This release includes all Level 1 and Level 2 CloudTrail alarms, recommended by the CIS AWS Foundations Benchmark.
This release enables remote Terraform state storage using the S3 backend.
Defendable design for AWS
Initial release v0.1.0
The initial release of the Defendable Design pattern for AWS enables AWS Config and configures five AWS Config Rules.
- Check-CloudTrail-Enabled
- AWS rule: Validates that CloudTrail is enabled.
- Check-IAM-PasswordPolicy
- AWS rule: Validates that an IAM Password Policy is configured.
- Check-EC2-OpenPorts
- Custom rule: Checks for dangerous security group rules which open prohibited ports to the internet.
- Supports automatic remediation of dangerous changes
- Check-S3-PublicRead
- AWS rule: Checks for S3 buckets with public read permissions
- Check-S3-PublicWrite
- AWS rule: Checks for S3 buckets with public write permissions