Skip to content
Compare
Choose a tag to compare

This release includes all Level 1 and Level 2 CloudTrail alarms, recommended by the CIS AWS Foundations Benchmark.

Compare
Choose a tag to compare

This release fixes a bug with the bucket policy remediation function.

8cba553
Compare
Choose a tag to compare

This release includes major changes:

  • Auto-remediation for S3 public buckets
  • Slack integration
    image
  • The directory structure has been updated for clarity
  • CloudTrail is now enabled automatically
  • CloudTrail Monitoring alerts
e47c8c7
Compare
Choose a tag to compare

This release enables remote Terraform state storage using the S3 backend.

Compare
Choose a tag to compare

Under-the-hood naming convention updates and additional comments.

Compare
Choose a tag to compare

Defendable design for AWS

Initial release v0.1.0

The initial release of the Defendable Design pattern for AWS enables AWS Config and configures five AWS Config Rules.

  • Check-CloudTrail-Enabled
    • AWS rule: Validates that CloudTrail is enabled.
  • Check-IAM-PasswordPolicy
    • AWS rule: Validates that an IAM Password Policy is configured.
  • Check-EC2-OpenPorts
    • Custom rule: Checks for dangerous security group rules which open prohibited ports to the internet.
    • Supports automatic remediation of dangerous changes
  • Check-S3-PublicRead
    • AWS rule: Checks for S3 buckets with public read permissions
  • Check-S3-PublicWrite
    • AWS rule: Checks for S3 buckets with public write permissions