Skip to content
Switch branches/tags


Failed to load latest commit information.
Latest commit message
Commit time

AWS Compliance Scanning Tool

300+ checks covering industry defined security best practices across all AWS regions. Includes full support for multiple best practice benchmarks including PCI DSS, AWS Foundational Security, HIPAA, NIST 800-53, NIST CSF, Reserve Bank of India and the latest (v1.4.0) CIS benchmarks:


Includes support for:

Quick start

  1. Download and install Steampipe ( Or use Brew:
brew tap turbot/tap
brew install steampipe

steampipe -v
steampipe version 0.5.1
  1. Install the AWS plugin
steampipe plugin install aws
  1. Clone this repo
git clone
cd steampipe-mod-aws-compliance
  1. Generate your AWS credential report
aws iam generate-credential-report
  1. Run all benchmarks:
steampipe check all

Other things to checkout

Run an individual benchmark:

steampipe check benchmark.cis_v140

Use Steampipe introspection to view all current controls:

steampipe query "select resource_name from steampipe_control;"

Run a specific control:

steampipe check control.cis_v130_2_1_1


If you have an idea for additional compliance controls, or just want to help maintain and extend this mod (or others) we would love you to join the community and start contributing. (Even if you just want to help with the docs.)

Please see the contribution guidelines and our code of conduct. All contributions are subject to the Apache 2.0 open source license.

help wanted issues: