS encryption, and all other CIS requirements.As another example, here’s a code snippet you could use to deploy a CIS-compliant VPC that blocks all access to the remote server administration ports (recommendations 5.1 and 5.2):
module "vpc" { # Replace <VERSION> with the most recent release from the https://github.com/gruntwork-io/terraform-aws-cis-service-catalog/releases: source = "git::git@github.com:gruntwork-io/terraform-aws-cis-service-catalog.git//modules/networking/vpc?ref=<VERSION>" # Set the basic required variables first vpc_name = "example-vpc" aws_region = "us-east-1" cidr_block = "10.2.0.0/16" num_nat_gateways = 1 # Other params omitted to keep the example simple }

The easiest way to take advantage of the CIS compliance offering is to opt for the Gruntwork subscription with the Gruntwork Reference Architecture option. The Reference Architecture is an end-to-end architecture that includes Landing Zone, VPC, EKS, and everything else you will need to run your entire infrastructure stack on AWS, all 100% managed as code. We will then deploy your entire architecture, configured for CIS compliance, in about one day.We recently launched the 2.0 version of the Reference Architecture, which includes significant improvements and new features, such as the Gruntwork Landing Zone solution, the Gruntwork Pipelines solution, the latest Terragrunt features, Terraform 0.14 compatibility, end-to-end encryption by default, and much more.
Alternatively, you can compose your architecture yourself and configure it for CIS compliance by taking advantage of our terraform-aws-cis-service-catalog git repository. See the code snippet above for an example.

With Gruntwork compliance, we take care of all the grunt work of keeping up with the standard, so your team can stay focused & secure:

If all this sounds potentially of interest and you’d like to learn more about our compliance offering, please contact us!
Share
Grunty
Resources

Explore our latest blog

Get the most up-to-date information and trends from our DevOps community.
TerraformResouces Image

Promotion Workflows with Terraform

How to configure GitOps-driven, immutable infrastructure workflows for Terraform using Gruntwork Patcher.
avatar

Jason Griffin

October 3, 2023 7 min read
TerraformResouces Image

The Impact of the HashiCorp License Change on Gruntwork Customers

How to configure GitOps-driven, immutable infrastructure workflows for Terraform using Gruntwork Patcher.
avatar

Josh Padnick

October 3, 2023 7 min read