![]() ![]() The sql parameter for type: count_distinct measures can take any valid SQL expression that results in a table column, LookML dimension, or combination of LookML dimensions. name : " AWS CIS 1.5 Ensure IAM password policy requires at least one uppercase letter " query: > SELECT account_id, require_uppercase_characters FROM aws_iam_password_policies WHERE require_uppercase_characters = FALSE - name : " AWS CIS 1.6 Ensure IAM password policy requires at least one lowercase letter " query: > SELECT account_id, require_lowercase_characters FROM aws_iam_password_policies WHERE require_lowercase_characters = FALSE - name : " AWS CIS 1.7 Ensure IAM password policy requires at least one symbol " query: > SELECT account_id, require_symbols FROM aws_iam_password_policies WHERE require_symbols = FALSE - name : " AWS CIS 1.8 Ensure IAM password policy requires at least one number " query: > SELECT account_id, require_numbers FROM aws_iam_password_policies WHERE require_numbers = FALSE - name : " AWS CIS 1.9 Ensure IAM password policy requires minimum length of 14 or greater " query: > SELECT account_id, minimum_password_length FROM aws_iam_password_policies WHERE minimum_password_length SELECT account_id, password_reuse_prevention FROM aws_iam_password_policies WHERE password_reuse_prevention is NULL or password_reuse_prevention > 24 - name : " AWS CIS 1.8. List root accounts that were accessed in the last 30 days: One best practice in AWS is to enable MFA (on your root account) and create an IAM admin user to handle all your day-to-day work immediately after you open an account. You can also use this as a reference to create your own policies, which can be customized to your needs and the security policies of your organization. In this section, we will share snippets of SQL statements, most of which you can find in our aws//cis_v1.2.0 ![]() To be able to run the following tutorial you need to install and configure CloudQuery. You can also run them on multiple accounts in parallel, using an account that can assume-role into all your other relevant accounts. You can run all the following commands on a single AWS account. In this blog post we will go through the official security IAM best practices, and we'll show how to validate and monitor them using SQL statements with CloudQuery. Let alone how to continuously monitor those best practices to make sure all your hard work doesn’t go through the window. However, one of the challenges we saw with those guides is that they tell you what the end goal is,īut they usually leave it up to the user on how to implement it (at scale), Name Yevgeny Pats Twitter are some great guides on the internet for AWS Security best practices (both official and unofficial).
0 Comments
Leave a Reply. |