AWS Foundational Security Best Practices
GPTKB entity
Statements (58)
Predicate | Object |
---|---|
gptkbp:instanceOf |
crypt
|
gptkbp:appliesTo |
AWS resources
AWS accounts |
gptkbp:complianceFramework |
gptkb:CIS_AWS_Foundations_Benchmark
gptkb:NIST_SP_800-53 |
gptkbp:controls |
data protection
identity and access management incident response infrastructure security logging and monitoring Enable multi-factor authentication (MFA) for root account Enable AWS Config Enable AWS Config rules Enable AWS Shield Advanced Enable AWS WAF Enable CloudFront logging Enable CloudTrail in all regions Enable CloudTrail log file validation Enable EC2 instance termination protection Enable ECR image scanning Enable GuardDuty Enable IAM role trust policy validation Enable KMS key rotation Enable Lambda function logging Enable RDS encryption Enable S3 Block Public Access Enable S3 MFA delete Enable S3 access logging Enable S3 bucket logging Enable S3 bucket ownership controls Enable S3 bucket policy enforcement Enable S3 bucket replication Enable S3 default encryption Enable S3 object lock Enable S3 versioning Enable VPC endpoint policies Enable VPC flow logs Enable automatic software updates Enable password policy for IAM users Encrypt EBS volumes Ensure CloudTrail is enabled Restrict public access to S3 buckets Restrict security group rules Rotate IAM access keys regularly Enable CloudWatch alarms for unauthorized API calls |
gptkbp:documentation |
AWS documentation website
|
gptkbp:enables |
automated security checks
|
https://www.w3.org/2000/01/rdf-schema#label |
AWS Foundational Security Best Practices
|
gptkbp:integratesWith |
gptkb:AWS_Security_Hub
|
gptkbp:provides |
security controls
|
gptkbp:publishedBy |
gptkb:Amazon_Web_Services
|
gptkbp:purpose |
improve security posture
identify security risks |
gptkbp:updated |
periodically
|
gptkbp:usedBy |
AWS customers
|
gptkbp:bfsParent |
gptkb:AWS_Security_Hub
gptkb:Security_Hub |
gptkbp:bfsLayer |
6
|