GDPR group of checks

[toniblyx]

Based on this public document:
https://d1.awsstatic.com/whitepapers/compliance/GDPR_Compliance_on_AWS.pdf I have identified the checks below (some of them are more than a single check), and most of them are already implemented. Still thinking on the list, any help/feedback is more than welcomed here:

Data Access Controls
-Fine granular access to AWS object in S3-Buckets: extra718 and extra725
-Fine granular access to SQS: extra727
-Fine granular access to SNS: extra731
-Multi-Factor-Authentication (MFA): check12, check113, check114, extra71
-API-Request Authentication: this is about AWS API, entire IAM group1 may apply
-Geo-Restrictions (CloudFront): extra732
-Temporary access tokens through STS: extra733, probably a query to see if identity federation is configured?

Monitoring and Logging
-Asset-Management and Configuration with AWS Config: check25, check39,
-Compliance Auditing and security analytics with AWS CloudTrail: check21, check22, check23, check24, check26,check27,check35
-Identifications of configuration challenges through TrustedAdvisor extra726 show TA errors and warnings.
-Server access logs: this should be instances log? we can add service logs like extra714,extra715,extra717,extra719,extra720,extra721,extra722
-VPC-FlowLogs: check43
-AWS Config Rules: check25 already
-Filter and monitoring of HTTP access to applications with WAF functions in CloudFront: extra714 already

Protecting your Data on AWS
-Encryption of your data at rest with AES256 EBS extra729
-Encryption of your data at rest with AES256 S3 extra734
-Encryption of your data at rest with AES256 RDS extra735
-Centralized (by Region) managed Key-Management extra736
-IPsec tunnels into AWS with the VPN-Gateways. This is a security best practice, not an actual check.
-Dedicated HSM modules in the cloud with CloudHSM. This one may depend on each case, not an actual check

[toniblyx]

Included in v2.0